Page MenuHomeFreeBSD

Introduce tests for Capability mode System calls and _exit(2)
ClosedPublic

Authored by aniketp on Jul 2 2018, 5:41 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Nov 25, 12:36 AM
Unknown Object (File)
Sun, Nov 24, 8:39 AM
Unknown Object (File)
Sat, Nov 23, 2:20 AM
Unknown Object (File)
Thu, Nov 21, 5:55 AM
Unknown Object (File)
Wed, Nov 13, 4:35 AM
Unknown Object (File)
Thu, Oct 31, 3:05 PM
Unknown Object (File)
Thu, Oct 31, 12:30 PM
Unknown Object (File)
Oct 23 2024, 10:28 PM
Subscribers

Details

Summary

This revision introduces atf-c(3) tests for 2 Capability mode syscalls and _exit(2).

  • cap_enter(2)
  • cap_getmode(2)
  • _exit(2)
Test Plan

Execute make && make install from test/sys/audit.
Execute kyua test from /usr/tests/sys/audit. All testcases should succeed.

Diff Detail

Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 17792
Build 17570: arc lint + arc unit

Event Timeline

For me cap_enter_success passes intermittently. On a case when it failed, the global audit trail showed the cap_enter call we were looking for (as well as the child's exit(2), which is also in class "pc"). But the auditpipe showed nothing after fork. I think we're looking at a buffering issue. When I run "./process_control cap_enter_success" the last thing I see is the fork record. Then the process pauses for 10 seconds. But while it's paused, if I run any command at all in another terminal, then the test immediately passes. So I think that the auditpipe(4) device is buffering up some amount of data before its read(2) returns.

  • Add the AUDITPIPE_FLUSH ioctl after calling cap_enter() to eliminate the buffering issue
  • Add tests for _exit(2) using the AUDITPIPE_FLUSH approach (for now)
aniketp retitled this revision from Introduce tests for Capability mode System calls to Introduce tests for Capability mode System calls and _exit(2).Jul 11 2018, 7:33 AM
aniketp edited the summary of this revision. (Show Details)
  • Updates in _exit(2) test case comment
asomers requested changes to this revision.Jul 11 2018, 2:58 PM

using AUDITPIPE_FLUSH doesn't work. You should remove that part and fix the bug in utils.c instead.

This revision now requires changes to proceed.Jul 11 2018, 2:58 PM
  • Disable I/O buffering from /dev/auditpipe for read operations for cap_enter(2) and _exit(2)
  • Forgot a comma in _exit(2) test case comments
  • Some more updates to the recent comments
asomers requested changes to this revision.Jul 16 2018, 9:55 PM

There's nothing special about exit or cap_enter. You need to disable buffering everywhere, anytime you combine fread(3) with something like ppoll(2).

This revision now requires changes to proceed.Jul 16 2018, 9:55 PM
  • Disable I/O buffering for the whole test-suite
  • Remove redundant header includes that were added for ioctl operations which are not required anymore
tests/sys/audit/utils.c
216 ↗(On Diff #45398)

Technically it's not possible, not since you use setvbuf. I would say something more like "disable stream buffering so fread(3) (called via au_read_rec(3)) doesn't buffer data unbeknownst to ppoll(2)"

  • Improvements in setvbuf's comments
This comment was removed by aniketp.
  • Grammatical corrections in the same comment
This revision is now accepted and ready to land.Jul 17 2018, 3:09 PM
This revision was automatically updated to reflect the committed changes.