* [LTP] [PATCH 0/4] DHCP tests and AppArmor improvements
@ 2018-10-11 22:05 Petr Vorel
2018-10-11 22:05 ` [LTP] [PATCH 1/4] net/dhcp: Use paths allowed by AppArmor for dnsmasq Petr Vorel
` (3 more replies)
0 siblings, 4 replies; 10+ messages in thread
From: Petr Vorel @ 2018-10-11 22:05 UTC (permalink / raw)
To: ltp
Hi,
here are some more DHCP tests polishing.
Kind regards,
Petr
Petr Vorel (4):
net/dhcp: Use paths allowed by AppArmor for dnsmasq
net/dhcp: Move print_dhcp_log() into dhcp library
ver_linux: Print AppArmor and SELinux status
tst_net.sh: Warn about enabled AppArmor
testcases/lib/tst_net.sh | 5 +++
testcases/network/dhcp/dhcp_lib.sh | 7 ++++
testcases/network/dhcp/dhcpd_tests.sh | 7 +---
testcases/network/dhcp/dnsmasq_tests.sh | 13 +++----
ver_linux | 46 ++++++++++++++++++++++---
5 files changed, 60 insertions(+), 18 deletions(-)
--
2.19.0
^ permalink raw reply [flat|nested] 10+ messages in thread* [LTP] [PATCH 1/4] net/dhcp: Use paths allowed by AppArmor for dnsmasq 2018-10-11 22:05 [LTP] [PATCH 0/4] DHCP tests and AppArmor improvements Petr Vorel @ 2018-10-11 22:05 ` Petr Vorel 2018-10-11 22:15 ` Petr Vorel 2018-10-23 14:03 ` Alexey Kodanev 2018-10-11 22:05 ` [LTP] [PATCH 2/4] net/dhcp: Move print_dhcp_log() into dhcp library Petr Vorel ` (2 subsequent siblings) 3 siblings, 2 replies; 10+ messages in thread From: Petr Vorel @ 2018-10-11 22:05 UTC (permalink / raw) To: ltp Fixes for --log-facility and --dhcp-leasefile. Path for log file expects AppArmor commit 025c7dc6 ("dnsmasq: Add permission to open log files"). NOTE: AppArmor optimization isn't needed for dhcpd. Signed-off-by: Petr Vorel <pvorel@suse.cz> --- Changing path to /var/log require root, but we run most of network tests under root anyway, at least for network namespaces. I didn't add TST_NEEDS_ROOT=1, maybe I should. Kind regards, Petr --- testcases/network/dhcp/dnsmasq_tests.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/testcases/network/dhcp/dnsmasq_tests.sh b/testcases/network/dhcp/dnsmasq_tests.sh index ad5885c84..43961f85f 100755 --- a/testcases/network/dhcp/dnsmasq_tests.sh +++ b/testcases/network/dhcp/dnsmasq_tests.sh @@ -9,9 +9,11 @@ dhcp_name="dnsmasq" . dhcp_lib.sh +log="/var/log/tst_dnsmasq.log" + common_opt="--no-hosts --no-resolv --dhcp-authoritative \ - --log-facility=./tst_dnsmasq.log --interface=$iface0 \ - --dhcp-leasefile=tst_dnsmasq.lease --port=0 --conf-file= " + --log-facility=$log --interface=$iface0 \ + --dhcp-leasefile=/var/lib/misc/dnsmasq.tst.leases --port=0 --conf-file= " start_dhcp() { @@ -33,12 +35,12 @@ start_dhcp6() cleanup_dhcp() { - rm -f tst_dnsmasq.log + rm -f $log } print_dhcp_log() { - cat tst_dnsmasq.log + cat $log } print_dhcp_version() -- 2.19.0 ^ permalink raw reply related [flat|nested] 10+ messages in thread
* [LTP] [PATCH 1/4] net/dhcp: Use paths allowed by AppArmor for dnsmasq 2018-10-11 22:05 ` [LTP] [PATCH 1/4] net/dhcp: Use paths allowed by AppArmor for dnsmasq Petr Vorel @ 2018-10-11 22:15 ` Petr Vorel 2018-10-23 14:03 ` Alexey Kodanev 1 sibling, 0 replies; 10+ messages in thread From: Petr Vorel @ 2018-10-11 22:15 UTC (permalink / raw) To: ltp Hi, > Fixes for --log-facility and --dhcp-leasefile. > Path for log file expects AppArmor commit > 025c7dc6 ("dnsmasq: Add permission to open log files"). > NOTE: AppArmor optimization isn't needed for dhcpd. > Signed-off-by: Petr Vorel <pvorel@suse.cz> > --- ... > Changing path to /var/log require root, but we run most of network tests > under root anyway, at least for network namespaces. > I didn't add TST_NEEDS_ROOT=1, maybe I should. ... > +++ b/testcases/network/dhcp/dnsmasq_tests.sh ... > +log="/var/log/tst_dnsmasq.log" Another option (instead of writing int /var/log/) is to detect enabled AppArmor and /etc/apparmor.d/local/. If enabled and dir exist, then append/create /etc/apparmor.d/local/usr.sbin.dnsmasq with write permissions to our directory. But this would require restart AppArmor. > + > common_opt="--no-hosts --no-resolv --dhcp-authoritative \ > - --log-facility=./tst_dnsmasq.log --interface=$iface0 \ > - --dhcp-leasefile=tst_dnsmasq.lease --port=0 --conf-file= " > + --log-facility=$log --interface=$iface0 \ > + --dhcp-leasefile=/var/lib/misc/dnsmasq.tst.leases --port=0 --conf-file= " Kind regards, Petr ^ permalink raw reply [flat|nested] 10+ messages in thread
* [LTP] [PATCH 1/4] net/dhcp: Use paths allowed by AppArmor for dnsmasq 2018-10-11 22:05 ` [LTP] [PATCH 1/4] net/dhcp: Use paths allowed by AppArmor for dnsmasq Petr Vorel 2018-10-11 22:15 ` Petr Vorel @ 2018-10-23 14:03 ` Alexey Kodanev 2018-10-23 21:57 ` Petr Vorel 1 sibling, 1 reply; 10+ messages in thread From: Alexey Kodanev @ 2018-10-23 14:03 UTC (permalink / raw) To: ltp On 12.10.2018 01:05, Petr Vorel wrote: > Fixes for --log-facility and --dhcp-leasefile. > > Path for log file expects AppArmor commit > 025c7dc6 ("dnsmasq: Add permission to open log files"). > > NOTE: AppArmor optimization isn't needed for dhcpd. > > Signed-off-by: Petr Vorel <pvorel@suse.cz> > --- > Changing path to /var/log require root, but we run most of network tests > under root anyway, at least for network namespaces. > I didn't add TST_NEEDS_ROOT=1, maybe I should. > > > Kind regards, > Petr > --- > testcases/network/dhcp/dnsmasq_tests.sh | 10 ++++++---- > 1 file changed, 6 insertions(+), 4 deletions(-) > > diff --git a/testcases/network/dhcp/dnsmasq_tests.sh b/testcases/network/dhcp/dnsmasq_tests.sh > index ad5885c84..43961f85f 100755 > --- a/testcases/network/dhcp/dnsmasq_tests.sh > +++ b/testcases/network/dhcp/dnsmasq_tests.sh > @@ -9,9 +9,11 @@ dhcp_name="dnsmasq" > > . dhcp_lib.sh > > +log="/var/log/tst_dnsmasq.log" > + > common_opt="--no-hosts --no-resolv --dhcp-authoritative \ > - --log-facility=./tst_dnsmasq.log --interface=$iface0 \ > - --dhcp-leasefile=tst_dnsmasq.lease --port=0 --conf-file= " > + --log-facility=$log --interface=$iface0 \ It could be stderr with writing the output of dnsmasq to the test directory: --log-facility=- > + --dhcp-leasefile=/var/lib/misc/dnsmasq.tst.leases --port=0 --conf-file= " > What if this directory doesn't exist? Why not to use the standard one for dnsmasq /var/lib/dnsmasq/? Forgot to remove this file in cleanup? BTW, it's better to have "ltp" instead of "tst" in this path. > start_dhcp() > { > @@ -33,12 +35,12 @@ start_dhcp6() > > cleanup_dhcp() > { > - rm -f tst_dnsmasq.log > + rm -f $log > } > > print_dhcp_log() > { > - cat tst_dnsmasq.log > + cat $log > } > > print_dhcp_version() > ^ permalink raw reply [flat|nested] 10+ messages in thread
* [LTP] [PATCH 1/4] net/dhcp: Use paths allowed by AppArmor for dnsmasq 2018-10-23 14:03 ` Alexey Kodanev @ 2018-10-23 21:57 ` Petr Vorel 2018-10-24 10:40 ` Alexey Kodanev 0 siblings, 1 reply; 10+ messages in thread From: Petr Vorel @ 2018-10-23 21:57 UTC (permalink / raw) To: ltp Hi Alexey, thanks for you review! > On 12.10.2018 01:05, Petr Vorel wrote: > > Fixes for --log-facility and --dhcp-leasefile. > > Path for log file expects AppArmor commit > > 025c7dc6 ("dnsmasq: Add permission to open log files"). > > NOTE: AppArmor optimization isn't needed for dhcpd. > > Signed-off-by: Petr Vorel <pvorel@suse.cz> > > --- > > Changing path to /var/log require root, but we run most of network tests > > under root anyway, at least for network namespaces. > > I didn't add TST_NEEDS_ROOT=1, maybe I should. ... > > common_opt="--no-hosts --no-resolv --dhcp-authoritative \ > > - --log-facility=./tst_dnsmasq.log --interface=$iface0 \ > > - --dhcp-leasefile=tst_dnsmasq.lease --port=0 --conf-file= " > > + --log-facility=$log --interface=$iface0 \ > It could be stderr with writing the output of dnsmasq to the test directory: > --log-facility=- Yes, I noticed the possibility to use stderr as well. But it's since 2.53, which breaks old distros (centos6/rhel6) and would require check for version. Is it worth of it? And isn't there anything else requiring root anyway on SSH/RSH based testing? (default netns testing requires root). > > + --dhcp-leasefile=/var/lib/misc/dnsmasq.tst.leases --port=0 --conf-file= " > What if this directory doesn't exist? Why not to use the standard one for dnsmasq /var/lib/dnsmasq/? No, default path for linux is /var/lib/misc/dnsmasq.leases [1]: define LEASEFILE "/var/lib/misc/dnsmasq.leases" AppArmor also expects it there [2]: /var/lib/misc/dnsmasq.leases rw, # Required only for DHCP server usage but also accept different paths: /var/lib/misc/dnsmasq.*.leases rw, /var/lib/lxd-bridge/dnsmasq.*.leases rw, /var/lib/NetworkManager/dnsmasq-*.leases rw, > Forgot to remove this file in cleanup? Yes, I should be consistent. But is it really needed to cleanup files, when temporary directory is being deleted after test? I was actually thinking to remove cleanup_dhcp at all from both test scripts. > BTW, it's better to have "ltp" instead of "tst" in this path. Yes, but I wanted to be consistent with dhcpd_tests.sh - there is: tst_dhcpd.conf, tst_hdcpd.lease BTW: Others possible improvements of DHCP tests (not planning them before finishing this): * I was also thinking about passing file location of config file instead of changing content of global files in setup_dhcpd_conf(). * Handle situation when dhclient is already running in daemon mode (rare situation nowadays, probably started manually). * Handle situation, when DHCP server is already running (and blocking port) Kind regards, Petr [1] http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob;f=src/config.h;h=762c49b586bb26fb05d0eceac87d28f939693a6f;hb=HEAD#l193 [2] https://gitlab.com/apparmor/apparmor/blob/master/profiles/apparmor.d/usr.sbin.dnsmasq#L58 ^ permalink raw reply [flat|nested] 10+ messages in thread
* [LTP] [PATCH 1/4] net/dhcp: Use paths allowed by AppArmor for dnsmasq 2018-10-23 21:57 ` Petr Vorel @ 2018-10-24 10:40 ` Alexey Kodanev 2018-10-24 15:53 ` Petr Vorel 0 siblings, 1 reply; 10+ messages in thread From: Alexey Kodanev @ 2018-10-24 10:40 UTC (permalink / raw) To: ltp Hi Petr, On 24.10.2018 00:57, Petr Vorel wrote: ... >> What if this directory doesn't exist? Why not to use the standard one for dnsmasq /var/lib/dnsmasq/? > No, default path for linux is /var/lib/misc/dnsmasq.leases [1]: > define LEASEFILE "/var/lib/misc/dnsmasq.leases" > > AppArmor also expects it there [2]: > /var/lib/misc/dnsmasq.leases rw, # Required only for DHCP server usage > > but also accept different paths: > /var/lib/misc/dnsmasq.*.leases rw, > /var/lib/lxd-bridge/dnsmasq.*.leases rw, > /var/lib/NetworkManager/dnsmasq-*.leases rw, > May be it is for the newest versions only, I was looking at 2.48/2.76 and it is /var/lib/dnsmasq/dnsmasq.leases. >> Forgot to remove this file in cleanup? > Yes, I should be consistent. But is it really needed to cleanup files, when > temporary directory is being deleted after test? I was actually thinking to > remove cleanup_dhcp at all from both test scripts. But the file now outside of LTP temp directory, in /var/lib/misc/... ^ permalink raw reply [flat|nested] 10+ messages in thread
* [LTP] [PATCH 1/4] net/dhcp: Use paths allowed by AppArmor for dnsmasq 2018-10-24 10:40 ` Alexey Kodanev @ 2018-10-24 15:53 ` Petr Vorel 0 siblings, 0 replies; 10+ messages in thread From: Petr Vorel @ 2018-10-24 15:53 UTC (permalink / raw) To: ltp Hi Alexey, > Hi Petr, > On 24.10.2018 00:57, Petr Vorel wrote: > ... > >> What if this directory doesn't exist? Why not to use the standard one for dnsmasq /var/lib/dnsmasq/? > > No, default path for linux is /var/lib/misc/dnsmasq.leases [1]: > > define LEASEFILE "/var/lib/misc/dnsmasq.leases" > > AppArmor also expects it there [2]: > > /var/lib/misc/dnsmasq.leases rw, # Required only for DHCP server usage > > but also accept different paths: > > /var/lib/misc/dnsmasq.*.leases rw, > > /var/lib/lxd-bridge/dnsmasq.*.leases rw, > > /var/lib/NetworkManager/dnsmasq-*.leases rw, > May be it is for the newest versions only, I was looking at 2.48/2.76 and it is > /var/lib/dnsmasq/dnsmasq.leases. It's not upstream, src/config.h haven't changed for linux since 2.0. /var/lib/dnsmasq/ is Fedora/RHEL/CentOS/Oracle Linux (RHEL*) specific [1], changed since 2.41 (in 2007) [2] [3]. I checked various other distros and others (SUSE, Debian, Archlinux, Gentoo, Ubuntu) use default location in /var/lib/misc/. /var/lib/misc/ also exists on RHEL* (filesystem package, which is on every RHEL* system), so maybe we could be happy about that. But RHEL* doesn't use AppArmor and SELinux supports wildcard on /var/lib/dnsmasq/ but in /var/lib/misc/ support just dnsmasq.leases [4]: /var/lib/misc/dnsmasq\.leases -- gen_context(system_u:object_r:dnsmasq_lease_t,s0) /var/lib/dnsmasq(/.*)? gen_context(system_u:object_r:dnsmasq_lease_t,s0) so for RHEL* it'd be really better to use /var/lib/misc/. Therefore could use /var/lib/misc/ as default and if directory not exist use /var/lib/dnsmasq/ (as it's probably RHEL*). Writing into either of them requires root, so we need to add TST_NEEDS_ROOT=1. But still paths aren't compatible, either SELinux or AppArmor need to be more relax (add star for both log and lease file). Similar situation is for logging file: SELinux [4] /var/log/dnsmasq.* -- gen_context(system_u:object_r:dnsmasq_var_log_t,s0) AppArmor [5]: /var/log/*dnsmasq.log w, I'll report it to both projects. In meanwhile we could workaround with adjusting dnsmasq's policy/profile (AppArmor: create /etc/apparmor.d/local/usr.sbin.dnsmasq, SELinux: create /etc/selinux/targeted/contexts/files/file_contexts.local). Or just to temporarily disable AppArmor or SELinux). Not sure what is a better approach. Unfortunately these tests look to me more like userspace related and catching AppArmor or SELinux policy/profile bugs than kernel networking problems. > >> Forgot to remove this file in cleanup? > > Yes, I should be consistent. But is it really needed to cleanup files, when > > temporary directory is being deleted after test? I was actually thinking to > > remove cleanup_dhcp at all from both test scripts. > But the file now outside of LTP temp directory, in /var/lib/misc/... OK, that needs to be removed. Kind regards, Petr [1] https://src.fedoraproject.org/cgit/rpms/dnsmasq.git/tree/dnsmasq.spec#n67 [2] https://src.fedoraproject.org/cgit/rpms/dnsmasq.git/commit/?id=91d4b30e7b55bbb561547312e83ce4d709e505e2 [3] https://bugzilla.redhat.com/show_bug.cgi?id=407901 [4] https://github.com/SELinuxProject/refpolicy/blob/master/policy/modules/services/dnsmasq.fc [5] https://gitlab.com/apparmor/apparmor/blob/master/profiles/apparmor.d/usr.sbin.dnsmasq ^ permalink raw reply [flat|nested] 10+ messages in thread
* [LTP] [PATCH 2/4] net/dhcp: Move print_dhcp_log() into dhcp library 2018-10-11 22:05 [LTP] [PATCH 0/4] DHCP tests and AppArmor improvements Petr Vorel 2018-10-11 22:05 ` [LTP] [PATCH 1/4] net/dhcp: Use paths allowed by AppArmor for dnsmasq Petr Vorel @ 2018-10-11 22:05 ` Petr Vorel 2018-10-11 22:05 ` [LTP] [PATCH 3/4] ver_linux: Print AppArmor and SELinux status Petr Vorel 2018-10-11 22:05 ` [LTP] [PATCH 4/4] tst_net.sh: Warn about enabled AppArmor Petr Vorel 3 siblings, 0 replies; 10+ messages in thread From: Petr Vorel @ 2018-10-11 22:05 UTC (permalink / raw) To: ltp Create default path for log file, but allow test to specify it. This is needed for AppArmor respected paths, which was already defined in 3e76b9896 ("net/dhcp: Use paths allowed by AppArmor for dnsmasq"). Also check if file exists. This is needed for dnsmasq --log-facility switch when AppArmor enabled, because according to dnsmasq(8) errors whilst reading configuration will still go to syslog. And then error report of cat of missing file is misleading. Signed-off-by: Petr Vorel <pvorel@suse.cz> --- testcases/network/dhcp/dhcp_lib.sh | 7 +++++++ testcases/network/dhcp/dhcpd_tests.sh | 7 +------ testcases/network/dhcp/dnsmasq_tests.sh | 5 ----- 3 files changed, 8 insertions(+), 11 deletions(-) diff --git a/testcases/network/dhcp/dhcp_lib.sh b/testcases/network/dhcp/dhcp_lib.sh index 29b8027de..fb8b8840a 100755 --- a/testcases/network/dhcp/dhcp_lib.sh +++ b/testcases/network/dhcp/dhcp_lib.sh @@ -38,6 +38,8 @@ stop_dhcp() init() { + [ -z "$log" ] && log="$PWD/$(basename $0 '.sh').log" + if [ $TST_IPV6 ]; then ip_addr="fd00:1:1:2::12/64" ip_addr_check="fd00:1:1:2::100/64" @@ -89,6 +91,11 @@ cleanup() [ "$veth_loaded" = "no" ] && lsmod | grep -q '^veth ' && rmmod veth } +print_dhcp_log() +{ + [ -f "$log" ] && cat $log +} + test01() { local wicked diff --git a/testcases/network/dhcp/dhcpd_tests.sh b/testcases/network/dhcp/dhcpd_tests.sh index ff46b825d..e8339932b 100755 --- a/testcases/network/dhcp/dhcpd_tests.sh +++ b/testcases/network/dhcp/dhcpd_tests.sh @@ -31,7 +31,7 @@ setup_dhcpd_conf() start_dhcpd() { touch tst_hdcpd.lease - dhcpd -lf tst_hdcpd.lease -$TST_IPVER $iface0 > tst_dhcpd.err 2>&1 + dhcpd -lf tst_hdcpd.lease -$TST_IPVER $iface0 > $log 2>&1 } start_dhcp() @@ -69,11 +69,6 @@ cleanup_dhcp() [ -f dhcpd.conf ] && mv dhcpd.conf $DHCPD_CONF } -print_dhcp_log() -{ - cat tst_dhcpd.err -} - print_dhcp_version() { dhcpd --version 2>&1 diff --git a/testcases/network/dhcp/dnsmasq_tests.sh b/testcases/network/dhcp/dnsmasq_tests.sh index 43961f85f..e034f4f63 100755 --- a/testcases/network/dhcp/dnsmasq_tests.sh +++ b/testcases/network/dhcp/dnsmasq_tests.sh @@ -38,11 +38,6 @@ cleanup_dhcp() rm -f $log } -print_dhcp_log() -{ - cat $log -} - print_dhcp_version() { dnsmasq --version | head -2 -- 2.19.0 ^ permalink raw reply related [flat|nested] 10+ messages in thread
* [LTP] [PATCH 3/4] ver_linux: Print AppArmor and SELinux status 2018-10-11 22:05 [LTP] [PATCH 0/4] DHCP tests and AppArmor improvements Petr Vorel 2018-10-11 22:05 ` [LTP] [PATCH 1/4] net/dhcp: Use paths allowed by AppArmor for dnsmasq Petr Vorel 2018-10-11 22:05 ` [LTP] [PATCH 2/4] net/dhcp: Move print_dhcp_log() into dhcp library Petr Vorel @ 2018-10-11 22:05 ` Petr Vorel 2018-10-11 22:05 ` [LTP] [PATCH 4/4] tst_net.sh: Warn about enabled AppArmor Petr Vorel 3 siblings, 0 replies; 10+ messages in thread From: Petr Vorel @ 2018-10-11 22:05 UTC (permalink / raw) To: ltp + add some helper functions Signed-off-by: Petr Vorel <pvorel@suse.cz> --- If you don't like the functions, I can remove them. --- ver_linux | 46 ++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 42 insertions(+), 4 deletions(-) diff --git a/ver_linux b/ver_linux index 897571703..5994c0e0f 100755 --- a/ver_linux +++ b/ver_linux @@ -3,8 +3,35 @@ # typical as you use for compilation/istallation. I use # /bin /sbin /usr/bin /usr/sbin /usr/local/bin, but it may # differ on your system. -# + PATH=/sbin:/usr/sbin:/bin:/usr/bin:$PATH + +tst_cmd_available() +{ + if type command > /dev/null 2>&1; then + command -v $1 > /dev/null 2>&1 || return 1 + else + which $1 > /dev/null 2>&1 + if [ $? -eq 0 ]; then + return 0 + else + return 1 + fi + fi +} + +tst_cmd_run() +{ + local cmd="$1" + shift + tst_cmd_available $cmd && eval "$cmd $@" +} + +is_enabled() +{ + [ -f "$1" ] && [ "$(cat $1)" = "Y" -o "$(cat $1)" = "1" ] +} + echo 'If some fields are empty or look unusual you may have an old version.' echo 'Compare to the current minimal requirements in Documentation/Changes.' @@ -101,8 +128,19 @@ free echo echo 'cpuinfo:' -if which lscpu > /dev/null 2>&1; then - lscpu +tst_cmd_run lscpu || cat /proc/cpuinfo + +echo +if is_enabled /sys/module/apparmor/parameters/enabled; then + echo 'AppArmor enabled' + tst_cmd_run aa-status else - cat /proc/cpuinfo + echo 'AppArmor disabled' +fi + +echo + +if ! tst_cmd_run sestatus; then + printf 'SELinux mode: ' + tst_cmd_run getenforce || echo 'unknown' fi -- 2.19.0 ^ permalink raw reply related [flat|nested] 10+ messages in thread
* [LTP] [PATCH 4/4] tst_net.sh: Warn about enabled AppArmor 2018-10-11 22:05 [LTP] [PATCH 0/4] DHCP tests and AppArmor improvements Petr Vorel ` (2 preceding siblings ...) 2018-10-11 22:05 ` [LTP] [PATCH 3/4] ver_linux: Print AppArmor and SELinux status Petr Vorel @ 2018-10-11 22:05 ` Petr Vorel 3 siblings, 0 replies; 10+ messages in thread From: Petr Vorel @ 2018-10-11 22:05 UTC (permalink / raw) To: ltp This is due some false positives because improper usage or bugs in AppArmor profiles (e.g. traceroute, dnsmasq). Signed-off-by: Petr Vorel <pvorel@suse.cz> --- testcases/lib/tst_net.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/testcases/lib/tst_net.sh b/testcases/lib/tst_net.sh index a4467da7c..d60d50820 100644 --- a/testcases/lib/tst_net.sh +++ b/testcases/lib/tst_net.sh @@ -713,6 +713,11 @@ if [ -z "$TST_PARSE_VARIABLES" ]; then tst_res_ TINFO "$LHOST_IFACES -- $RHOST_IFACES" tst_res_ TINFO "$IPV4_LHOST/$IPV4_LPREFIX -- $IPV4_RHOST/$IPV4_RPREFIX" tst_res_ TINFO "$IPV6_LHOST/$IPV6_LPREFIX -- $IPV6_RHOST/$IPV6_RPREFIX" + + if [ -f /sys/module/apparmor/parameters/enabled ] && [ "$(cat /sys/module/apparmor/parameters/enabled)" = "Y" ]; then + tst_res_ TINFO "AppArmor enabled, this may affect test results" + fi + export TST_PARSE_VARIABLES="yes" fi -- 2.19.0 ^ permalink raw reply related [flat|nested] 10+ messages in thread
end of thread, other threads:[~2018-10-24 15:53 UTC | newest] Thread overview: 10+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2018-10-11 22:05 [LTP] [PATCH 0/4] DHCP tests and AppArmor improvements Petr Vorel 2018-10-11 22:05 ` [LTP] [PATCH 1/4] net/dhcp: Use paths allowed by AppArmor for dnsmasq Petr Vorel 2018-10-11 22:15 ` Petr Vorel 2018-10-23 14:03 ` Alexey Kodanev 2018-10-23 21:57 ` Petr Vorel 2018-10-24 10:40 ` Alexey Kodanev 2018-10-24 15:53 ` Petr Vorel 2018-10-11 22:05 ` [LTP] [PATCH 2/4] net/dhcp: Move print_dhcp_log() into dhcp library Petr Vorel 2018-10-11 22:05 ` [LTP] [PATCH 3/4] ver_linux: Print AppArmor and SELinux status Petr Vorel 2018-10-11 22:05 ` [LTP] [PATCH 4/4] tst_net.sh: Warn about enabled AppArmor Petr Vorel
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox