Details

Reviewers

asomers
rwatson
gnn

Commits

rS334592: audit(4): add tests for the cl audit class

Summary

The following changes introduce a new test-program file-close , which introduces tests for the
following 4 system calls in both success and failure mode:

munmap
close
closefrom
revoke

Note: These are the only system calls in "cl" audit class

Test Plan

Execute make && make install from test/sys/audit.
Execute kyua test from /usr/tests/sys/audit. All testcases should succeed.

Diff Detail

Lint

Lint Passed

Unit

No Test Coverage

Build Status

Buildable 16979
Build 16847: arc lint + arc unit

Event Timeline

aniketp created this revision.Jun 1 2018, 10:43 PM

Harbormaster completed remote builds in B16970: Diff 43259.Jun 1 2018, 10:43 PM

What about closefrom(2)? And I thought that "fc" was "file-close"? If so, you need a different name for "cl".

tests/sys/audit/file-close.c
65	No magic numbers please
119	Another magic number
161	Why would you ever malloc a single byte?

This revision now requires changes to proceed.Jun 2 2018, 2:54 PM

Allocate enough size to ptyname and replace hardcoded size for
ptyname with sizeof(ptyname)

Harbormaster completed remote builds in B16977: Diff 43271.Jun 2 2018, 4:32 PM

asomers added inline comments.Jun 2 2018, 5:02 PM

tests/sys/audit/file-close.c
69	What's the significance of `4 * pagesize`? Would 1 byte not work?
161	No magic numbers please.

Update the file descriptor limit as INT_MAX in closefrom(2)

Harbormaster completed remote builds in B16978: Diff 43272.Jun 2 2018, 6:12 PM

aniketp retitled this revision from Add tests for 3 syscalls in "file-close" audit class to Add tests for 4 syscalls in "file-close" audit class.Jun 2 2018, 6:15 PM

aniketp edited the summary of this revision. (Show Details)

asomers added inline comments.Jun 2 2018, 8:15 PM

tests/sys/audit/file-close.c
119	Backslashes aren't needed to break a line in C.
184	There's still no programmatic guarantee that this buffer will be large enough. Unfortunately , there's no way to achieve that guarantee using openpty(2). That's why people use posix_openpt + ptsname instead. However, if you'll read the source, you'll see that there's an undocumented maximum length that openpty will write. The exact value is left as an exercise to the reader.

Use posix_openpt(2) and ptsname(3) instead of openpty(3)
Also, remove the extraneous backslash in one of the snprintf statement

Harbormaster completed remote builds in B16979: Diff 43275.Jun 2 2018, 9:02 PM

aniketp marked 4 inline comments as done.Jun 2 2018, 9:12 PM

asomers accepted this revision.Jun 2 2018, 9:15 PM

This revision is now accepted and ready to land.Jun 2 2018, 9:15 PM

The build fails on 32-bit architectures. Looks like a classic printf format specifier failure.

/home/asomers/freebsd/base/head/tests/sys/audit/file-close.c:115:50: error: format specifies type 'unsigned long' but the argument has type 'ino_t' (aka 'unsigned long long') [-Werror,-Wformat]
                sizeof(extregex), "close.*%lu.*return,succes", statbuff.st_ino);
                                          ~~~                  ^~~~~~~~~~~~~~~
                                          %llu
1 error generated.

This revision now requires changes to proceed.Jun 2 2018, 10:09 PM

Update the format specifier for st_ino as llu from lu

Harbormaster completed remote builds in B16983: Diff 43281.Jun 2 2018, 10:45 PM

Well, that fixed the build on i386, but broke it on amd64. Try again.

Would it be fine to check the presence of PID in the audit regex instead of "Inode number"?
Also, is this a viable fix?
snprintf(extregex, sizeof(extregex), "close.*%ld.*return,succes", (long int)statbuff.st_ino);

I tried testing this using -m32 as a "CFLAG" but instead got a loader error: /usr/bin/ld: cannot find -lprivateatf-c

In D15650#330770, @aniketp wrote:

Would it be fine to check the presence of PID in the audit regex instead of "Inode number"?
Also, is this a viable fix?
snprintf(extregex, sizeof(extregex), "close.*%ld.*return,succes", (long int)statbuff.st_ino);

Close. The usual approach in situations like this is to cast the variable to an intmax_t and print it with %jd.

I tried testing this using -m32 as a "CFLAG" but instead got a loader error: /usr/bin/ld: cannot find -lprivateatf-c

That's because you haven't built the 32-bit ATF libraries. The easiest way to do it is to build an entire i386 world. From /usr/src, do ARCH=i386 TARGET_ARCH=i386 make -jwhatever buildworld. You can even build for other architectures, like sparc64 or riscv.