[LTP] [PATCH 1/4] net/dhcp: Use paths allowed by AppArmor for dnsmasq

[Petr Vorel <pvorel@suse.cz>]

Hi Alexey,

thanks for you review!

> On 12.10.2018 01:05, Petr Vorel wrote:
> > Fixes for --log-facility and --dhcp-leasefile.

> > Path for log file expects AppArmor commit
> > 025c7dc6 ("dnsmasq: Add permission to open log files").

> > NOTE: AppArmor optimization isn't needed for dhcpd.

> > Signed-off-by: Petr Vorel <pvorel@suse.cz>
> > ---
> > Changing path to /var/log require root, but we run most of network tests
> > under root anyway, at least for network  namespaces.
> > I didn't add TST_NEEDS_ROOT=1, maybe I should.

...
> >  common_opt="--no-hosts --no-resolv --dhcp-authoritative \
> > -	--log-facility=./tst_dnsmasq.log --interface=$iface0 \
> > -	--dhcp-leasefile=tst_dnsmasq.lease --port=0 --conf-file= "
> > +	--log-facility=$log --interface=$iface0 \

> It could be stderr with writing the output of dnsmasq to the test directory:

>   --log-facility=-
Yes, I noticed the possibility to use stderr as well. But it's since 2.53, which
breaks old distros (centos6/rhel6) and would require check for version.
Is it worth of it?
And isn't there anything else requiring root anyway on SSH/RSH based testing?
(default netns testing requires root).

> > +	--dhcp-leasefile=/var/lib/misc/dnsmasq.tst.leases --port=0 --conf-file= "

> What if this directory doesn't exist? Why not to use the standard one for dnsmasq /var/lib/dnsmasq/?
No, default path for linux is /var/lib/misc/dnsmasq.leases [1]:
define LEASEFILE "/var/lib/misc/dnsmasq.leases"

AppArmor also expects it there [2]:
/var/lib/misc/dnsmasq.leases rw, # Required only for DHCP server usage

but also accept different paths:
/var/lib/misc/dnsmasq.*.leases rw,
/var/lib/lxd-bridge/dnsmasq.*.leases rw,
/var/lib/NetworkManager/dnsmasq-*.leases rw,

> Forgot to remove this file in cleanup?
Yes, I should be consistent. But is it really needed to cleanup files, when
temporary directory is being deleted after test?  I was actually thinking to
remove cleanup_dhcp at all from both test scripts.

> BTW, it's better to have "ltp" instead of "tst" in this path.
Yes, but I wanted to be consistent with dhcpd_tests.sh - there is:
tst_dhcpd.conf, tst_hdcpd.lease

BTW: Others possible improvements of DHCP tests (not planning them before
finishing this):
* I was also thinking about passing file location of config file instead of
  changing content of global files in setup_dhcpd_conf().
* Handle situation when dhclient is already running in daemon mode (rare
  situation nowadays, probably started manually).
* Handle situation, when DHCP server is already running (and blocking port)


Kind regards,
Petr

[1] http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob;f=src/config.h;h=762c49b586bb26fb05d0eceac87d28f939693a6f;hb=HEAD#l193
[2] https://gitlab.com/apparmor/apparmor/blob/master/profiles/apparmor.d/usr.sbin.dnsmasq#L58