faraphel/chrony
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

test: rework seccomp testing

Browse source 
Instead of a single test with enabled seccomp, rerun all other
non-destructive and destructive tests for each seccomp level.
This commit is contained in:
Miroslav Lichvar 2021-04-29 13:18:39 +02:00
parent b9f5ce83b0
commit c536b2561b
4 changed files with 50 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
test/system/005-scfilter
View file

@ -1,17 +0,0 @@
#!/usr/bin/env bash
. ./test.common
check_chronyd_features SCFILTER || test_skip "SCFILTER support disabled"
test_start "system call filter"
for extra_chronyd_options in "-F -1" "-F 1"; do
start_chronyd || test_fail
wait_for_sync || test_fail
stop_chronyd || test_fail
check_chronyd_messages || test_fail
check_chronyd_files || test_fail
done
test_pass

24
test/system/099-scfilter Executable file
View file

@ -0,0 +1,24 @@
#!/usr/bin/env bash
. ./test.common
check_chronyd_features SCFILTER || test_skip "SCFILTER support disabled"
test_start "system call filter in non-destructive tests"
for level in "-1" "1"; do
test_message 1 1 "level $level:"
for test in 0[0-8][0-9]-*[^_]; do
test_message 2 0 "$test"
TEST_SCFILTER=$level "./$test" > /dev/null 2> /dev/null
result=$?
if [ $result != 0 ] && [ $result != 9 ] ; then
test_bad
test_fail
fi
test_ok
done
done
test_pass

24
test/system/199-scfilter Executable file
View file

@ -0,0 +1,24 @@
#!/usr/bin/env bash
. ./test.common
check_chronyd_features SCFILTER || test_skip "SCFILTER support disabled"
test_start "system call filter in destructive tests"
for level in "-1" "1"; do
test_message 1 1 "level $level:"
for test in 1[0-8][0-9]-*[^_]; do
test_message 2 0 "$test"
TEST_SCFILTER=$level "./$test" > /dev/null 2> /dev/null
result=$?
if [ $result != 0 ] && [ $result != 9 ] ; then
test_bad
test_fail
fi
test_ok
done
done
test_pass

2
test/system/test.common
View file

@ -20,6 +20,7 @@ TEST_DIR=${TEST_DIR:-$(pwd)/tmp}
TEST_LIBDIR=${TEST_LIBDIR:-$TEST_DIR} TEST_LIBDIR=${TEST_LIBDIR:-$TEST_DIR}
TEST_LOGDIR=${TEST_LOGDIR:-$TEST_DIR} TEST_LOGDIR=${TEST_LOGDIR:-$TEST_DIR}
TEST_RUNDIR=${TEST_RUNDIR:-$TEST_DIR} TEST_RUNDIR=${TEST_RUNDIR:-$TEST_DIR}
TEST_SCFILTER=${TEST_SCFILTER:-0}
test_start() { test_start() {
check_chronyd_features NTP CMDMON || test_skip "NTP/CMDMON support disabled" check_chronyd_features NTP CMDMON || test_skip "NTP/CMDMON support disabled"
@ -242,6 +243,7 @@ get_chronyd_options() {
echo "-l $(get_logfile)" echo "-l $(get_logfile)"
echo "-f $(get_conffile)" echo "-f $(get_conffile)"
echo "-u $user" echo "-u $user"
echo "-F $TEST_SCFILTER"
echo "$extra_chronyd_options" echo "$extra_chronyd_options"
} }