[libvirt] [PATCH v3 2/3] check-file-access: Allow specifying action
John Ferlan
jferlan at redhat.com
Tue Aug 14 21:53:59 UTC 2018
On 07/27/2018 11:24 AM, Michal Privoznik wrote:
> The check-file-access.pl script is used to match access list
> generated by virtestmock against whitelisted rules stored in
> file_access_whitelist.txt. So far the rules are in form:
>
> $path: $progname: $testname
>
> This is not sufficient because the rule does not take into
> account 'action' that caused $path to appear in the list of
> accessed files. After this commit the rule can be in new form:
>
> $path: $action: $progname: $testname
>
> where $action is one from ("open", "fopen", "access", "stat",
> "lstat", "connect"). This way the white list can be fine tuned to
> allow say access() but not connect().
>
> Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
> ---
> tests/check-file-access.pl | 32 +++++++++++++++++++++++++++-----
> tests/file_access_whitelist.txt | 15 ++++++++++-----
> 2 files changed, 37 insertions(+), 10 deletions(-)
>
I think based on the previous time through this and the explanation
provided afterwards I am comfortable with the changes. Still it would be
nice perhaps to alter the comments in file_access_whitelist.txt in order
to describe the various settings like you replied here:
https://www.redhat.com/archives/libvir-list/2018-July/msg01434.html
starting with "The idea is to have two sets of rules:" and copying
enough of that in order to provide an example in the comments so that
someone who really didn't have the desire or cycles to read the perl
script could actually write a reasonable rule.
Knowing "how" or "when" to use may be a good idea. After patch 1 there's
no longer an example in the qemuxml2argvtest output.
Consider it a weak because my perl scripting and regex knowledge isn't
the best...
Reviewed-by: John Ferlan <jferlan at redhat.com>
John
More information about the libvir-list
mailing list