Re: [PATCH 4/4] virt-aa-helper: test: add test for new option -P
On Thu, Oct 7, 2021 at 7:25 PM Ioanna Alifieraki
<ioanna-maria.alifieraki(a)canonical.com> wrote:
Create a corrupt profile and expect to be removed after the test is run.
Signed-off-by: Ioanna Alifieraki <ioanna-maria.alifieraki(a)canonical.com>
---
tests/meson.build | 1 +
tests/virt-aa-helper-test | 29 +++++++++++++++++++++++++++++
2 files changed, 30 insertions(+)
diff --git a/tests/meson.build b/tests/meson.build
index dfbc2c01e2..991cfc402d 100644
--- a/tests/meson.build
+++ b/tests/meson.build
@@ -40,6 +40,7 @@ tests_env = [
'LC_ALL=C',
'LIBVIRT_AUTOSTART=0',
'G_DEBUG=fatal-warnings',
+ 'sysconfdir=@0(a)'.format(get_option('prefix') /
get_option('sysconfdir')),
]
if use_expensive_tests
diff --git a/tests/virt-aa-helper-test b/tests/virt-aa-helper-test
index 83f53acef6..135c4968b5 100755
--- a/tests/virt-aa-helper-test
+++ b/tests/virt-aa-helper-test
@@ -16,6 +16,7 @@ fi
output="/dev/null"
use_valgrind=""
ld_library_path="$abs_top_builddir/src/"
+profile_path="$sysconfdir/apparmor.d/libvirt/"
if [ ! -z "$1" ] && [ "$1" = "-d" ]; then
output="/dev/stdout"
shift
@@ -399,6 +400,34 @@ testme "0" "shmem doorbell" "-r -u
$valid_uuid" "$test_xml" "\"/var/lib/libvirt/
sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e
"s,</devices>,<shmem name='shmem_server'><model
type='ivshmem-doorbell'/><server
path='/var/lib/libvirt/ivshmem_socket'/></shmem></devices>,g"
"$template_xml" > "$test_xml"
testme "0" "shmem doorbell serverpath" "-r -u $valid_uuid"
"$test_xml" "\"/var/lib/libvirt/ivshmem_socket\"\s*rw,$"
+# For the next test to run apparmor needs to be installed and enabled.
+# In some environments (e.g. containers) even though apparmor is
+# installed, it is not enabled because securityfs is not mounted.
+# In those environments this test cannot run so skip it.
+# This test also needs to be run as root.
+if [ `eval id -u` = 0 ] && [ -x "$(command -v aa-enabled)" ]
&& [ `eval aa-enabled` = "Yes" ]; then
This is great to be checked before causing a failure, but a question
to the libvirt-CI experts,
how doable (or not) would it be to get apparmor installed on those
distro testbeds that support it?
Are there any good pointers one would start to look at adapting those testbeds?
+ sed -e "s,###UUID###,$uuid,g" -e
"s,###DISK###,$disk2,g" "$template_xml" > "$test_xml"
+ # Running the tests does not require libvirt to be installed. As a
+ # result the appropriate directories have not been created. Create them
+ # now to run the test.
+ mkdir -p "$profile_path"
+ # create a corrupted profile
+ touch "$profile_path/$valid_uuid"
+ testme "0" "purge" "-r -u $valid_uuid"
"$test_xml"
+ # All the tests are run with the --dry-run option this test is
+ # never going to fail because the profile is not going to be loaded.
+ # However, since we touch the profile if it's still here after the test
+ # it means that something went wrong, so make the test fail.
+ if [ -f "$profile_path/$valid_uuid" ]; then
+ echo "FAIL: failed to purge corrupted profile" >$output
+ echo " '$extra_args $args': "
+ errors=$(($errors + 1))
+ # remove corrupted profile anyways not to interfere with
+ # subsequent runs of the tests.
+ rm "$profile_path/$valid_uuid"
+ fi
+fi
+
testme "0" "help" "-h"
echo "" >$output
--
2.17.1
--
Christian Ehrhardt
Staff Engineer, Ubuntu Server
Canonical Ltd