[PATCH bpf-next 1/2] selftests/bpf: Update ima test helper's losetup commands

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH bpf-next 1/2] selftests/bpf: Update ima test helper's losetup commands
@ 2020-12-01 14:39 KP Singh
  2020-12-01 14:39 ` [PATCH bpf-next 2/2] selftests/bpf: Update ima test helper's mount uuid logic KP Singh
  2020-12-01 19:15 ` [PATCH bpf-next 1/2] selftests/bpf: Update ima test helper's losetup commands Andrii Nakryiko
  0 siblings, 2 replies; 4+ messages in thread
From: KP Singh @ 2020-12-01 14:39 UTC (permalink / raw)
  To: bpf; +Cc: Andrii Nakryiko, Alexei Starovoitov, Daniel Borkmann

From: KP Singh <kpsingh@google.com>

Update the commands to use the bare minimum options so that it works
in busybox environments.

Fixes: 34b82d3ac105 ("bpf: Add a selftest for bpf_ima_inode_hash")
Reported-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: KP Singh <kpsingh@google.com>
---
 tools/testing/selftests/bpf/ima_setup.sh | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/tools/testing/selftests/bpf/ima_setup.sh b/tools/testing/selftests/bpf/ima_setup.sh
index 15490ccc5e55..ed29bde26a12 100755
--- a/tools/testing/selftests/bpf/ima_setup.sh
+++ b/tools/testing/selftests/bpf/ima_setup.sh
@@ -3,6 +3,7 @@
 
 set -e
 set -u
+set -o pipefail
 
 IMA_POLICY_FILE="/sys/kernel/security/ima/policy"
 TEST_BINARY="/bin/true"
@@ -23,9 +24,10 @@ setup()
 
         dd if=/dev/zero of="${mount_img}" bs=1M count=10
 
-        local loop_device="$(losetup --find --show ${mount_img})"
+        losetup -f "${mount_img}"
+        local loop_device=$(losetup -a | grep ${mount_img:?} | cut -d ":" -f1)
 
-        mkfs.ext4 "${loop_device}"
+        mkfs.ext4 "${loop_device:?}"
         mount "${loop_device}" "${mount_dir}"
 
         cp "${TEST_BINARY}" "${mount_dir}"
@@ -38,7 +40,8 @@ cleanup() {
         local mount_img="${tmp_dir}/test.img"
         local mount_dir="${tmp_dir}/mnt"
 
-        local loop_devices=$(losetup -j ${mount_img} -O NAME --noheadings)
+        local loop_devices=$(losetup -a | grep ${mount_img:?} | cut -d ":" -f1)
+
         for loop_dev in "${loop_devices}"; do
                 losetup -d $loop_dev
         done
-- 
2.29.2.454.gaff20da3a2-goog


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [PATCH bpf-next 2/2] selftests/bpf: Update ima test helper's mount uuid logic
  2020-12-01 14:39 [PATCH bpf-next 1/2] selftests/bpf: Update ima test helper's losetup commands KP Singh
@ 2020-12-01 14:39 ` KP Singh
  2020-12-01 19:15 ` [PATCH bpf-next 1/2] selftests/bpf: Update ima test helper's losetup commands Andrii Nakryiko
  1 sibling, 0 replies; 4+ messages in thread
From: KP Singh @ 2020-12-01 14:39 UTC (permalink / raw)
  To: bpf; +Cc: Alexei Starovoitov, Daniel Borkmann, Andrii Nakryiko

From: KP Singh <kpsingh@google.com>

The test uses blkid to determine the uuid which may not be available on
every system. Switch the logic to a good-old for loop iterating over
/dev/disk/by-uuid and reading the symlinks to find the correct UUID for
a given loop device

Fixes: 34b82d3ac105 ("bpf: Add a selftest for bpf_ima_inode_hash")
Signed-off-by: KP Singh <kpsingh@google.com>
---
 tools/testing/selftests/bpf/ima_setup.sh | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/tools/testing/selftests/bpf/ima_setup.sh b/tools/testing/selftests/bpf/ima_setup.sh
index ed29bde26a12..7b8615c30c09 100755
--- a/tools/testing/selftests/bpf/ima_setup.sh
+++ b/tools/testing/selftests/bpf/ima_setup.sh
@@ -31,8 +31,24 @@ setup()
         mount "${loop_device}" "${mount_dir}"
 
         cp "${TEST_BINARY}" "${mount_dir}"
-        local mount_uuid="$(blkid -s UUID -o value ${loop_device})"
-        echo "measure func=BPRM_CHECK fsuuid=${mount_uuid}" > ${IMA_POLICY_FILE}
+        local mount_uuid=""
+        # This can be done with blkid -s UUID -o value ${loop_device} but
+        # blkid might not be available everywhere, especially in busybox
+        # environments.
+        for uuid in $(ls /dev/disk/by-uuid); do
+                local link_target="$(readlink -f /dev/disk/by-uuid/${uuid})"
+                if [[ "${loop_device}" == "${link_target}" ]]; then
+                        mount_uuid="${uuid}"
+                        break;
+                fi
+        done
+
+        if [[ -z "${mount_uuid}" ]]; then
+                echo "Could not find mount_uuid for ${loop_device}"
+                exit 1;
+        fi
+
+        echo "measure func=BPRM_CHECK fsuuid=${mount_uuid:?}" > ${IMA_POLICY_FILE}
 }
 
 cleanup() {
-- 
2.29.2.454.gaff20da3a2-goog


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH bpf-next 1/2] selftests/bpf: Update ima test helper's losetup commands
  2020-12-01 14:39 [PATCH bpf-next 1/2] selftests/bpf: Update ima test helper's losetup commands KP Singh
  2020-12-01 14:39 ` [PATCH bpf-next 2/2] selftests/bpf: Update ima test helper's mount uuid logic KP Singh
@ 2020-12-01 19:15 ` Andrii Nakryiko
  2020-12-02  1:17   ` KP Singh
  1 sibling, 1 reply; 4+ messages in thread
From: Andrii Nakryiko @ 2020-12-01 19:15 UTC (permalink / raw)
  To: KP Singh; +Cc: bpf, Andrii Nakryiko, Alexei Starovoitov, Daniel Borkmann

On Tue, Dec 1, 2020 at 6:39 AM KP Singh <kpsingh@chromium.org> wrote:
>
> From: KP Singh <kpsingh@google.com>
>
> Update the commands to use the bare minimum options so that it works
> in busybox environments.
>
> Fixes: 34b82d3ac105 ("bpf: Add a selftest for bpf_ima_inode_hash")
> Reported-by: Andrii Nakryiko <andrii@kernel.org>
> Signed-off-by: KP Singh <kpsingh@google.com>
> ---
>  tools/testing/selftests/bpf/ima_setup.sh | 9 ++++++---
>  1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/tools/testing/selftests/bpf/ima_setup.sh b/tools/testing/selftests/bpf/ima_setup.sh
> index 15490ccc5e55..ed29bde26a12 100755
> --- a/tools/testing/selftests/bpf/ima_setup.sh
> +++ b/tools/testing/selftests/bpf/ima_setup.sh
> @@ -3,6 +3,7 @@
>
>  set -e
>  set -u
> +set -o pipefail
>
>  IMA_POLICY_FILE="/sys/kernel/security/ima/policy"
>  TEST_BINARY="/bin/true"
> @@ -23,9 +24,10 @@ setup()
>
>          dd if=/dev/zero of="${mount_img}" bs=1M count=10

This, and few more commands in this script, produce a bunch of output
directly to stdout and stderr. Can you please silence it? If you need
that output for debugging, than you can check verbosity mode in
test_progs and pass extra parameters, if necessary.


>
> -        local loop_device="$(losetup --find --show ${mount_img})"
> +        losetup -f "${mount_img}"

This doesn't work :(

[root@(none) selftests]# ./ima_setup.sh setup /tmp/ima_measurednsymal
+ set -e
+ set -u
+ set -o pipefail
+ IMA_POLICY_FILE=/sys/kernel/security/ima/policy
+ TEST_BINARY=/bin/true
+ main setup /tmp/ima_measurednsymal
+ [[ 2 -ne 2 ]]
+ local action=setup
+ local tmp_dir=/tmp/ima_measurednsymal
+ [[ ! -d /tmp/ima_measurednsymal ]]
+ [[ setup == \s\e\t\u\p ]]
+ setup /tmp/ima_measurednsymal
+ local tmp_dir=/tmp/ima_measurednsymal
+ local mount_img=/tmp/ima_measurednsymal/test.img
+ local mount_dir=/tmp/ima_measurednsymal/mnt
++ basename /bin/true
+ local copied_bin_path=/tmp/ima_measurednsymal/mnt/true
+ mkdir -p /tmp/ima_measurednsymal/mnt
+ dd if=/dev/zero of=/tmp/ima_measurednsymal/test.img bs=1M count=10
10+0 records in
10+0 records out
10485760 bytes (10.0MB) copied, 0.044713 seconds, 223.6MB/s
+ losetup -f /tmp/ima_measurednsymal/test.img
losetup: /tmp/ima_measurednsymal/test.img: No such file or directory
[root@(none) selftests]# ls -la /tmp/ima_measurednsymal/test.img
-rw-r--r--    1 root     root      10485760 Dec  1 19:13
/tmp/ima_measurednsymal/test.img
[root@(none) selftests]# losetup -f /tmp/ima_measurednsymal/test.img
losetup: /tmp/ima_measurednsymal/test.img: No such file or directory


I have zero context on what IMA is and know nothing about loop
devices, so can't really investigate much, sorry...

> +        local loop_device=$(losetup -a | grep ${mount_img:?} | cut -d ":" -f1)
>
> -        mkfs.ext4 "${loop_device}"
> +        mkfs.ext4 "${loop_device:?}"
>          mount "${loop_device}" "${mount_dir}"
>
>          cp "${TEST_BINARY}" "${mount_dir}"
> @@ -38,7 +40,8 @@ cleanup() {
>          local mount_img="${tmp_dir}/test.img"
>          local mount_dir="${tmp_dir}/mnt"
>
> -        local loop_devices=$(losetup -j ${mount_img} -O NAME --noheadings)
> +        local loop_devices=$(losetup -a | grep ${mount_img:?} | cut -d ":" -f1)
> +
>          for loop_dev in "${loop_devices}"; do
>                  losetup -d $loop_dev
>          done
> --
> 2.29.2.454.gaff20da3a2-goog
>

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH bpf-next 1/2] selftests/bpf: Update ima test helper's losetup commands
  2020-12-01 19:15 ` [PATCH bpf-next 1/2] selftests/bpf: Update ima test helper's losetup commands Andrii Nakryiko
@ 2020-12-02  1:17   ` KP Singh
  0 siblings, 0 replies; 4+ messages in thread
From: KP Singh @ 2020-12-02  1:17 UTC (permalink / raw)
  To: Andrii Nakryiko; +Cc: bpf, Andrii Nakryiko, Alexei Starovoitov, Daniel Borkmann

On Tue, Dec 1, 2020 at 8:15 PM Andrii Nakryiko
<andrii.nakryiko@gmail.com> wrote:
>
> On Tue, Dec 1, 2020 at 6:39 AM KP Singh <kpsingh@chromium.org> wrote:
> >
> > From: KP Singh <kpsingh@google.com>
> >
> > Update the commands to use the bare minimum options so that it works
> > in busybox environments.
> >
> > Fixes: 34b82d3ac105 ("bpf: Add a selftest for bpf_ima_inode_hash")
> > Reported-by: Andrii Nakryiko <andrii@kernel.org>
> > Signed-off-by: KP Singh <kpsingh@google.com>
> > ---
> >  tools/testing/selftests/bpf/ima_setup.sh | 9 ++++++---
> >  1 file changed, 6 insertions(+), 3 deletions(-)
> >
> > diff --git a/tools/testing/selftests/bpf/ima_setup.sh b/tools/testing/selftests/bpf/ima_setup.sh
> > index 15490ccc5e55..ed29bde26a12 100755
> > --- a/tools/testing/selftests/bpf/ima_setup.sh
> > +++ b/tools/testing/selftests/bpf/ima_setup.sh
> > @@ -3,6 +3,7 @@
> >
> >  set -e
> >  set -u
> > +set -o pipefail
> >
> >  IMA_POLICY_FILE="/sys/kernel/security/ima/policy"
> >  TEST_BINARY="/bin/true"
> > @@ -23,9 +24,10 @@ setup()
> >
> >          dd if=/dev/zero of="${mount_img}" bs=1M count=10
>
> This, and few more commands in this script, produce a bunch of output
> directly to stdout and stderr. Can you please silence it? If you need
> that output for debugging, than you can check verbosity mode in
> test_progs and pass extra parameters, if necessary.
>
>
> >
> > -        local loop_device="$(losetup --find --show ${mount_img})"
> > +        losetup -f "${mount_img}"
>
> This doesn't work :(
>
> [root@(none) selftests]# ./ima_setup.sh setup /tmp/ima_measurednsymal
> + set -e
> + set -u
> + set -o pipefail
> + IMA_POLICY_FILE=/sys/kernel/security/ima/policy
> + TEST_BINARY=/bin/true
> + main setup /tmp/ima_measurednsymal
> + [[ 2 -ne 2 ]]
> + local action=setup
> + local tmp_dir=/tmp/ima_measurednsymal
> + [[ ! -d /tmp/ima_measurednsymal ]]
> + [[ setup == \s\e\t\u\p ]]
> + setup /tmp/ima_measurednsymal
> + local tmp_dir=/tmp/ima_measurednsymal
> + local mount_img=/tmp/ima_measurednsymal/test.img
> + local mount_dir=/tmp/ima_measurednsymal/mnt
> ++ basename /bin/true
> + local copied_bin_path=/tmp/ima_measurednsymal/mnt/true
> + mkdir -p /tmp/ima_measurednsymal/mnt
> + dd if=/dev/zero of=/tmp/ima_measurednsymal/test.img bs=1M count=10
> 10+0 records in
> 10+0 records out
> 10485760 bytes (10.0MB) copied, 0.044713 seconds, 223.6MB/s
> + losetup -f /tmp/ima_measurednsymal/test.img
> losetup: /tmp/ima_measurednsymal/test.img: No such file or directory
> [root@(none) selftests]# ls -la /tmp/ima_measurednsymal/test.img
> -rw-r--r--    1 root     root      10485760 Dec  1 19:13
> /tmp/ima_measurednsymal/test.img
> [root@(none) selftests]# losetup -f /tmp/ima_measurednsymal/test.img
> losetup: /tmp/ima_measurednsymal/test.img: No such file or directory
>
>
> I have zero context on what IMA is and know nothing about loop
> devices, so can't really investigate much, sorry...
>

So after some debugging by using the same image as the bpf CI
we noticed the following needs to be done:

* SecurityFS needs to be mounted
* "integrity" should be in CONFIG_LSM
* mkfs.ext2 should be used instead of mkfs.ext4
* The second patch of the series does not work as the image does not have a
   /dev/disk/by-uuid directory.
* The test image does have a blkid command but it ignores the options passed to
   only print the UUID.

I will send the fixes and, for the future, we can:

* Document / script how to run selftests against the CI image
  (and possibly a few other pre-canned images) without need to setup or
  configure things like travis CI for each fork / developer.
* Use this before we send patches so that we can avoid similar
   troubles in the future.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2020-12-02  1:18 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-01 14:39 [PATCH bpf-next 1/2] selftests/bpf: Update ima test helper's losetup commands KP Singh
2020-12-01 14:39 ` [PATCH bpf-next 2/2] selftests/bpf: Update ima test helper's mount uuid logic KP Singh
2020-12-01 19:15 ` [PATCH bpf-next 1/2] selftests/bpf: Update ima test helper's losetup commands Andrii Nakryiko
2020-12-02  1:17   ` KP Singh

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.