| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
The getgroups test is a NetBSD tests, so just apply our larger hammer
and disable the feature entirely. The audit test can take a more
surgical approach and use __ssp_real() appropriately, since it's a local
one.
PR: 294881
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D56735
|
| |
|
|
|
|
|
| |
This is a residual of the $FreeBSD$ removal.
MFC After: 3 days (though I'll just run the command on the branches)
Sponsored by: Netflix
|
| |
|
|
| |
Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
|
| |
|
|
| |
Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/
|
| |
|
|
|
| |
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D39330
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When an overlength path is set as the temporary directory for test
case sys/audit/inter-process:shm_unlink_success, the test will fail,
e.g.
```
root@freebsd:/usr/tests/sys/audit # env TMPDIR=/var/tmp/tests/kyua kyua test inter-process:shm_unlink_success
inter-process:shm_unlink_success -> failed: shm_unlink.*fileforaudit.*return,success not found in auditpipe within the time limit [10.452s]
Results file id is usr_tests_sys_audit.20220412-221852-924310
Results saved to /root/.kyua/store/results.usr_tests_sys_audit.20220412-221852-924310.db
0/1 passed (1 failed)
```
The root cause is that dirpath is defined too small to handle it.
Reviewers: vangyzen, dab
Differential Revision: https://reviews.freebsd.org/D34885
Submitted by: Yongbo Yao (yongbo.yao@dell.com)
Sponsored by: Dell Technologies
|
| |
|
|
|
|
|
|
|
| |
also fix test sys/audit/administrative.c.
Reviewed by: brooks
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D33343
|
| |
|
|
|
|
|
|
|
| |
This makes the `kyua report --verbose` output a lot easier to parse when
looking at failed tests. It also fixes the closefrom() test since I
tested my changes with this commit but forgot to push it together with
fa32350347b4e351a144b5423f0fb2ca9d67f4ca.
Fixes: fa32350347b4 ("close_range: add audit support")
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes the closefrom test in sys/audit.
Includes cherry-picks of the following commits from openbsm:
https://github.com/openbsm/openbsm/commit/4dfc628aafe589d68848f7033f3d3488c4d979e0
https://github.com/openbsm/openbsm/commit/99ff6fe32aebc5a4b8d40d60062b8574697df557
https://github.com/openbsm/openbsm/commit/da48a0399e95448693d3fa2be48454ca564c1be8
Reviewed By: kevans
Differential Revision: https://reviews.freebsd.org/D28388
|
| |
|
|
|
|
|
|
| |
df093aa9463b linked against libprivateauditd.a, but that is currently
(and incorrectly) built as position-dependent. For now just force PIE
off for this test to fix the WITH_PIE build.
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the CheriBSD CI we reproducibly see the first test in sys/audit
(administrative:acct_failure) fail due to a missing startup message.
It appears this is caused by a race condition when starting auditd:
`service auditd onestart` returns as soon as the initial auditd() parent
exits (after the daemon(3) call).
We can avoid this problem by setting up the auditd infrastructure
in-process: libauditd contains audit_quick_{start,stop}() functions that
look like they are ideally suited to this task.
This patch also avoids forking lots of shell processes for each of the 418
tests by using `auditon(A_SENDTRIGGER, &trigger, sizeof(trigger))` to check
for a running auditd(8) instead of using `service auditd onestatus`.
With these two changes (and D28388 to fix the XFAIL'd test) I can now
boot and run `cd /usr/tests/sys/audit && kyua test` without any failures
in a single-core QEMU instance. Before there would always be at least one
failed test.
Besides making the tests more reliable in CI, a nice side-effect of this
change is that it also significantly speeds up running them by avoiding
lots of fork()/execve() caused by shell scripts:
Running kyua test on an AArch64 QEMU took 315s before and now takes 68s,
so it's roughly 3.5 times faster. This effect is even larger when running
on a CHERI-RISC-V QEMU since emulating CHERI instructions on an x86 host
is noticeably slower than emulating AArch64.
Test Plan: aarch64+amd64 QEMU no longer fail.
Reviewed By: asomers
Differential Revision: https://reviews.freebsd.org/D28451
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
In the CheriBSD CI, we run the testsuite with /tmp as tmpfs. This causes
the extattr audit tests to fail since tmpfs does not (yet) support
extattrs. Skip those tests if the target path is on a file system that
does not support extended file attributes.
While touching these two files also convert the ATF_REQUIRE_EQ(-1, ...)
checks to use ATF_REQURIE_ERRNO().
Reviewed By: asomers
Differential Revision: https://reviews.freebsd.org/D28392
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This changes the behaviour to a 30s total timeout (needed when running
on slow emulated uniprocessor systems) and timing out after 10s without
any input. This also uses timespecsub() instead of ignoring the
nanoseconds field.
After this change the tests runs more reliably on QEMU and time out less
frequently.
Reviewed By: asomers
Differential Revision: https://reviews.freebsd.org/D28391
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Repeating the default WARNS here makes it slightly more difficult to
experiment with default WARNS changes, e.g. if we did something absolutely
bananas and introduced a WARNS=7 and wanted to try lifting the default to
that.
Drop most of them; there is one in the blake2 kernel module, but I suspect
it should be dropped -- the default WARNS in the rest of the build doesn't
currently apply to kernel modules, and I haven't put too much thought into
whether it makes sense to make it so.
Notes:
svn path=/head/; revision=366304
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Prior to this change a `SF_IMMUTABLE` chflagsat(2)'ed file (`path`) was left
behind, which sabotaged kyua(1) from being able to clean up the work directory,
This resulted in unnecessary work for folks having to clean up the work
directory on non-disposable systems, which defaults to `/tmp`. Use `UF_OFFLINE`
instead of `SF_IMMUTABLE`, in part because setting `SF_IMMUTABLE` isn't relevant
to the test and `SF_IMMUTABLE` cannot be cleared at all securelevels, as pointed
out by @asomers.
Additional work is required to catch cases like this upfront in the future to
avoid tester headache. See PR # 247765 for more details/followup.
Suggested by: asomers
Reviewed By: asomers, #tests
MFC after: 1 week
PR: 247761
Sponsored by: DellEMC
Differential Revision: https://reviews.freebsd.org/D25561
Notes:
svn path=/head/; revision=363132
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
some 416 failing tests on armv7:
https://ci.freebsd.org/job/FreeBSD-head-armv7-test/lastCompletedBuild/testReport/
Reviewed by: asomers
MFC after: 2 weeks
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D25144
Notes:
svn path=/head/; revision=362330
|
| |
|
|
|
|
|
|
|
|
|
| |
closefrom has been converted to close_range internally; remediation is
underway for this, marking it as an expected fail for now while proper
course is determined.
PR: 245625
Notes:
svn path=/head/; revision=359944
|
| |
|
|
|
|
|
|
|
|
|
| |
PR: 236857
Reviewed by: asomers, ngie
Approved by: emaste
MFC after: 1 month
Sponsored by: Netflix
Notes:
svn path=/head/; revision=345765
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
These tests should be skipped if /etc/rc.d/auditd is missing, which could be
the case if world was built with WITHOUT_AUDIT set. Also, one test case
requires /etc/rc.d/accounting.
Submitted by: ngie
MFC after: 2 weeks
Pull Request: https://github.com/freebsd/freebsd/pull/240
Notes:
svn path=/head/; revision=342172
|
| |
|
|
|
|
|
|
|
|
| |
Submitted by: aniketp
MFC after: 2 weeks
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D16116
Notes:
svn path=/head/; revision=336875
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
These syscalls were always supposed to have been auditted, but due to
oversights never were.
PR: 228374
Reported by: aniketp
Reviewed by: aniketp
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D16388
Notes:
svn path=/head/; revision=336604
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
These three syscalls aren't currently audited correctly, so the tests are
marked as expected failures.
PR: 228374
Submitted by: aniketp
MFC after: 2 weeks
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D16379
Notes:
svn path=/head/; revision=336580
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
auditon(2) is an ioctl-like syscall with several different variants, each of
which has a distinct audit event. This commit tests the remaining variants
that weren't tested in r336564.
Submitted by: aniketp
MFC after: 2 weeks
X-MFC-With: 336564
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D16381
Notes:
svn path=/head/; revision=336579
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
auditon(2) is an ioctl-like syscall with several different variants, each of
which has a distinct audit event. Write separate audit(4) tests for each
variant.
Submitted by: aniketp
MFC after: 2 weeks
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D16255
Notes:
svn path=/head/; revision=336564
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also, fix a bug in common code that could cause other tests to fail: using
ppoll(2) in combination with buffered I/O for /dev/auditpipe. Fix it by
disabling buffering.
Submitted by: aniketp
MFC after: 2 weeks
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D16099
Notes:
svn path=/head/; revision=336418
|
| |
|
|
|
|
|
|
|
|
| |
Submitted by: aniketp
MFC after: 2 weeks
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D16086
Notes:
svn path=/head/; revision=335842
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Includes ntp_adjtime, auditctl, acct, auditon, and clock_settime. Includes
quotactl, mount, nmount, swapon, and swapoff in failure mode only. Success
tests for those syscalls will follow. Also includes reboot(2) in failure
mode only. That one can't be tested in success mode.
Submitted by: aniketp
MFC after: 2 weeks
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15898
Notes:
svn path=/head/; revision=335792
|
| |
|
|
|
|
|
|
|
|
| |
Submitted by: aniketp
MFC after: 2 weeks
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D16035
Notes:
svn path=/head/; revision=335791
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix several incorrect buffer size arguments and a file descriptor leak.
Submitted by: aniketp
Reported by: Coverity
CID: 1393489 1393501 1393509 1393510 1393514 1393515 1393516
CID: 1393517 1393518 1393519
MFC after: 2 weeks
X-MFC-With: 335284
X-MFC-With: 335318
X-MFC-With: 335320
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D16000
Notes:
svn path=/head/; revision=335703
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Tested syscalls include rfork(2), chdir(2), fchdir(2), chroot(2),
getresuid(2), getresgid(2), setpriority(2), setgroups(2), setpgrp(2),
setrlimit(2), setlogin(2), mlock(2), munlock(2), minherit(2), rtprio(2),
profil(2), ktrace(2), ptrace(2), fork(2), umask(2), setuid(2), setgid(2),
seteuid(2), and setegid(2). The last six are only tested in the success
case, either because they're infalliable or a failure is difficult to cause
on-demand.
Submitted by: aniketp
MFC after: 2 weeks
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15966
Notes:
svn path=/head/; revision=335679
|
| |
|
|
|
|
|
|
|
|
| |
Submitted by: aniketp
MFC after: 2 weeks
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15963
Notes:
svn path=/head/; revision=335677
|
| |
|
|
|
|
|
|
|
|
| |
Submitted by: aniketp
MFC after: 2 weeks
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15897
Notes:
svn path=/head/; revision=335528
|
| |
|
|
|
|
|
|
|
|
| |
Submitted by: aniketp
MFC after: 2 weeks
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15895
Notes:
svn path=/head/; revision=335378
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Includes utimes(2), futimes(2), lutimes(2), futimesat(2), mprotect(2), and
undelete(2). undelete, for now, is tested only in failure mode.
Submitted by: aniketp
MFC after: 2 weeks
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15893
Notes:
svn path=/head/; revision=335374
|
| |
|
|
|
|
|
|
|
|
| |
Submitted by: aniketp
MFC after: 2 weeks
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15872
Notes:
svn path=/head/; revision=335354
|
| |
|
|
|
|
|
|
|
|
| |
Submitted by: aniketp
MFC after: 2 weeks
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15871
Notes:
svn path=/head/; revision=335320
|
| |
|
|
|
|
|
|
|
|
| |
Submitted by: aniketp
MFC after: 2 weeks
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15869
Notes:
svn path=/head/; revision=335319
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Includes extattr_{set_file, _set_fd, _set_link, _delete_file, _delete_fd,
_delete_link}
Submitted by: aniketp
MFC after: 2 weeks
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15867
Notes:
svn path=/head/; revision=335318
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This was correct in the final version on Phabricator, but somehow I screwed
up applying the patch locally.
Reported by: linimon
Pointy-hat-to: asomers
MFC after: 2 weeks
X-MFC-With: 335307
Notes:
svn path=/head/; revision=335311
|
| |
|
|
|
|
|
|
|
|
|
|
| |
includes shmget, shmat, shmdt, and shmctl
Submitted by: aniketp
MFC after: 2 weeks
Sponsored by: Google, Inc (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15860
Notes:
svn path=/head/; revision=335307
|
| |
|
|
|
|
|
|
|
|
| |
Submitted by: aniketp
MFC after: 2 weeks
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15853
Notes:
svn path=/head/; revision=335294
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The ad audit class is for administrative commands. This commit adds test
for settimeofday, adjtime, and getfh.
Submitted by: aniketp
MFC after: 2 weeks
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15861
Notes:
svn path=/head/; revision=335285
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit includes extattr_{get_file, get_fd, get_link, list_file,
list_fd, list_link}. It does not include any syscalls that modify, set, or
delete extended attributes, as those are in a different audit class.
Submitted by: aniketpt
MFC after: 2 weeks
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15859
Notes:
svn path=/head/; revision=335284
|
| |
|
|
|
|
|
|
|
|
|
|
| |
chflags, fchflags, and lchflags (but not chflagsat) are included.
Submitted by: aniketp
MFC after: 2 weeks
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15854
Notes:
svn path=/head/; revision=335275
|
| |
|
|
|
|
|
|
|
|
|
|
| |
pathconf, lpathconf, and fpathconf are included
Submitted by: aniketp
MFC after: 2 weeks
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15842
Notes:
svn path=/head/; revision=335261
|
| |
|
|
|
|
|
|
|
|
| |
Submitted by: aniketp
MFC after: 2 weeks
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15848
Notes:
svn path=/head/; revision=335260
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Includes chown, fchown, lchown, and fchownat
Submitted by: aniketp
MFC after: 2 weeks
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15825
Notes:
svn path=/head/; revision=335256
|
| |
|
|
|
|
|
|
|
|
| |
Submitted by: aniketp
MFC after: 2 weeks
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15843
Notes:
svn path=/head/; revision=335255
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add tests for socket(2), socketpair(2), and setsockopt(2)
Submitted by: aniketp
MFC after: 2 weeks
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15803
Notes:
svn path=/head/; revision=335215
|
| |
|
|
|
|
|
|
|
|
|
|
| |
[skip ci]
Submitted by: aniketp
MFC after: 2 weeks
Sponsored by: Google, Inc. (GSoC 2018)
Differential Revision: https://reviews.freebsd.org/D15797
Notes:
svn path=/head/; revision=335208
|
