| Message ID | 20201201143924.2908241-1-kpsingh@chromium.org (mailing list archive) |
|---|---|
| State | Changes Requested |
| Delegated to: | BPF |
| Headers | show |
| Series | [bpf-next,1/2] selftests/bpf: Update ima test helper's losetup commands | expand |
| Context | Check | Description |
|---|---|---|
| netdev/cover_letter | success | Link |
| netdev/fixes_present | success | Link |
| netdev/patch_count | success | Link |
| netdev/tree_selection | success | Clearly marked for bpf-next |
| netdev/subject_prefix | success | Link |
| netdev/source_inline | success | Was 0 now: 0 |
| netdev/verify_signedoff | success | Link |
| netdev/module_param | success | Was 0 now: 0 |
| netdev/build_32bit | success | Errors and warnings before: 0 this patch: 0 |
| netdev/kdoc | success | Errors and warnings before: 0 this patch: 0 |
| netdev/verify_fixes | success | Link |
| netdev/checkpatch | success | total: 0 errors, 0 warnings, 0 checks, 28 lines checked |
| netdev/build_allmodconfig_warn | success | Errors and warnings before: 0 this patch: 0 |
| netdev/header_inline | success | Link |
| netdev/stable | success | Stable not CCed |
On Tue, Dec 1, 2020 at 6:39 AM KP Singh <kpsingh@chromium.org> wrote: > > From: KP Singh <kpsingh@google.com> > > Update the commands to use the bare minimum options so that it works > in busybox environments. > > Fixes: 34b82d3ac105 ("bpf: Add a selftest for bpf_ima_inode_hash") > Reported-by: Andrii Nakryiko <andrii@kernel.org> > Signed-off-by: KP Singh <kpsingh@google.com> > --- > tools/testing/selftests/bpf/ima_setup.sh | 9 ++++++--- > 1 file changed, 6 insertions(+), 3 deletions(-) > > diff --git a/tools/testing/selftests/bpf/ima_setup.sh b/tools/testing/selftests/bpf/ima_setup.sh > index 15490ccc5e55..ed29bde26a12 100755 > --- a/tools/testing/selftests/bpf/ima_setup.sh > +++ b/tools/testing/selftests/bpf/ima_setup.sh > @@ -3,6 +3,7 @@ > > set -e > set -u > +set -o pipefail > > IMA_POLICY_FILE="/sys/kernel/security/ima/policy" > TEST_BINARY="/bin/true" > @@ -23,9 +24,10 @@ setup() > > dd if=/dev/zero of="${mount_img}" bs=1M count=10 This, and few more commands in this script, produce a bunch of output directly to stdout and stderr. Can you please silence it? If you need that output for debugging, than you can check verbosity mode in test_progs and pass extra parameters, if necessary. > > - local loop_device="$(losetup --find --show ${mount_img})" > + losetup -f "${mount_img}" This doesn't work :( [root@(none) selftests]# ./ima_setup.sh setup /tmp/ima_measurednsymal + set -e + set -u + set -o pipefail + IMA_POLICY_FILE=/sys/kernel/security/ima/policy + TEST_BINARY=/bin/true + main setup /tmp/ima_measurednsymal + [[ 2 -ne 2 ]] + local action=setup + local tmp_dir=/tmp/ima_measurednsymal + [[ ! -d /tmp/ima_measurednsymal ]] + [[ setup == \s\e\t\u\p ]] + setup /tmp/ima_measurednsymal + local tmp_dir=/tmp/ima_measurednsymal + local mount_img=/tmp/ima_measurednsymal/test.img + local mount_dir=/tmp/ima_measurednsymal/mnt ++ basename /bin/true + local copied_bin_path=/tmp/ima_measurednsymal/mnt/true + mkdir -p /tmp/ima_measurednsymal/mnt + dd if=/dev/zero of=/tmp/ima_measurednsymal/test.img bs=1M count=10 10+0 records in 10+0 records out 10485760 bytes (10.0MB) copied, 0.044713 seconds, 223.6MB/s + losetup -f /tmp/ima_measurednsymal/test.img losetup: /tmp/ima_measurednsymal/test.img: No such file or directory [root@(none) selftests]# ls -la /tmp/ima_measurednsymal/test.img -rw-r--r-- 1 root root 10485760 Dec 1 19:13 /tmp/ima_measurednsymal/test.img [root@(none) selftests]# losetup -f /tmp/ima_measurednsymal/test.img losetup: /tmp/ima_measurednsymal/test.img: No such file or directory I have zero context on what IMA is and know nothing about loop devices, so can't really investigate much, sorry... > + local loop_device=$(losetup -a | grep ${mount_img:?} | cut -d ":" -f1) > > - mkfs.ext4 "${loop_device}" > + mkfs.ext4 "${loop_device:?}" > mount "${loop_device}" "${mount_dir}" > > cp "${TEST_BINARY}" "${mount_dir}" > @@ -38,7 +40,8 @@ cleanup() { > local mount_img="${tmp_dir}/test.img" > local mount_dir="${tmp_dir}/mnt" > > - local loop_devices=$(losetup -j ${mount_img} -O NAME --noheadings) > + local loop_devices=$(losetup -a | grep ${mount_img:?} | cut -d ":" -f1) > + > for loop_dev in "${loop_devices}"; do > losetup -d $loop_dev > done > -- > 2.29.2.454.gaff20da3a2-goog >
On Tue, Dec 1, 2020 at 8:15 PM Andrii Nakryiko <andrii.nakryiko@gmail.com> wrote: > > On Tue, Dec 1, 2020 at 6:39 AM KP Singh <kpsingh@chromium.org> wrote: > > > > From: KP Singh <kpsingh@google.com> > > > > Update the commands to use the bare minimum options so that it works > > in busybox environments. > > > > Fixes: 34b82d3ac105 ("bpf: Add a selftest for bpf_ima_inode_hash") > > Reported-by: Andrii Nakryiko <andrii@kernel.org> > > Signed-off-by: KP Singh <kpsingh@google.com> > > --- > > tools/testing/selftests/bpf/ima_setup.sh | 9 ++++++--- > > 1 file changed, 6 insertions(+), 3 deletions(-) > > > > diff --git a/tools/testing/selftests/bpf/ima_setup.sh b/tools/testing/selftests/bpf/ima_setup.sh > > index 15490ccc5e55..ed29bde26a12 100755 > > --- a/tools/testing/selftests/bpf/ima_setup.sh > > +++ b/tools/testing/selftests/bpf/ima_setup.sh > > @@ -3,6 +3,7 @@ > > > > set -e > > set -u > > +set -o pipefail > > > > IMA_POLICY_FILE="/sys/kernel/security/ima/policy" > > TEST_BINARY="/bin/true" > > @@ -23,9 +24,10 @@ setup() > > > > dd if=/dev/zero of="${mount_img}" bs=1M count=10 > > This, and few more commands in this script, produce a bunch of output > directly to stdout and stderr. Can you please silence it? If you need > that output for debugging, than you can check verbosity mode in > test_progs and pass extra parameters, if necessary. > > > > > > - local loop_device="$(losetup --find --show ${mount_img})" > > + losetup -f "${mount_img}" > > This doesn't work :( > > [root@(none) selftests]# ./ima_setup.sh setup /tmp/ima_measurednsymal > + set -e > + set -u > + set -o pipefail > + IMA_POLICY_FILE=/sys/kernel/security/ima/policy > + TEST_BINARY=/bin/true > + main setup /tmp/ima_measurednsymal > + [[ 2 -ne 2 ]] > + local action=setup > + local tmp_dir=/tmp/ima_measurednsymal > + [[ ! -d /tmp/ima_measurednsymal ]] > + [[ setup == \s\e\t\u\p ]] > + setup /tmp/ima_measurednsymal > + local tmp_dir=/tmp/ima_measurednsymal > + local mount_img=/tmp/ima_measurednsymal/test.img > + local mount_dir=/tmp/ima_measurednsymal/mnt > ++ basename /bin/true > + local copied_bin_path=/tmp/ima_measurednsymal/mnt/true > + mkdir -p /tmp/ima_measurednsymal/mnt > + dd if=/dev/zero of=/tmp/ima_measurednsymal/test.img bs=1M count=10 > 10+0 records in > 10+0 records out > 10485760 bytes (10.0MB) copied, 0.044713 seconds, 223.6MB/s > + losetup -f /tmp/ima_measurednsymal/test.img > losetup: /tmp/ima_measurednsymal/test.img: No such file or directory > [root@(none) selftests]# ls -la /tmp/ima_measurednsymal/test.img > -rw-r--r-- 1 root root 10485760 Dec 1 19:13 > /tmp/ima_measurednsymal/test.img > [root@(none) selftests]# losetup -f /tmp/ima_measurednsymal/test.img > losetup: /tmp/ima_measurednsymal/test.img: No such file or directory > > > I have zero context on what IMA is and know nothing about loop > devices, so can't really investigate much, sorry... > So after some debugging by using the same image as the bpf CI we noticed the following needs to be done: * SecurityFS needs to be mounted * "integrity" should be in CONFIG_LSM * mkfs.ext2 should be used instead of mkfs.ext4 * The second patch of the series does not work as the image does not have a /dev/disk/by-uuid directory. * The test image does have a blkid command but it ignores the options passed to only print the UUID. I will send the fixes and, for the future, we can: * Document / script how to run selftests against the CI image (and possibly a few other pre-canned images) without need to setup or configure things like travis CI for each fork / developer. * Use this before we send patches so that we can avoid similar troubles in the future.
diff --git a/tools/testing/selftests/bpf/ima_setup.sh b/tools/testing/selftests/bpf/ima_setup.sh index 15490ccc5e55..ed29bde26a12 100755 --- a/tools/testing/selftests/bpf/ima_setup.sh +++ b/tools/testing/selftests/bpf/ima_setup.sh @@ -3,6 +3,7 @@ set -e set -u +set -o pipefail IMA_POLICY_FILE="/sys/kernel/security/ima/policy" TEST_BINARY="/bin/true" @@ -23,9 +24,10 @@ setup() dd if=/dev/zero of="${mount_img}" bs=1M count=10 - local loop_device="$(losetup --find --show ${mount_img})" + losetup -f "${mount_img}" + local loop_device=$(losetup -a | grep ${mount_img:?} | cut -d ":" -f1) - mkfs.ext4 "${loop_device}" + mkfs.ext4 "${loop_device:?}" mount "${loop_device}" "${mount_dir}" cp "${TEST_BINARY}" "${mount_dir}" @@ -38,7 +40,8 @@ cleanup() { local mount_img="${tmp_dir}/test.img" local mount_dir="${tmp_dir}/mnt" - local loop_devices=$(losetup -j ${mount_img} -O NAME --noheadings) + local loop_devices=$(losetup -a | grep ${mount_img:?} | cut -d ":" -f1) + for loop_dev in "${loop_devices}"; do losetup -d $loop_dev done