Page MenuHomeFreeBSD

Introduce tests for Capability mode System calls and _exit(2)
ClosedPublic

Authored by aniketp on Jul 2 2018, 5:41 PM.

Details

Summary

This revision introduces atf-c(3) tests for 2 Capability mode syscalls and _exit(2).

  • cap_enter(2)
  • cap_getmode(2)
  • _exit(2)
Test Plan

Execute make && make install from test/sys/audit.
Execute kyua test from /usr/tests/sys/audit. All testcases should succeed.

Diff Detail

Lint
Lint OK
Unit
No Unit Test Coverage
Build Status
Buildable 17948
Build 17703: arc lint + arc unit

Event Timeline

aniketp created this revision.Jul 2 2018, 5:41 PM

For me cap_enter_success passes intermittently. On a case when it failed, the global audit trail showed the cap_enter call we were looking for (as well as the child's exit(2), which is also in class "pc"). But the auditpipe showed nothing after fork. I think we're looking at a buffering issue. When I run "./process_control cap_enter_success" the last thing I see is the fork record. Then the process pauses for 10 seconds. But while it's paused, if I run any command at all in another terminal, then the test immediately passes. So I think that the auditpipe(4) device is buffering up some amount of data before its read(2) returns.

aniketp updated this revision to Diff 45103.Jul 10 2018, 8:47 AM
  • Add the AUDITPIPE_FLUSH ioctl after calling cap_enter() to eliminate the buffering issue
aniketp updated this revision to Diff 45145.Jul 11 2018, 7:32 AM
  • Add tests for _exit(2) using the AUDITPIPE_FLUSH approach (for now)
aniketp retitled this revision from Introduce tests for Capability mode System calls to Introduce tests for Capability mode System calls and _exit(2).Jul 11 2018, 7:33 AM
aniketp edited the summary of this revision. (Show Details)
aniketp updated this revision to Diff 45146.Jul 11 2018, 7:57 AM
  • Updates in _exit(2) test case comment
asomers requested changes to this revision.Jul 11 2018, 2:58 PM

using AUDITPIPE_FLUSH doesn't work. You should remove that part and fix the bug in utils.c instead.

This revision now requires changes to proceed.Jul 11 2018, 2:58 PM
aniketp updated this revision to Diff 45389.EditedJul 16 2018, 8:31 PM
  • Disable I/O buffering from /dev/auditpipe for read operations for cap_enter(2) and _exit(2)
aniketp updated this revision to Diff 45390.Jul 16 2018, 8:33 PM
  • Forgot a comma in _exit(2) test case comments
aniketp updated this revision to Diff 45391.Jul 16 2018, 8:35 PM
  • Some more updates to the recent comments
asomers requested changes to this revision.Jul 16 2018, 9:55 PM

There's nothing special about exit or cap_enter. You need to disable buffering everywhere, anytime you combine fread(3) with something like ppoll(2).

This revision now requires changes to proceed.Jul 16 2018, 9:55 PM
aniketp updated this revision to Diff 45397.Jul 16 2018, 10:44 PM
  • Disable I/O buffering for the whole test-suite
aniketp updated this revision to Diff 45398.Jul 16 2018, 10:47 PM
  • Remove redundant header includes that were added for ioctl operations which are not required anymore
asomers added inline comments.Jul 16 2018, 10:58 PM
tests/sys/audit/utils.c
216 ↗(On Diff #45398)

Technically it's not possible, not since you use setvbuf. I would say something more like "disable stream buffering so fread(3) (called via au_read_rec(3)) doesn't buffer data unbeknownst to ppoll(2)"

aniketp updated this revision to Diff 45405.Jul 17 2018, 8:40 AM
  • Improvements in setvbuf's comments
This comment was removed by aniketp.
aniketp updated this revision to Diff 45406.EditedJul 17 2018, 8:47 AM
  • Grammatical corrections in the same comment
asomers accepted this revision.Jul 17 2018, 3:09 PM
This revision is now accepted and ready to land.Jul 17 2018, 3:09 PM
This revision was automatically updated to reflect the committed changes.