From 47f425708ebee1961f64d4c15813a01848ca9515 Mon Sep 17 00:00:00 2001 From: Martin Cermak Date: Tue, 16 Nov 2021 19:43:53 +0100 Subject: [PATCH] CI Gating: Add tests for debuginfod and yama --- tests/Sanity/elfutils-debuginfod/body.sh | 81 +++++++++++++ tests/Sanity/elfutils-debuginfod/main.fmf | 14 +++ tests/Sanity/elfutils-debuginfod/runtest.sh | 54 +++++++++ .../sshpass-debuginfo-1.09-2.fc35.x86_64.rpm | Bin 0 -> 22784 bytes tests/Sanity/yama-scope/main.fmf | 16 +++ tests/Sanity/yama-scope/ptrace-scope-test.sh | 8 ++ tests/Sanity/yama-scope/runtest.sh | 108 ++++++++++++++++++ 7 files changed, 281 insertions(+) create mode 100755 tests/Sanity/elfutils-debuginfod/body.sh create mode 100644 tests/Sanity/elfutils-debuginfod/main.fmf create mode 100755 tests/Sanity/elfutils-debuginfod/runtest.sh create mode 100644 tests/Sanity/elfutils-debuginfod/sshpass-debuginfo-1.09-2.fc35.x86_64.rpm create mode 100644 tests/Sanity/yama-scope/main.fmf create mode 100644 tests/Sanity/yama-scope/ptrace-scope-test.sh create mode 100755 tests/Sanity/yama-scope/runtest.sh diff --git a/tests/Sanity/elfutils-debuginfod/body.sh b/tests/Sanity/elfutils-debuginfod/body.sh new file mode 100755 index 0000000..1f93014 --- /dev/null +++ b/tests/Sanity/elfutils-debuginfod/body.sh @@ -0,0 +1,81 @@ +#!/bin/bash + +set -xeo pipefail + + +export DEBUGINFOD_VERBOSE=1 +export DEBUGINFOD_CACHE_PATH=$HOME/.debuginfod_client_cache/ + +# Initial cleanup +systemctl stop debuginfod +rm -rf ~/.cache/debuginfod_client +rm -rf /usr/src/my_extra_rpms $DEBUGINFOD_CACHE_PATH +mkdir $DEBUGINFOD_CACHE_PATH +journalctl -g debuginfod -f & +logger=$! + +# Set up a delay. A delay of 3 worked for me reliably for manual testing. +DELAY=120 + +# Clean up after possible previous failed (=> unfinished) run of this testcase +rm -rf /usr/src/my_extra_rpms $HOME/.debuginfod_client_cache + +# Check the config file is there +cat /etc/sysconfig/debuginfod + +# Make sure the config file doesn't contain unwanted relicts +# from possible previous failed run of this testcase +fgrep DEBUGINFOD_PATHS /etc/sysconfig/debuginfod | (! fgrep /usr/src/my_extra_rpms) + +# Add some directory to the DEBUGINFOD_PATH and configure it +# within /etc/sysconfig/debuginfod +mkdir -p /usr/src/my_extra_rpms +sed -i 's/DEBUGINFOD_PATHS="[^"]*/\0\ \/usr\/src\/my_extra_rpms/' /etc/sysconfig/debuginfod +fgrep DEBUGINFOD_PATHS /etc/sysconfig/debuginfod | fgrep /usr/src/my_extra_rpms + +# Note the DEBUGINFOD_PORT in the sysconfig file +# and use it to export the server URL for the client to use +source /etc/sysconfig/debuginfod +export DEBUGINFOD_URLS="localhost:$DEBUGINFOD_PORT" + +# Get the build-id from some installed binary and make sure +# it isn't found +buildid=$(eu-unstrip -n -e /usr/bin/true | cut -f2 -d\ | cut -f1 -d@) +! debuginfod-find executable $buildid + +# Start the service +systemctl start debuginfod + +# Give it some time to index +sleep $DELAY + +# Now the binary should be found +debuginfod-find executable $buildid + +# Take a small debuginfo rpm and make sure you know the buildid of +# some .debug file in to the directory you created and added to +# the DEBUGINFO_PATH in the config file. +cp sshpass-debuginfo-1.09-2.fc35.x86_64.rpm /usr/src/my_extra_rpms + +# Make sure the denuginfo can't be found yet +# Related: +# - https://bugzilla.redhat.com/show_bug.cgi?id=2023454 +# - https://sourceware.org/bugzilla/show_bug.cgi?id=28240 +! debuginfod-find debuginfo 73952ed43c6edc82cc92186a581ec27f009c529c +echo 0 > $DEBUGINFOD_CACHE_PATH/cache_miss_s + +# Tell debuginfod to start indexing immediately +debuginfod_pid=$(systemctl status debuginfod | fgrep PID | grep -Po '\d+') +kill -SIGUSR1 $debuginfod_pid + +# Give it some time to index +sleep $DELAY + +# Try to find the debug file with the known buildid +debuginfod-find debuginfo 73952ed43c6edc82cc92186a581ec27f009c529c + +# Clean up +rm -rf /usr/src/my_extra_rpms $HOME/.debuginfod_client_cache + +# Kill the logger +kill $logger diff --git a/tests/Sanity/elfutils-debuginfod/main.fmf b/tests/Sanity/elfutils-debuginfod/main.fmf new file mode 100644 index 0000000..dcdc35d --- /dev/null +++ b/tests/Sanity/elfutils-debuginfod/main.fmf @@ -0,0 +1,14 @@ +summary: elfutils-debuginfod +description: '' +contact: Martin Cermak +component: +- elfutils +test: ./runtest.sh +framework: beakerlib +recommend: +- elfutils +- elfutils-debuginfod +- elfutils-debuginfod-client +duration: 48h +extra-summary: /tools/elfutils/Sanity/elfutils-debuginfod +extra-task: /tools/elfutils/Sanity/elfutils-debuginfod diff --git a/tests/Sanity/elfutils-debuginfod/runtest.sh b/tests/Sanity/elfutils-debuginfod/runtest.sh new file mode 100755 index 0000000..1ae097e --- /dev/null +++ b/tests/Sanity/elfutils-debuginfod/runtest.sh @@ -0,0 +1,54 @@ +#!/bin/bash +# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /tools/elfutils/Sanity/elfutils-debuginfod +# Description: elfutils-debuginfod +# Author: Martin Cermak +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2019 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="elfutils" + +rlJournalStart + rlPhaseStartSetup + for p in elfutils-debuginfod elfutils-debuginfod-client; do + rlAssertRpm $p + done + rlRun "TMPD=$(mktemp -d)" + rlRun "cp body.sh sshpass-debuginfo-1.09-2.fc35.x86_64.rpm $TMPD" + rlRun "pushd $TMPD" + rlFileBackup /etc/sysconfig/debuginfod + rlPhaseEnd + + rlPhaseStartTest + rlRun "./body.sh" + rlPhaseEnd + + rlPhaseStartCleanup + rlFileRestore + rlRun "popd" + rlRun "rm -r $TMPD" + rlPhaseEnd +rlJournalPrintText +rlJournalEnd diff --git a/tests/Sanity/elfutils-debuginfod/sshpass-debuginfo-1.09-2.fc35.x86_64.rpm b/tests/Sanity/elfutils-debuginfod/sshpass-debuginfo-1.09-2.fc35.x86_64.rpm new file mode 100644 index 0000000000000000000000000000000000000000..3ae7fe178f204bc0f85d053bd3d155fb0460a914 GIT binary patch literal 22784 zcmeIYbzEFclQulKYw#e01eXB@3-0c&VHgGp8rgukpu5-G&rp`Hh@pTae06&o2-R)c4U}I1(c-^8kN{}^vC-4o9i+QD3;=+z1%537FNo_hI3MF3zyC>SarBq#t8vVvNH ztiS?%B32MSurRLxgwI-7SlC+F8e(H5U=88}fx&_hVO|*6M#xGCCIS|=;TPhA4+sD# z+Uc&(62)FPmX=8DGyS@L%K-pXZ~SKcefrx1e_P;h3;bIuC z_&c1!`A9%GMT~z8r*J+J(;Ys!!~A#n><-J^;h%R{=?)|0!u3Hiyu(*_eEU0meTQT3 z@XZ}g`h!ssx+3(+hEup*P!YPqQ(H(KcNj5O1RlA=*l>zyKYxdD{!k=@9*F+9e<-rl z9Y*A-;O&ve?l8e0ij1%$qCMiCz$psC-Uy7Ka2-&@;1q5jR8lyF_eU|h6j^FWzq9X1SLf*(7ruu_Xx$ZD4oWkX!s=+BjzVKbW8JxnO6I2m6Md*Q$kH8QA zU^Il?5m*sU;rd`y{;5Y*y2B%PSosgd*tx?-cl;wbMd)jM$4A^J1V)Stmxn3!rykY( z55=^+!xncK(I26=)gOxG1g8l7t^Z)`r8^9}!>f1L<_>S&VaGeXdxt&X6h1x?`*FMDg4JMeeL_rL1Pjs34f zz=e6b!)!bqf!=m7XSf_Mn4^oUy|XP4;_B*X5B;r(JJ7=p;(=%gzp!`5{!1sgdUw6x zn!^*$w!hhbX~zwpwB@DL7b{PDM{6%9E+1h*E?yySdx$lB!Z2$WHwaw)$1tb|w~L!C zye$CmyiwtIJy7cp1MnZ9qL!K$-+!!>`=hcG%-MtI_xu2M9v-d_d3f$D#_jIn=>~2#5Yt=igF1-Q9Q`?X7rzKRP@JWM%LCm(l+D#R2ypOL6~h zcsH3pgb+^tx%?Z`&Bet7@c;1i*UI^)_Zi&oZcuJFS0?~`&;7q1zx75eE7re^#`d4A z#J@)Px7LW~RS?XEa1_}8T;OBE?ZztW;^gWEb9aYXE7&{2G$2kecQ(Ks4^bm$Zwqtx z__sPOh_9myJhzlp9Pq#&sJT>%duO054DOX2fMQP2-xpGD zFl)F^;D)+5{i7`}K+oRE2`DpAW({)#ig{Q;VDO87Z7IaX_urN(1fT5xVghiF1Nz_f z7x~|H7Y1+vb>NQO-qGW?J4g5?cer!<7mM?F+dJ6v{F&+_et}2o@E3WH{`9o|BLi{s zJY0azFmIrztGkCA4B`azg1NcFcM5m|eK;3>gAgaEn~OU(7x1s4tX-h)|LSmgV9s3n zx;%eeIs94Rvh{@TByiUVbLU}vdJh>*h_ zUIX)i!dww?797~Z|J`6v7dLAzTPT#v-P_&+Y6p+2xLoaBVL&cJ_+o&cVQy|NZsLF9 zGcI=+)YHx0!xvuf%E=}7NI_FaPg%kEk*=n`j;y>meE2{0ifYO-vPMRaq;+-W;Vm>Z zbb(y%t}v*(_&>}7-!*vt_|rSWWe0JyhB?Emxu8&9xT@|R@FY&gJRsZSQQ& z>(7k1en(qew$6xH z{(pM>wGRL4hiq*Rze{inzyo`EH3gs`n9IuE1E{7e19XR*3}y}db9*^~e>QKtZTr=3AFZghB(0kTSrGr+`*=kSeI7MLj0xoD=Hmu&0^v`S-JcNs5h4!Z1UkET0O9x0-qjUm{ny<7 zClq0qe;itWt}y@d_wZQU??3VPfBk^?cY)5I*qHUNQ0Jf4@^7J-0w9PGgdb!hYy*YC ztgWs2`JqBkE0_>3h~HX(PZ(ki<`obESy>AThzLV?1;BiQV5p!V1R`t$wz1+9`D=2R zB7(vKLJ+W(l?V(5vH^klAYcKIptT4T3jeA@5GDc_2LB8L2LH;#3dUi$TX!o; z`C_-TdIZf(W%`E+1}{RCO2(Nnv-4eh`SIWq9Hg**4%{&eYBIZHyEoc&>=-0B$r20k zg>QJiWCjqc3VxC+Z%6%(T7xQDsC(hAR*Tg`CQFiG6^(h7h%U%7(BJ8yod*6jgtP~C zF%Hrnicc#R6tC(B>YM8d2k(W@VgJZQBX%D1)4R7=)T*!={fa;iCI5P^@ig%lkunAj z*Lf+Brq&`dLQ**ktn96nTzx)E)^mTZtuHO_RuAQHno(y#;|v|FMsub(39VOG=4`~q zOvRQtulS|;(PBV+1tT99ywY$be9uVYvEj|D=zHq<4Ts!wG3~4n!IkyNW#R~0? z#^D>6P|y6?wRz$BjPDuOl3~6nnE5H#uJ5osi&oGQNI5jAmBUzCy&Q6v8$2iisR<#wqi8ha`0tGC;9Del1%xB1MIE19=q zz+mriqnS%h>YKC)l#1#t$vGm*E+|?7rjD$utY_O%k!`+43!@d))v6@+ZOY~4Vt`KH zqI|=#Sa&8cLXyZmSTA`rs@AFLb=pOd;?2GBh}^E-D7$XmRJz!CiJqHh61UB}l2uW{ zNk+fu#hYYJkjSZLNGvN?TcpCl+eDmBK9N6$g@VS`)vwk0dzEeD_o7N>UWxeK5HYMY zEVVKm@mM)@&0Ypuy^n<8Q5(q@DVmJUYmYqA#QtjSV%|D&o zpkE%mFsE}1#<->JD)^--o35K!i$?$ypWP8WSFdt={i#2SNPo9?Hao6d>N)Q{I!WHx z%Vm^DbCwt;rkm)ORIe5LPc;sz`*V?LO5A?HGdg6iIjKp4` zS=L_=!CZP_&II4C2kl`MFH{!?iDk#_%I9Y-Qy$)VS;sPvnye`EcH$>sG8VgxP z^$6YfA%c!ZeTZMatr!eg3(^AdKF^*v&dDOr7G-AskP+-CSio*yjg4mXRaHvITsLvB zwCKi`52^LQZ<(ho@qzcA9fQgqg{Mcnjt=*1s>6FJ6p(X|zn-I3r%4V2H&6!O$|#M| z>wUQqfPX2sVDPH5--UJ<1$2DBNYGEwA^(e?C%7k5bV>MI*jszOg5U)|?jf-+&^ExB zQrOl=P@9xcZ}fY*ewqASp{uK;pk1|YL-pzKQ;yxvxb@z}0A3WpW7hI=6%TDsWqtjE zVm|FMzUcuu{S>QMwtDODn2`+CtY|Qs5AtL-HZ~->H>_S6#q1DHvRnTW;mjkMCu=*A z>DBDhuu_%1nEugyqs`Mu@T!3PX{1=D6r`;5I9G-Fc~_-`XaBjt>GOyS>{78yZLpU* z&24zWwNwygFl#u)=-5QUP$eT@+@2!eyNEe*oj7)tJvlv2gU_XWA*%glr;L%8)4;ex zl$qH#08F`Cwa_z?9lxEV>eli!(!=WxwiZvRJwYz++Y0<4=kPg8SHByUg0)X<&z<>O ze|Y0cE&Y07=`>ut#g8?smyAv=Lv%V2b?q;z#j0r2$RGqP#ihn(vM zYMQmh?AH|nao=23ZmW|^Gn0|J)U_R0pL>(QHUg?8zfz*N7@EcTcktt_jTKc~pVSAM zfC;z0D7%rGv7Rqc67TJ@VMUVMzqiJ1ypd@xGniiYi5QueiO;cfBNa_Ls#ESwzjH)l z23tWQ<&!LPh}_cVr}?D1MmpFCJ$KVkGPie44UYX8>4qccSPkcxDrF{ASz&8tB$ll= z)5c1b{MP^;v79pMJDPj$1DWrr8SP#QIVZS|c120y5y>))r*o%b*_Sghco}$YMS@M; zBJ)EtJOkOH6EdcOrrar(FsLdYEGLWdcvN7&f3*uXLMJmZxWrTTDMz%;qxapLn2r&w zuC~Es>2zfwtj#WG=TGumL9w1#M0{JD3IJ&%R3%n0A8QK_YYP(z!N*paFwdM-;ggO6 zq9Y`xY@E+yxW;Fv?>A>+v;{Lg5`iqP=JZgQ^2Zw795wdd%%$9@uiWEr`jB78}&Y(55lyXLkGDbd=2dYSZ{i@%> z@m>ULYv-aElTe2Anj#Okk-XN_n&a!5d=e_4Z#$X9QE#B-T2WRb12fYVeoj8PKa%^M(o4RWiLFzSote4&L2u`V zijC>Y%i@yfe4?%N9ubzOxG(VJ#B+FOb0xo_%IH`3O<;dFIJ&wrpgC;`Lo$)Lm;H=g zoyg>Jd_!66SCZXM8I^0c`@k{JwXs z@3FwfFH4hr6qCdehW~S4&%MHS(j}(3?s4)%t?`O4OM%#lgv<&d(gSjk*D)eQFE9;0 zFyF6HoKk4f9%o)Fur|-h)+^)I>*}34kL7l*8XSGVABv{GU{*^*#_iw%n$aa0-lj6= zG7MwG@Ef-3PcoY7ps^;xe~lFHX*=<3X@O7h#~7&Ejg|9EK^cFO?9-D6fGAJ;m1o;l zXtcu|1U0N~{b3ooA@`%=GS<&ln!I`62=y0foN>gU0#W^|=#Cp~A>oT5A_p9V%~9f5 zU#Y?NvQA&|pqwicu5Z?!%mP1EOhT$ZH@)^mLOxUE<)&mmv!#z1!gH@+K66PT9ZZs% z*A&1XWU&n)Fn8-c5AAe7GChz7m^*xY7yJwGgF3HB zu0gXKzq?71po)$rg!!Bw)##-5a3iU)p>yKh?EcS5&iNvtVlUH6jPyD>mZ9Mk%g0EI z50Cup4sLfZE?W9UWcUeqQC4=))_SO~vtLq1lb3$pj(0&VGs@t*UD}`}cga1J%dcvuDr_gX zlWMmo(c`bGb8c@!15+k2Vm_DHw-Gg3tGRRRo`-!H?C+_gtO=pKIst^K31Q4$PgAGf zpsSa;6A)=8#{Q`AO#N)=#f(ko=q?iai?GBsckJHFN8-ee$Mk<8g9_{&5N*Y)x^w|%GWhSX+Vr#(iy-Y34Q9EdKEXSBG zG$~Va{^pk&ND*URgu>l5r2HQADc)27zr;sCMSgyM9(A5!MbxF})5i~fl6|;;d2L&` zGM$tbmU_dlI`!;jSMkAv^OBEj?HkwA`Yd3Z3YMMlv|c~Cz1U?UPo%(2#RpS3$ALeo z^f|hjis^(DlnQ2OvdIAJWrFtHjmC&^z~DJ#-r3=M7DnJBi>w|qUVcaw}!znJA~ z32W5rQdQLdxWK$z$MSHAI(Y$#`|L>e>YcUiMBZZgCCz44E3GR(9={6Q_z z1LJS`eAr?uICGH$&^<>xcsn_NcF=8)?i5Yt2WO0L7m=lW4|Yx-mxPU87n%MFu4Y~r zlPdDj+}6>Jd&m1Y+3$PqL69RXA{EJoK7p0O(%~*EVckW`d89LDgQj2^7p2MuI)cq8jR$ODarx{xXWbV^}NxwZPJhRb(74{SWvj?X|YnldoY@m^p>pMrK< zd(KRCvCdJ|Hek0`92SgtEVL9+m zcnz?>ze>ePbkg)kC~)LzJu9-Ihu&KyXy4N!C}P0NubMRlBT;g~SGWjud_Kf{L*1Ggu=8D?E>* zMO=7DERkmp7J_>d6N3USF>MB;)N zU}tjTYp_ACrlc?o<1DUQSfB9lgbU9Ph(8lX?yjPUc;rmxSef1S21hvFf9fTZE-6c( z;seVO(n>k|6#}Ax$0UQMcypYAlvbPE1#jx6TdH@(v#%uT9?-KU+gh z2(F`)Tu{@~O@bYagCgE*0Z=y@Te-2+m<@h}G1g;P>nNoEs&$k-BF7=t>y}D=YyP!{ zA7;xg8cB<Ghn}z zO&hG_l^4xQp4h2DtJumU$Za;X#h6QY)~qw07)2QdD^5H!M*E`ojxJOeT^Yw;jeK-C*MP*N$?TNSpXStS?=BHi93*J}$yN?p(p4U5IC{sUR zE_WU1t*usFZhSA7=z{pU&0*Gqr7%yX-6IdRv% z+p&jr9=jJmb1!vYR!iyJro|v_1ZEL`JdMWxew20GTW332Z$4;~P%;z8z~6vx=+PK_ zPquf8Ztk1bdC>?!rDY9LIDhoGV{K@KZg84Ii|D*vn!2}0a^B$)VRT9|kwx&!va?@) zQmq>MS^D?SOe(H7>4|ca8cjWKFY^5js%BP+=*jA0ZXBNG-&*4ENLQas%AHjNo|ET_ zSJ|FmoaI8_Ps`N-pDwMbF77A`XtO+*dioUg2?O;j2OGCJL#nsK{QYu@tl5u7UFUjy z^LDotKXQOt5~i}BeHdM|q?hYtd#{bN>D0Iy97jkRvGZ~J&;U6&UG*D~VihCe=Yvo4 z-}N(ssfMvQqjD=5i67*Z+EmH#^E2i$DPu6A(aQ-_jaM%?q0G)PP_nKi@J10q<>ai9 zQ>5fbNSKuQsJBb@l$lZLue*KK8cd=RNqO-=XpDOmj=%V?Jx33cf4y;uJ4z-@86He& zS4bg#Oll_#Ycp~bD|j`Ke`Xw)LQ;IZa%|6vU;jl*k|cTEr0SXk9(72A#uLQCxZp3} zY+aw&6={|4L}u2pB{(ae6;S((U`TWYA{nf5>`YE*b$_d_dwx=c%Jp-&jbtw{%4_|V zL{^=KH0nS{(-cR^1|=tl%q+A0bencBvTrp-TzpsW8!O>XpOEDjNQ&fWrnuXfR}p-fMt{*$cAI%evrdVDMI>W`7f z*KVq2MzKbC3~s}G9QU6!nUpOR-TEN4oTT4YPDSh?_fdv1*4Av*@)f%3rn(f9hD&}e zJdcbc7}V3F{c-gbyTWK$ZLEZ0zt`&_Sw7RZ5Y`WCam`*375CC&7k)1>j@VW1Cayzy z5%TzTF#3hYjgnOx=v|+i@JXaeMQ2Xp@inBElpw z>^>?)ABnlz@vzn}~YuFRWnnJFl>5e+I4OU)0w%y0D=i@8wZPJ-l+of^% zlH_%WFDm8L8(@URRX@(}QvyL&LLo+@NwnA9y;t_01gD5-zTA$ryzIa$DT0j)ST0rN@2JE)%lK*wYVApe1& zYkYdx^5`iTWAJOGvkq2ht<+;Z%INxAN)6dij7;~>(lv4RjQM54V_{0&)Vxw8d!TEO zVpy0P`&jYz!-(_>o`P}#LsZPpCDId0!ngTh@8+xZ>((cw_Vyk<&-&Wdc7|bd{C7sD;ciuQ?eY(tda1eA-$`ZBB&6Un)O-HK4(8({T^fqo>`zm z8!qjpIR?B}b!X7O$nm{((f7iR$Iq_s{1w5i9}v-dW3uzbjJvo47>#YtR#nPO_b|{l zJ!YRvyQIGAl(Xzb=0ocFtb9z|y&*|`k=VP#hdT4p)B2GX{bIF`+Vc|Y!u(PRNao0`F*RK0V z*5z}DVNcLdx=z}^FY8&fx$~yJKbzY{a-}%1lODikao>9J1T>(%N2CULa)Vn1UWb7?DSrl#& z$@JI3td8E?ZyWhuyhHc>P+?J(kj{>gv4bqNoPTPxy=(>rwFa2n@If2iPMnkA~A5R1rT(Lt~9u{bdcUp&_NRIRlj<6w(^-S~0?*T0U|VzUlVm2at+0noU9}11B7K z;vtDiBku58B}bi$)UW-T>xx2KVn>(8Eba@W|XpqwvsWRIm;7YmDUGEE+oExjdd|(M!-WsobPEx5Z)MX6X#X_62{7{YQ zh;0zCaeC=>Y!-1JNRt(G?;(0J~GsKP6*Lv+TGbY(%yTeD{c6=eg#$DI;Z z$H?YSe(W8eL>9&Vw4%LDi$oWC5TKE=LC_>J@4`yuYe_lZQ1APN<>2|i6q@Bg=(7=|f%H^jnBs3n^oY-er*hQ)ptuOE%CQA#yEPuWH zm?Vtam`Afn$u?H0%T>#kOaW3K{UlK<0c$KsG~t7Ab)~&sAF{p9*z-AR=_lzkrZnG9 zne)p@Wglv!a}b!ujoQ5tSxdq5w9VJAK691Ab{0lAWf0?k?d!O#Hkl&WjJ#ZPIH}~A z$!bLFuA|upu(^45o9i7IyA}!QX9>VNh8jGXf@UzCqEck-mCSv%`GGP!bD<>G4h1-0 z`cSqPNUKp`h1uCD?h}w&(7z4>We#+eMokQ>@KNeTN|R(4bwBeTk(LkNA0I}oAnug# z@2&hC%_e5X5TPZ)6Hu%hA!Fw!9Pz#eFG1yS#-ypi*!ydRbiV@bZZW&C)Tdgyrqu0w z`yDeZ6ihR&46s;YHkN`ZDO%cw8Ou(+fPE|v&c<_sFbE3&02k9Ch1I(_8 z7DV6IGSO6z*B+>`<-}LM7*JxWB-=UiS`8pnQhKHUAo)4bG#Rlw5%1k{^2Lo_Gqti3 z?W|>Fy4mu%1g+Kd;L|2oR<1B^qYgZ?N39^Q#HXJAg@Ru)oXJSvcLSi@xex@~-UfrDIovda%j|#`1pG zlA9Oy{MhZ}C(KM6)3$%4zb+~Mvvk+^hfAaRP+7j5Pa^cZcILs`+@{iZ1p`)>(8%3c z|BCmC)5DVs`llTl=Q155$e~ty{?!l;Ufifj60-1Hs3GJ+FLF^=<*K6dh5ZZc)$q>f zbpZ@Cg=pJ(>~7~P6(rro7jlghK_7@~YfziICeS>v^2NEiUdZ|`uLX1PT4*;AMB6r) zM`QHJt@xUV6@HzA9QqlXzZ}?mQT^=~ip=UBY`38+^{9NJdii~NYRz)a(Ei@85ARjH zDXY_W*GsbXmFLBr0ao9C_OKrfcWvvR4}wk)XO#IxATgxzF>w<34td$jDO~=n{<3FJAH#s+v;bLHyQ=om-^^pO z8uZ<9sk{#dIuDygiSIf0j6CwCNSri;1#_|E*4erSn*XR8ZQ40$>37-B%Aq(!dFmK@V9rgZ<5=wzVV%KdhufvH#~@!@+ke3y|()T1S^yTPY`g)FofePPJx~&SC4Q%Xjc3@6mj`=6{ z1ka@e=>!r&qUDH(5O0q8qh5}aDX&j$#B%PIIK2I_IWY4@AFk1H^&>dX|Hp#EvdDxtG+Fet+$+ay_g!S>Sf4l<48-pr)$(`9w~V` z#QWU-sLEcddo5uJKxRHm+VO_x@kS*{+kBl}!i~mhyTSLCOs!oXF)ns)+Luj(4lttl z9wy^%+V@|vl{3lSW09{8Jf_}x+aQr8cP~mX5O?U{94}QC3pkk-8A|>=1S_ zcUHfx@_5@Tqc|Nw^bqqf?5wobr}(uQ676I*L%j$zN^Pq& zH2ZM!kca;*_6CaUq>6ac$-5;49DSrM*-EAaoQh9^v zjLhj<9oOW-5aKJ>L%-TPJ_N9Jk{3cxB1ULuiRLxqv_&MV}<@}|j!RVL!FBQY+mk+b<`RZ}J zogF`TKfEiT(n4)r!mHanf9shefBN#OUh3()&C&$v5Jxn=jnDfAH&ibr(?4g&g$u=oA-Qkzr0(Zta6|ZD1MjrYm!2#Es6eY=a{E` zxA9BQgW*H|dr@yl{hFv>^QFfh1uTc()7&ODyM1x?`k7r5)8)hTpYz;F6UA>Dex)v^ zgT4gbMkgQ0Sp@CN+erkOZ~0_joLq;!K2u+Qaro}@Hcne56?x$P{ozXA6K7YN(ycE= zT9vuZ*;IMuzp@{c)?5_U&QHE1Y!~HwK$cfd)m`gb;!8(GFl2cmNhUuqLmCyxGG~77 zxC}{FN}+be)JuC@z7;JjUFB+apba_IsQHY)x2vXErR(i!UG075VWyO9S74~C*ix68 zzpZanj! zw)l8=x$afD*)4erj33)DqcZ68xHf%arA!N1kCxO zjq9`0k47tGo{NlRs;JMO$efjs*Z9$bAKRyH3K!ls#t|idJ14SqSx3f@@B&Z>->+r1 z?k!1=RH)#a=-C`{G1Cei#AkCX_D~2*B2Am}O=Rf>!ZWtb8FKQIgo#S2Op*BRKY&bp z#P1^HYY4Yd(wg6bv{3Y@(IBzBgA`UEET()cd8SyVSSpmlYJl?l5eFiqfCX;YhOL(# zDXt#RTp!=Yz>U`TEK;NX?>7kpq!m<&{uMqAsU$*R{33sYanLKnu-m;%jk__a1>M^jw7-BjOf4YEO3VACJTXd&dFc`T!DLB2 zNxn;AuxUniVSPXueOA%_SZLRST~z8_bO>0`8{orY!-RV}>-r5(?$i28R5qRe!Q-aa z)|V8#L&XHy*x_9d^L^#W$pJeB(@otv4==@*$3}u%B{d&-_RoHlqgk$hcUiEROO?64 z`06uiOzUXVSSC%`hfWju(ByZOYb7BhT)Fkyby4OcqDCpYFUpO-k7A2ypYZtmwW~q} ziyY>%%p3fbZM}3qDd3%RzBaZUsNSy88%^Z)69wTw7R6t7Vv@|mUP;fA6wp0YZG~7* zzRrf7kC>YR-|}Hj<5)dSsNmPk=?%uhirDV6nLA>pdwOrW#INj<&vX+NS`l)8ci2i! z?YJ%lStiM8-_1CRZF{5e;`Ayue2cJ>y9s)ZD~W8O(9n!Ln@e;>ye3R@9?-<^_=Gq& z?&ZO|roKZ~nn&>OUKr)x?@bx0xA+R>C~(IZ(#}16@+Cg)W92}ySxPLW{?<>OTOf$Gz zw)2+$@i*0I0dASF?0)up3_|T&Su0O=Sd0tud?mTXGv|@}7E(Qs%i3~cJ8I8+%6s49 zXL)C8V_PlEx#6IC0-}3fB>obAYV0HF`|O>q{khW;w$U5<*qEzzp~}W7n!>0Y_6=`0 ziY%WGl_;;f+xSzn351s4w&_T}hmhN*`%&?-*--h#elSg^R-6pJ@6p*a62NtCvoGHT zc65lIA#Cv&Axn5Pymn;ODQf&Osb}En0xl9=;dm%B4rWBEBSlek9i6= zeGZ=fYBU%JfyHYOCKSdqVV6ev<8L?gd3lb#J@cace!5-fOHEN{rqFFAfcw zOj)r^^fW)!ZfbniQ-9z_A}gOYGgGx#rV%1sMTGZ~7mJ_ed;hQ=>yHFznDld=4S=>u zj+K_|;)gfi?o*C79$TC%n==V$x_mvB5F$kVYNPM@CFz;@V(np^Y;*Ejdo1BevDkbi z*E>lr+%=v2d6cCN&5^{uT5rl%%0Y(tjKvWr5=1m)Ejy(RUvtG=g_)=ctEGe~{pc3U z>|VucN{>N5u@`9LXRi|WR-h*;6_9r|9B5jF<;D-5 zsK^Ml0kBHLn5f9;9n@Am23Bx~09gbI=c|2pgwFFH{7D+U#=}i*gAdv=$tR{IhFS}D@)U6#RNQwV?q5qi zWzFiMK+7XSj03*UxRXO$V|r7%x*`(I!d~$rNkADrRH+V$TQxN!c32MBmwoIK&PKMG zl~-R0YuaQoeX`09iO2L1ZzDzH?J6Z-ktbpFLVDqz!=sQLw=;#$w~lf=oJXS-AMnNs z%SlR8at~HH8E>$CA9vH+ z%V1De$zWf}_T2PQMLWgm=K=|g!XEdYT%4+XiYIcY9d9y}OCM>PI4HO802kQX_<8Wp z`hPq=LzRBJX+0{?s5pxD-kEwYs?p$qjH~n+HJYiHwzj`XUrdl}bA53(_B65U-2I;X z@*w=&thVGJs)pQBk@K4U^^y;qey>zTk3J}(xMxv*IOS(rC_fL4`I59GZ=c}q%Z(y& zzkfOD?NDp>PjAWobQ*$9V=ad3><*z%R-)uaADkuo)cn#XjxoV2z9Eaamwv58R?jVu z&;3LR9hEt^RIG~uC(w`{)IdunY|DdaDtT?7WnAjO043`o&qOWG4Ap={N$dqTjrjuj zGr1;JUn^&niUa!GkM<(=qi)-f3_-gha)R7viw_CaN6_1Y_@$ZqQXUzu0X4D6rK+>u zeec+8D4!)M16L$^^}S0@!^QmB)i5p>`F)6_I%%%y({0~!1$jg8zU@fijwa=yoKEJIzjMdv&kYJ zN!IZ}22#h~PkHrj^_CYB1%4?HT80StzjY-`1o2{sAJYmAD*$aTzlCaw(e1dmhLEC4 z`EWUXPfDoZ+e-$>I+XXO`Xg`2rZ%9V3M`a~*-}=zKQGZP5T~VeEcOo_7dUiLeX8vL z#9GA=!0{&0LD4meD$2d2uh}V$huo9DQYA2;J6MGs|ClW#kjURIrUQWSt)vkxZQw`| z*w6F0k1(*=9Cc1iM+P~ty360I+087CF6}c~s}r=q&k@O-s7UUm(A;QbDwz720S6QK zV8CaeqM}aeT6|%4RC6Vw&bdS=s{DuMrzD2ON2X!URasroxpq7M9#6r%9>v0u02(g( zWXC8EiNm_&k&Bf+LrntzWvbzo$Aeq%>IJ!rZU~5fBtRs=-Xz=NVV^*vwmr_~Xd}-K z;zLNF;?&aZSBGPMj*Dq#M|Se_V*Y2zQ;$~9jN;~Bbk0-w z6xLK=9aqBM!bU+1xbAR#SA|^0gGg1CwWOwp9_XANk&s+A`Rn-`Agh~J(?ES&y(Kp{@5X{i#JgTmNfx&o;`V& z*gsG8^kRk3+XHw&KQ{4YNQ-8q+U}`=R$;b+ZQlpp*sZ-~k0M_C{jIs9K5~}|O~+s{ z6xQcP8pH=BD67I<z-dDE!IC#ff4}Wz1JeU3sN$fth zzckrn;i%*dBJbNrE^7Bxq@Cz^RXBy?w}oY$fc9Z3CBxpmbUAc1AI2szrPN73r#Kt(4Sy7@05ck^EzI5~eAGBdHZ|-aqVgb>EP$1+ zsfL4a2Tm>*`Y=uZXXKAZ=^3IpyJk!iK_nW)0fihnxspTjI7sWX<}N2ULaImgpy#fu|WX8DZ8vqs8<*wB+c55tNi$>x7?8B|jN0KCudMpLmAE zl+`J*s>&;_7r8NDlz7tM6z>_of`&p9I%%qco`meXd6^%ZE{8N%SqWKCvchv_)0Zy1 zpxJAor#@NjO1gP3nI~OD@}5@g75>^BzS-CD^JE{dV#9rphYgQd8}>M}GEsMW>BIX{ zgK59_&WZy0OM&q{amz2VK)daLUYo|9-h`@jg+)z~Ppblks&9}!@`= 7.4 + Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1455514 +contact: Martin Cermak +component: +- elfutils +test: ./runtest.sh +framework: beakerlib +recommend: +- elfutils +duration: 48h +link: +- relates: https://bugzilla.redhat.com/show_bug.cgi?id=1455514 +extra-summary: /tools/elfutils/Sanity/yama-scope +extra-task: /tools/elfutils/Sanity/yama-scope diff --git a/tests/Sanity/yama-scope/ptrace-scope-test.sh b/tests/Sanity/yama-scope/ptrace-scope-test.sh new file mode 100644 index 0000000..6eb1ca4 --- /dev/null +++ b/tests/Sanity/yama-scope/ptrace-scope-test.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +RETVAL=0 +OUT=$(mktemp) +eu-stack -p $$ |& tee $OUT +grep -i 'operation not permitted' $OUT && RETVAL=1 +rm $OUT +exit $RETVAL diff --git a/tests/Sanity/yama-scope/runtest.sh b/tests/Sanity/yama-scope/runtest.sh new file mode 100755 index 0000000..8195b54 --- /dev/null +++ b/tests/Sanity/yama-scope/runtest.sh @@ -0,0 +1,108 @@ +#!/bin/bash +# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /tools/elfutils/Sanity/yama-scope +# Description: yama-scope +# Author: Martin Cermak +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2017 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="elfutils" +MY_USER="ptrace_scope_testuser" +TESTCASE="/tmp/ptrace-scope-test.sh" +PROCFILE='/proc/sys/kernel/yama/ptrace_scope' + +test_root() +{ + $TESTCASE +} + +test_user() +{ + su - $MY_USER -c $TESTCASE +} + +rlJournalStart + rlPhaseStartTest + +# This can easily be tested with strace. Just cycle through the settings: + +# 0 - Default attach security permissions. +# 1 - Restricted attach. Only child processes plus normal permissions. +# 2 - Admin-only attach. Only executables with CAP_SYS_PTRACE. +# 3 - No attach. No process may call ptrace at all. Irrevocable. + +# echo 0 > /proc/sys/kernel/yama/ptrace_scope + +# With 0, strace works against any process with your uid. For example, strace -p 2190. +# With 1, strace errors when doing the same as in 0: strace: attach: ptrace(PTRACE_SEIZE, 3180): Operation not permitted. However, you can strace any program you run from strace, "strace /bin/ls" or example. +# With 2, you can only strace from the root account. You can no longer strace commands run from strace. +# With 3, even root cannot strace. + +# --- + +# possible related AVCs tracked as https://bugzilla.redhat.com/show_bug.cgi?id=1458999 + +# --- + + rlRun "useradd $MY_USER" 0,9 + + rlRun "cp ptrace-scope-test.sh /tmp/" + rlRun "chmod a+rx /tmp/ptrace-scope-test.sh" + + rlRun "ORIGVAL=$( cat $PROCFILE )" + + # First, test the default behaviour, which is "no restriction" + # from the ptrace perspective. Here we assume that + # elfutils-default-yama-scope.rpm is installed and so the default + # yama policy is set to 0 instead of 1 which would otherwise be set + # as a kernel default (security/yama/yama_lsm.c ---> YAMA_SCOPE_RELATIONAL) + rlRun test_root + rlRun test_user + + rlRun "echo 0 > $PROCFILE" + rlRun test_root + rlRun test_user + rlRun "echo 1 > $PROCFILE" + rlRun test_root + rlRun test_user 1 + rlRun "echo 2 > $PROCFILE" + rlRun test_root + rlRun test_user 1 + # Following subtest would be irrevertible (till next reboot) + # rlRun "echo 3 > $PROCFILE" + # rlRun test_root 1 + # rlRun test_user 1 + + rlRun "userdel -f $MY_USER" + +# This testcase could be more complex - using child and non-child processes and +# performing reboots. But let's keep this simple, since we are not testing the +# kernel facility, but merely an elfutils "plugin" for it, whose purpose is to +# set the default yama policy as such. + + rlRun "echo $ORIGVAL > $PROCFILE" + rlPhaseEnd +rlJournalPrintText +rlJournalEnd