* [PATCH bpf-next 1/2] selftests/bpf: Update ima test helper's losetup commands
@ 2020-12-01 14:39 KP Singh
2020-12-01 14:39 ` [PATCH bpf-next 2/2] selftests/bpf: Update ima test helper's mount uuid logic KP Singh
2020-12-01 19:15 ` [PATCH bpf-next 1/2] selftests/bpf: Update ima test helper's losetup commands Andrii Nakryiko
0 siblings, 2 replies; 4+ messages in thread
From: KP Singh @ 2020-12-01 14:39 UTC (permalink / raw)
To: bpf; +Cc: Andrii Nakryiko, Alexei Starovoitov, Daniel Borkmann
From: KP Singh <kpsingh@google.com>
Update the commands to use the bare minimum options so that it works
in busybox environments.
Fixes: 34b82d3ac105 ("bpf: Add a selftest for bpf_ima_inode_hash")
Reported-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: KP Singh <kpsingh@google.com>
---
tools/testing/selftests/bpf/ima_setup.sh | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/tools/testing/selftests/bpf/ima_setup.sh b/tools/testing/selftests/bpf/ima_setup.sh
index 15490ccc5e55..ed29bde26a12 100755
--- a/tools/testing/selftests/bpf/ima_setup.sh
+++ b/tools/testing/selftests/bpf/ima_setup.sh
@@ -3,6 +3,7 @@
set -e
set -u
+set -o pipefail
IMA_POLICY_FILE="/sys/kernel/security/ima/policy"
TEST_BINARY="/bin/true"
@@ -23,9 +24,10 @@ setup()
dd if=/dev/zero of="${mount_img}" bs=1M count=10
- local loop_device="$(losetup --find --show ${mount_img})"
+ losetup -f "${mount_img}"
+ local loop_device=$(losetup -a | grep ${mount_img:?} | cut -d ":" -f1)
- mkfs.ext4 "${loop_device}"
+ mkfs.ext4 "${loop_device:?}"
mount "${loop_device}" "${mount_dir}"
cp "${TEST_BINARY}" "${mount_dir}"
@@ -38,7 +40,8 @@ cleanup() {
local mount_img="${tmp_dir}/test.img"
local mount_dir="${tmp_dir}/mnt"
- local loop_devices=$(losetup -j ${mount_img} -O NAME --noheadings)
+ local loop_devices=$(losetup -a | grep ${mount_img:?} | cut -d ":" -f1)
+
for loop_dev in "${loop_devices}"; do
losetup -d $loop_dev
done
--
2.29.2.454.gaff20da3a2-goog
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH bpf-next 2/2] selftests/bpf: Update ima test helper's mount uuid logic
2020-12-01 14:39 [PATCH bpf-next 1/2] selftests/bpf: Update ima test helper's losetup commands KP Singh
@ 2020-12-01 14:39 ` KP Singh
2020-12-01 19:15 ` [PATCH bpf-next 1/2] selftests/bpf: Update ima test helper's losetup commands Andrii Nakryiko
1 sibling, 0 replies; 4+ messages in thread
From: KP Singh @ 2020-12-01 14:39 UTC (permalink / raw)
To: bpf; +Cc: Alexei Starovoitov, Daniel Borkmann, Andrii Nakryiko
From: KP Singh <kpsingh@google.com>
The test uses blkid to determine the uuid which may not be available on
every system. Switch the logic to a good-old for loop iterating over
/dev/disk/by-uuid and reading the symlinks to find the correct UUID for
a given loop device
Fixes: 34b82d3ac105 ("bpf: Add a selftest for bpf_ima_inode_hash")
Signed-off-by: KP Singh <kpsingh@google.com>
---
tools/testing/selftests/bpf/ima_setup.sh | 20 ++++++++++++++++++--
1 file changed, 18 insertions(+), 2 deletions(-)
diff --git a/tools/testing/selftests/bpf/ima_setup.sh b/tools/testing/selftests/bpf/ima_setup.sh
index ed29bde26a12..7b8615c30c09 100755
--- a/tools/testing/selftests/bpf/ima_setup.sh
+++ b/tools/testing/selftests/bpf/ima_setup.sh
@@ -31,8 +31,24 @@ setup()
mount "${loop_device}" "${mount_dir}"
cp "${TEST_BINARY}" "${mount_dir}"
- local mount_uuid="$(blkid -s UUID -o value ${loop_device})"
- echo "measure func=BPRM_CHECK fsuuid=${mount_uuid}" > ${IMA_POLICY_FILE}
+ local mount_uuid=""
+ # This can be done with blkid -s UUID -o value ${loop_device} but
+ # blkid might not be available everywhere, especially in busybox
+ # environments.
+ for uuid in $(ls /dev/disk/by-uuid); do
+ local link_target="$(readlink -f /dev/disk/by-uuid/${uuid})"
+ if [[ "${loop_device}" == "${link_target}" ]]; then
+ mount_uuid="${uuid}"
+ break;
+ fi
+ done
+
+ if [[ -z "${mount_uuid}" ]]; then
+ echo "Could not find mount_uuid for ${loop_device}"
+ exit 1;
+ fi
+
+ echo "measure func=BPRM_CHECK fsuuid=${mount_uuid:?}" > ${IMA_POLICY_FILE}
}
cleanup() {
--
2.29.2.454.gaff20da3a2-goog
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH bpf-next 1/2] selftests/bpf: Update ima test helper's losetup commands
2020-12-01 14:39 [PATCH bpf-next 1/2] selftests/bpf: Update ima test helper's losetup commands KP Singh
2020-12-01 14:39 ` [PATCH bpf-next 2/2] selftests/bpf: Update ima test helper's mount uuid logic KP Singh
@ 2020-12-01 19:15 ` Andrii Nakryiko
2020-12-02 1:17 ` KP Singh
1 sibling, 1 reply; 4+ messages in thread
From: Andrii Nakryiko @ 2020-12-01 19:15 UTC (permalink / raw)
To: KP Singh; +Cc: bpf, Andrii Nakryiko, Alexei Starovoitov, Daniel Borkmann
On Tue, Dec 1, 2020 at 6:39 AM KP Singh <kpsingh@chromium.org> wrote:
>
> From: KP Singh <kpsingh@google.com>
>
> Update the commands to use the bare minimum options so that it works
> in busybox environments.
>
> Fixes: 34b82d3ac105 ("bpf: Add a selftest for bpf_ima_inode_hash")
> Reported-by: Andrii Nakryiko <andrii@kernel.org>
> Signed-off-by: KP Singh <kpsingh@google.com>
> ---
> tools/testing/selftests/bpf/ima_setup.sh | 9 ++++++---
> 1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/tools/testing/selftests/bpf/ima_setup.sh b/tools/testing/selftests/bpf/ima_setup.sh
> index 15490ccc5e55..ed29bde26a12 100755
> --- a/tools/testing/selftests/bpf/ima_setup.sh
> +++ b/tools/testing/selftests/bpf/ima_setup.sh
> @@ -3,6 +3,7 @@
>
> set -e
> set -u
> +set -o pipefail
>
> IMA_POLICY_FILE="/sys/kernel/security/ima/policy"
> TEST_BINARY="/bin/true"
> @@ -23,9 +24,10 @@ setup()
>
> dd if=/dev/zero of="${mount_img}" bs=1M count=10
This, and few more commands in this script, produce a bunch of output
directly to stdout and stderr. Can you please silence it? If you need
that output for debugging, than you can check verbosity mode in
test_progs and pass extra parameters, if necessary.
>
> - local loop_device="$(losetup --find --show ${mount_img})"
> + losetup -f "${mount_img}"
This doesn't work :(
[root@(none) selftests]# ./ima_setup.sh setup /tmp/ima_measurednsymal
+ set -e
+ set -u
+ set -o pipefail
+ IMA_POLICY_FILE=/sys/kernel/security/ima/policy
+ TEST_BINARY=/bin/true
+ main setup /tmp/ima_measurednsymal
+ [[ 2 -ne 2 ]]
+ local action=setup
+ local tmp_dir=/tmp/ima_measurednsymal
+ [[ ! -d /tmp/ima_measurednsymal ]]
+ [[ setup == \s\e\t\u\p ]]
+ setup /tmp/ima_measurednsymal
+ local tmp_dir=/tmp/ima_measurednsymal
+ local mount_img=/tmp/ima_measurednsymal/test.img
+ local mount_dir=/tmp/ima_measurednsymal/mnt
++ basename /bin/true
+ local copied_bin_path=/tmp/ima_measurednsymal/mnt/true
+ mkdir -p /tmp/ima_measurednsymal/mnt
+ dd if=/dev/zero of=/tmp/ima_measurednsymal/test.img bs=1M count=10
10+0 records in
10+0 records out
10485760 bytes (10.0MB) copied, 0.044713 seconds, 223.6MB/s
+ losetup -f /tmp/ima_measurednsymal/test.img
losetup: /tmp/ima_measurednsymal/test.img: No such file or directory
[root@(none) selftests]# ls -la /tmp/ima_measurednsymal/test.img
-rw-r--r-- 1 root root 10485760 Dec 1 19:13
/tmp/ima_measurednsymal/test.img
[root@(none) selftests]# losetup -f /tmp/ima_measurednsymal/test.img
losetup: /tmp/ima_measurednsymal/test.img: No such file or directory
I have zero context on what IMA is and know nothing about loop
devices, so can't really investigate much, sorry...
> + local loop_device=$(losetup -a | grep ${mount_img:?} | cut -d ":" -f1)
>
> - mkfs.ext4 "${loop_device}"
> + mkfs.ext4 "${loop_device:?}"
> mount "${loop_device}" "${mount_dir}"
>
> cp "${TEST_BINARY}" "${mount_dir}"
> @@ -38,7 +40,8 @@ cleanup() {
> local mount_img="${tmp_dir}/test.img"
> local mount_dir="${tmp_dir}/mnt"
>
> - local loop_devices=$(losetup -j ${mount_img} -O NAME --noheadings)
> + local loop_devices=$(losetup -a | grep ${mount_img:?} | cut -d ":" -f1)
> +
> for loop_dev in "${loop_devices}"; do
> losetup -d $loop_dev
> done
> --
> 2.29.2.454.gaff20da3a2-goog
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH bpf-next 1/2] selftests/bpf: Update ima test helper's losetup commands
2020-12-01 19:15 ` [PATCH bpf-next 1/2] selftests/bpf: Update ima test helper's losetup commands Andrii Nakryiko
@ 2020-12-02 1:17 ` KP Singh
0 siblings, 0 replies; 4+ messages in thread
From: KP Singh @ 2020-12-02 1:17 UTC (permalink / raw)
To: Andrii Nakryiko; +Cc: bpf, Andrii Nakryiko, Alexei Starovoitov, Daniel Borkmann
On Tue, Dec 1, 2020 at 8:15 PM Andrii Nakryiko
<andrii.nakryiko@gmail.com> wrote:
>
> On Tue, Dec 1, 2020 at 6:39 AM KP Singh <kpsingh@chromium.org> wrote:
> >
> > From: KP Singh <kpsingh@google.com>
> >
> > Update the commands to use the bare minimum options so that it works
> > in busybox environments.
> >
> > Fixes: 34b82d3ac105 ("bpf: Add a selftest for bpf_ima_inode_hash")
> > Reported-by: Andrii Nakryiko <andrii@kernel.org>
> > Signed-off-by: KP Singh <kpsingh@google.com>
> > ---
> > tools/testing/selftests/bpf/ima_setup.sh | 9 ++++++---
> > 1 file changed, 6 insertions(+), 3 deletions(-)
> >
> > diff --git a/tools/testing/selftests/bpf/ima_setup.sh b/tools/testing/selftests/bpf/ima_setup.sh
> > index 15490ccc5e55..ed29bde26a12 100755
> > --- a/tools/testing/selftests/bpf/ima_setup.sh
> > +++ b/tools/testing/selftests/bpf/ima_setup.sh
> > @@ -3,6 +3,7 @@
> >
> > set -e
> > set -u
> > +set -o pipefail
> >
> > IMA_POLICY_FILE="/sys/kernel/security/ima/policy"
> > TEST_BINARY="/bin/true"
> > @@ -23,9 +24,10 @@ setup()
> >
> > dd if=/dev/zero of="${mount_img}" bs=1M count=10
>
> This, and few more commands in this script, produce a bunch of output
> directly to stdout and stderr. Can you please silence it? If you need
> that output for debugging, than you can check verbosity mode in
> test_progs and pass extra parameters, if necessary.
>
>
> >
> > - local loop_device="$(losetup --find --show ${mount_img})"
> > + losetup -f "${mount_img}"
>
> This doesn't work :(
>
> [root@(none) selftests]# ./ima_setup.sh setup /tmp/ima_measurednsymal
> + set -e
> + set -u
> + set -o pipefail
> + IMA_POLICY_FILE=/sys/kernel/security/ima/policy
> + TEST_BINARY=/bin/true
> + main setup /tmp/ima_measurednsymal
> + [[ 2 -ne 2 ]]
> + local action=setup
> + local tmp_dir=/tmp/ima_measurednsymal
> + [[ ! -d /tmp/ima_measurednsymal ]]
> + [[ setup == \s\e\t\u\p ]]
> + setup /tmp/ima_measurednsymal
> + local tmp_dir=/tmp/ima_measurednsymal
> + local mount_img=/tmp/ima_measurednsymal/test.img
> + local mount_dir=/tmp/ima_measurednsymal/mnt
> ++ basename /bin/true
> + local copied_bin_path=/tmp/ima_measurednsymal/mnt/true
> + mkdir -p /tmp/ima_measurednsymal/mnt
> + dd if=/dev/zero of=/tmp/ima_measurednsymal/test.img bs=1M count=10
> 10+0 records in
> 10+0 records out
> 10485760 bytes (10.0MB) copied, 0.044713 seconds, 223.6MB/s
> + losetup -f /tmp/ima_measurednsymal/test.img
> losetup: /tmp/ima_measurednsymal/test.img: No such file or directory
> [root@(none) selftests]# ls -la /tmp/ima_measurednsymal/test.img
> -rw-r--r-- 1 root root 10485760 Dec 1 19:13
> /tmp/ima_measurednsymal/test.img
> [root@(none) selftests]# losetup -f /tmp/ima_measurednsymal/test.img
> losetup: /tmp/ima_measurednsymal/test.img: No such file or directory
>
>
> I have zero context on what IMA is and know nothing about loop
> devices, so can't really investigate much, sorry...
>
So after some debugging by using the same image as the bpf CI
we noticed the following needs to be done:
* SecurityFS needs to be mounted
* "integrity" should be in CONFIG_LSM
* mkfs.ext2 should be used instead of mkfs.ext4
* The second patch of the series does not work as the image does not have a
/dev/disk/by-uuid directory.
* The test image does have a blkid command but it ignores the options passed to
only print the UUID.
I will send the fixes and, for the future, we can:
* Document / script how to run selftests against the CI image
(and possibly a few other pre-canned images) without need to setup or
configure things like travis CI for each fork / developer.
* Use this before we send patches so that we can avoid similar
troubles in the future.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-12-02 1:18 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-01 14:39 [PATCH bpf-next 1/2] selftests/bpf: Update ima test helper's losetup commands KP Singh
2020-12-01 14:39 ` [PATCH bpf-next 2/2] selftests/bpf: Update ima test helper's mount uuid logic KP Singh
2020-12-01 19:15 ` [PATCH bpf-next 1/2] selftests/bpf: Update ima test helper's losetup commands Andrii Nakryiko
2020-12-02 1:17 ` KP Singh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.