Page MenuHomeFreeBSD
Differential D16448

Add tests for various other ioctls for auditpipe(4)
Needs ReviewPublic
Actions

Authored by aniketp on Jul 26 2018, 7:06 AM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Apr 20, 12:47 PM
Unknown Object (File)
Sun, Mar 31, 1:11 AM
Unknown Object (File)
Mar 1 2024, 8:36 AM
Unknown Object (File)
Feb 28 2024, 5:52 AM
Unknown Object (File)
Feb 20 2024, 4:57 AM
Unknown Object (File)
Feb 1 2024, 9:26 AM
Unknown Object (File)
Jan 21 2024, 11:36 PM
Unknown Object (File)
Jan 7 2024, 5:46 PM
View All 29 Files
Subscribers
gnn
rwatson

Details

Reviewers
asomers
Summary

This revision introduces regression tests for various other ioctls for auditpipe. The ioctls are:

  • AUDITPIPE_GET_MAXAUDITDATA
  • AUDITPIPE_GET_PRESELECT_MODE
  • AUDITPIPE_SET_PRESELECT_MODE
  • AUDITPIPE_GET_PRESELECT_FLAGS
  • AUDITPIPE_SET_PRESELECT_FLAGS
  • AUDITPIPE_GET_PRESELECT_NAFLAGS
  • AUDITPIPE_SET_PRESELECT_NAFLAGS

Other important properties are also tested:

  • auditpipe_qlimit_less_than_qlimit_max
  • auditpipe_qlimit_more_than_qlimit_min
Test Plan

Execute make && make install from test/sys/auditpipe.
Execute kyua test from /usr/tests/sys/auditpipe. All testcases should succeed.

Diff Detail

Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 18342
Build 18061: arc lint + arc unit

Event Timeline

aniketp created this revision.Jul 26 2018, 7:06 AM
Harbormaster completed remote builds in B18342: Diff 45859.Jul 26 2018, 7:06 AM
asomers requested changes to this revision.Jul 27 2018, 4:49 PM

Looks mostly good, except for the FLUSH test. As written, that one isn't going to be reliable.

tests/sys/auditpipe/auditpipe_test.c
229

This test isn't going to be reliable. You have no way to be sure that more auditable events didn't arrive after the flush but before AUDITPIPE_GET_QLEN.

This revision now requires changes to proceed.Jul 27 2018, 4:49 PM
aniketp updated this revision to Diff 45927.Jul 27 2018, 8:31 PM
  • Check if auditing was enabled before AUDITPIPE_FLUSH test
Harbormaster completed remote builds in B18382: Diff 45927.Jul 27 2018, 8:31 PM
asomers requested changes to this revision.Jul 27 2018, 8:34 PM
asomers added inline comments.
tests/sys/auditpipe/auditpipe_test.c
234

Nope. In order for this technique to work, you need to stop auditing _before_ AUDITPIPE_FLUSH.

243

This needs to happen in the cleanup step, not in the body.

This revision now requires changes to proceed.Jul 27 2018, 8:34 PM
aniketp updated this revision to Diff 45928.Jul 27 2018, 8:41 PM
  • Move auditon code before starting calling AUDITPIPE_FLUSH
Harbormaster completed remote builds in B18383: Diff 45928.Jul 27 2018, 8:41 PM
aniketp added inline comments.Jul 27 2018, 8:41 PM
tests/sys/auditpipe/auditpipe_test.c
243

But I've changed

ATF_REQUIRE_EQ(0, ioctl(filedesc, AUDITPIPE_GET_QLEN, &qlen));
ATF_REQUIRE_EQ(0, qlen);

to

ATF_CHECK_EQ(0, ioctl(filedesc, AUDITPIPE_GET_QLEN, &qlen));
ATF_CHECK_EQ(0, qlen);

for the same reason that the test case won't stop even if the require condition fails

asomers requested changes to this revision.Jul 27 2018, 8:54 PM
asomers added inline comments.
tests/sys/auditpipe/auditpipe_test.c
232

What happens if aucond was anything else? Then the test will be pointless, because there won't be anything in the audit trail. In that case, you should skip it. Or, start auditd just like you do in the audit tests.

235

This won't work either. By opening the auditpipe after pausing auditing, you're guaranteeing that the queue will be empty even before AUDITPIPE_FLUSH. You need to:

  1. Open auditpipe
  2. Cause something auditable to happen so the pipe gets data
  3. Suspend auditing
  4. Flush the pipe
  5. verify qlen == 0
243

Ok, I guess that's fine. Not universally, but it should be ok for this test. I say not universally, because something like a segfault could always prevent the tests's body from completing. But in this case I don't think there's anyway for the test to crash that wouldn't also be a possibility for the cleanup step.

This revision now requires changes to proceed.Jul 27 2018, 8:54 PM
aniketp updated this revision to Diff 45989.EditedJul 29 2018, 1:03 PM
  • Add auditable startup and closeup events if auditd(8) was not already running
Harbormaster completed remote builds in B18415: Diff 45989.Jul 29 2018, 1:04 PM
asomers added inline comments.Jul 29 2018, 3:01 PM
tests/sys/auditpipe/auditpipe_test.c
235

Does this statement (or the one two lines above) cause an audit entry? If not, then the queue still may be empty before you flush it.

Revision Contents
Changeset List

PathSize
tests/
sys/
auditpipe/
214 lines

Diff 45859

View Options

tests/sys/auditpipe/auditpipe_test.c

Loading...