[PATCH 4/4] virt-aa-helper: test: add test for new option -P

Ioanna Alifieraki ioanna-maria.alifieraki at canonical.com
Thu Oct 7 17:25:38 UTC 2021 

Create a corrupt profile and expect to be removed after the test is run.

Signed-off-by: Ioanna Alifieraki <ioanna-maria.alifieraki at canonical.com>
---
 tests/meson.build         |  1 +
 tests/virt-aa-helper-test | 29 +++++++++++++++++++++++++++++
 2 files changed, 30 insertions(+)

diff --git a/tests/meson.build b/tests/meson.build
index dfbc2c01e2..991cfc402d 100644
--- a/tests/meson.build
+++ b/tests/meson.build
@@ -40,6 +40,7 @@ tests_env = [
   'LC_ALL=C',
   'LIBVIRT_AUTOSTART=0',
   'G_DEBUG=fatal-warnings',
+  'sysconfdir=@0@'.format(get_option('prefix') / get_option('sysconfdir')),
 ]
 
 if use_expensive_tests
diff --git a/tests/virt-aa-helper-test b/tests/virt-aa-helper-test
index 83f53acef6..135c4968b5 100755
--- a/tests/virt-aa-helper-test
+++ b/tests/virt-aa-helper-test
@@ -16,6 +16,7 @@ fi
 output="/dev/null"
 use_valgrind=""
 ld_library_path="$abs_top_builddir/src/"
+profile_path="$sysconfdir/apparmor.d/libvirt/"
 if [ ! -z "$1" ] && [ "$1" = "-d" ]; then
     output="/dev/stdout"
     shift
@@ -399,6 +400,34 @@ testme "0" "shmem doorbell" "-r -u $valid_uuid" "$test_xml" "\"/var/lib/libvirt/
 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</devices>,<shmem name='shmem_server'><model type='ivshmem-doorbell'/><server path='/var/lib/libvirt/ivshmem_socket'/></shmem></devices>,g" "$template_xml" > "$test_xml"
 testme "0" "shmem doorbell serverpath" "-r -u $valid_uuid" "$test_xml" "\"/var/lib/libvirt/ivshmem_socket\"\s*rw,$"
 
+# For the next test to run apparmor needs to be installed and enabled.
+# In some environments (e.g. containers) even though apparmor is
+# installed, it is not enabled because securityfs is not mounted.
+# In those environments this test cannot run so skip it.
+# This test also needs to be run as root.
+if [ `eval id -u` = 0 ] && [ -x "$(command -v aa-enabled)" ] && [ `eval aa-enabled` = "Yes" ]; then
+	sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk2,g" "$template_xml" > "$test_xml"
+        # Running the tests does not require libvirt to be installed. As a
+        # result the appropriate directories have not been created. Create them
+        # now to run the test.
+        mkdir -p "$profile_path"
+	# create a corrupted profile
+	touch "$profile_path/$valid_uuid"
+	testme "0" "purge" "-r -u $valid_uuid" "$test_xml"
+	# All the tests are run with the --dry-run option this test is
+	# never going to fail because the profile is not going to be loaded.
+	# However, since we touch the profile if it's still here after the test
+	# it means that something went wrong, so make the test fail.
+	if [ -f "$profile_path/$valid_uuid" ]; then
+	        echo "FAIL: failed to purge corrupted profile" >$output
+		echo " '$extra_args $args': "
+	        errors=$(($errors + 1))
+	        # remove corrupted profile anyways not to interfere with
+	        # subsequent runs of the tests.
+	        rm "$profile_path/$valid_uuid"
+	fi
+fi
+
 testme "0" "help" "-h"
 
 echo "" >$output
-- 
2.17.1

More information about the libvir-list mailing list