proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-07 04:16:13 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

update tests to recognize cgns profile

Browse Source 
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
This commit is contained in:
Serge Hallyn 2016-02-21 21:09:42 -08:00
parent 7a126ae1f2
commit f58236fd70
3 changed files with 23 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/tests/attach.c
View File

@ -23,6 +23,7 @@
#include "lxc/utils.h" #include "lxc/utils.h"
#include "lxc/lsm/lsm.h" #include "lxc/lsm/lsm.h"
#include <sys/types.h>
#include <string.h> #include <string.h>
#include <sys/stat.h> #include <sys/stat.h>
#include <errno.h> #include <errno.h>
@ -39,6 +40,13 @@
static const char *lsm_config_key = NULL; static const char *lsm_config_key = NULL;
static const char *lsm_label = NULL; static const char *lsm_label = NULL;
bool file_exists(const char *f)
{
struct stat statbuf;
return stat(f, &statbuf) == 0;
}
static void test_lsm_detect(void) static void test_lsm_detect(void)
{ {
if (lsm_enabled()) { if (lsm_enabled()) {
@ -48,7 +56,10 @@ static void test_lsm_detect(void)
} }
else if (!strcmp(lsm_name(), "AppArmor")) { else if (!strcmp(lsm_name(), "AppArmor")) {
lsm_config_key = "lxc.aa_profile"; lsm_config_key = "lxc.aa_profile";
lsm_label = "lxc-container-default"; if (file_exists("/proc/self/ns/cgroup"))
lsm_label = "lxc-container-default-cgns";
else
lsm_label = "lxc-container-default";
} }
else { else {
TSTERR("unknown lsm %s enabled, add test code here", lsm_name()); TSTERR("unknown lsm %s enabled, add test code here", lsm_name());

10
src/tests/lxc-test-apparmor-mount
View File

@ -23,6 +23,12 @@
set -e set -e
if [ -f /proc/self/ns/cgroup ]; then
default_profile="lxc-container-default-cgns (enforce)"
else
default_profile="lxc-container-default (enforce)"
fi
FAIL() { FAIL() {
echo -n "Failed " >&2 echo -n "Failed " >&2
echo "$*" >&2 echo "$*" >&2
@ -144,7 +150,7 @@ run_cmd lxc-start -n $cname -d
run_cmd lxc-wait -n $cname -s RUNNING run_cmd lxc-wait -n $cname -s RUNNING
pid=`run_cmd lxc-info -p -H -n $cname` pid=`run_cmd lxc-info -p -H -n $cname`
profile=`cat /proc/$pid/attr/current` profile=`cat /proc/$pid/attr/current`
if [ "x$profile" != "xlxc-container-default (enforce)" ]; then if [ "x$profile" != "x${default_profile}" ]; then
echo "FAIL: confined container was in profile $profile" echo "FAIL: confined container was in profile $profile"
exit 1 exit 1
fi fi
@ -203,7 +209,7 @@ if [ "$pid" = "-1" ]; then
exit 1 exit 1
fi fi
profile=`cat /proc/$pid/attr/current` profile=`cat /proc/$pid/attr/current`
if [ "x$profile" != "xlxc-container-default (enforce)" ]; then if [ "x$profile" != "x${default_profile}" ]; then
echo "FAIL: confined container was in profile $profile" echo "FAIL: confined container was in profile $profile"
exit 1 exit 1
fi fi

4
src/tests/lxc-test-ubuntu
View File

@ -65,7 +65,9 @@ for template in ubuntu ubuntu-cloud; do
# Check apparmor # Check apparmor
lxcpid=`lxc-info -n $name -p -H` lxcpid=`lxc-info -n $name -p -H`
aa=`cat /proc/$lxcpid/attr/current` aa=`cat /proc/$lxcpid/attr/current`
if [ "$aa" != "lxc-container-default-with-nesting (enforce)" -a "$aa" != "lxc-container-default (enforce)" ]; then if [ "$aa" != "lxc-container-default-with-nesting (enforce)" -a \
"$aa" != "lxc-container-default-cgns (enforce)" -a \
"$aa" != "lxc-container-default (enforce)" ]; then
FAIL " to correctly set apparmor profile (profile is \"$aa\")" FAIL " to correctly set apparmor profile (profile is \"$aa\")"
fi fi
lxc-stop -n $name -k lxc-stop -n $name -k