[LTP] [RFC] 'nobody' user for testing

[Petr Vorel <pvorel@suse.cz>]

Hi,

I found a setup bug on LTP IMA tests ima_conditionals.sh and
ima_measurements.sh which use 'sudo' (with user 'nobody'). We have many C tests
in LTP which use 'nobody' user somehow, but they don't actually execute
anything with this account. IMHO these are the only tests which execute with 'sudo'
(please double check me).

$ git grep -l nobody testcases/kernel/syscalls/ | wc -l
160

Because on newer systems (I checked Tumblewed, Fedora, Debian) 'nobody' account use
/usr/sbin/nologin which prevents logging, we 1) either need to change account
to use bash (and restore it back after testing) or 2) create a dedicated user
for testing. I'd try to use 'useradd' and check with grep /etc/passwd if the
user is not already defined.

I tend to use 2), add it only to IMA tests (to ima_setup.sh). But I could
put some more generic code to tst_test.sh so that it can be reused by other
tests in the future. WDYT?

Also, as we heavily use 'nobody' already I'm not sure if it's worth to bother
with putting environment variable allowing a different user. Nobody so far complained,
even AOSP folks seem to be used C tests which use 'nobody' (e.g. fchmod06.c is
compiled [1] and not disabled [2]).

Also, we agreed with Cyril, that it'd be good to convert these 2 IMA tests to
use 'su' instead of 'sudo' because 'su' is simpler than 'sudo' (although when
testing with rapido [3] none of them works out of the box).

[1] https://android.googlesource.com/platform/external/ltp/+/refs/heads/main/android/Android.bp
[2] https://android.googlesource.com/platform/external/ltp/+/refs/heads/main/android/tools/disabled_tests.txt
[3] https://github.com/rapido-linux/rapido

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp