[PATCH 4/4] virt-aa-helper: test: add test for new option -P

Christian Ehrhardt christian.ehrhardt at canonical.com
Mon Oct 11 05:59:47 UTC 2021 

On Thu, Oct 7, 2021 at 7:25 PM Ioanna Alifieraki
<ioanna-maria.alifieraki at canonical.com> wrote:
>
> Create a corrupt profile and expect to be removed after the test is run.
>
> Signed-off-by: Ioanna Alifieraki <ioanna-maria.alifieraki at canonical.com>
> ---
>  tests/meson.build         |  1 +
>  tests/virt-aa-helper-test | 29 +++++++++++++++++++++++++++++
>  2 files changed, 30 insertions(+)
>
> diff --git a/tests/meson.build b/tests/meson.build
> index dfbc2c01e2..991cfc402d 100644
> --- a/tests/meson.build
> +++ b/tests/meson.build
> @@ -40,6 +40,7 @@ tests_env = [
>    'LC_ALL=C',
>    'LIBVIRT_AUTOSTART=0',
>    'G_DEBUG=fatal-warnings',
> +  'sysconfdir=@0@'.format(get_option('prefix') / get_option('sysconfdir')),
>  ]
>
>  if use_expensive_tests
> diff --git a/tests/virt-aa-helper-test b/tests/virt-aa-helper-test
> index 83f53acef6..135c4968b5 100755
> --- a/tests/virt-aa-helper-test
> +++ b/tests/virt-aa-helper-test
> @@ -16,6 +16,7 @@ fi
>  output="/dev/null"
>  use_valgrind=""
>  ld_library_path="$abs_top_builddir/src/"
> +profile_path="$sysconfdir/apparmor.d/libvirt/"
>  if [ ! -z "$1" ] && [ "$1" = "-d" ]; then
>      output="/dev/stdout"
>      shift
> @@ -399,6 +400,34 @@ testme "0" "shmem doorbell" "-r -u $valid_uuid" "$test_xml" "\"/var/lib/libvirt/
>  sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</devices>,<shmem name='shmem_server'><model type='ivshmem-doorbell'/><server path='/var/lib/libvirt/ivshmem_socket'/></shmem></devices>,g" "$template_xml" > "$test_xml"
>  testme "0" "shmem doorbell serverpath" "-r -u $valid_uuid" "$test_xml" "\"/var/lib/libvirt/ivshmem_socket\"\s*rw,$"
>
> +# For the next test to run apparmor needs to be installed and enabled.
> +# In some environments (e.g. containers) even though apparmor is
> +# installed, it is not enabled because securityfs is not mounted.
> +# In those environments this test cannot run so skip it.
> +# This test also needs to be run as root.
> +if [ `eval id -u` = 0 ] && [ -x "$(command -v aa-enabled)" ] && [ `eval aa-enabled` = "Yes" ]; then

This is great to be checked before causing a failure, but a question
to the libvirt-CI experts,
how doable (or not) would it be to get apparmor installed on those
distro testbeds that support it?

Are there any good pointers one would start to look at adapting those testbeds?

> +       sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk2,g" "$template_xml" > "$test_xml"
> +        # Running the tests does not require libvirt to be installed. As a
> +        # result the appropriate directories have not been created. Create them
> +        # now to run the test.
> +        mkdir -p "$profile_path"
> +       # create a corrupted profile
> +       touch "$profile_path/$valid_uuid"
> +       testme "0" "purge" "-r -u $valid_uuid" "$test_xml"
> +       # All the tests are run with the --dry-run option this test is
> +       # never going to fail because the profile is not going to be loaded.
> +       # However, since we touch the profile if it's still here after the test
> +       # it means that something went wrong, so make the test fail.
> +       if [ -f "$profile_path/$valid_uuid" ]; then
> +               echo "FAIL: failed to purge corrupted profile" >$output
> +               echo " '$extra_args $args': "
> +               errors=$(($errors + 1))
> +               # remove corrupted profile anyways not to interfere with
> +               # subsequent runs of the tests.
> +               rm "$profile_path/$valid_uuid"
> +       fi
> +fi
> +
>  testme "0" "help" "-h"
>
>  echo "" >$output
> --
> 2.17.1
>


-- 
Christian Ehrhardt
Staff Engineer, Ubuntu Server
Canonical Ltd

More information about the libvir-list mailing list