Menu
▾
▴
audit-test-developer
|
From: Miroslav V. <mva...@re...> - 2014-08-01 08:32:38
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Akashi,
On 07/24/2014 08:02 AM, AKASHI Takahiro wrote:
> On some architectures including arm64, system call numbers are defined in
> /usr/include/asm-generic/unistd.h. This file contains irregular style of definitions like
> #define __NR3264_truncate 45 #define __NR_truncate __NR3264_truncate (In fact, it's more
> complicated.)
>
> This patch takes care of such cases.
>
> Signed-off-by: AKASHI Takahiro <tak...@li...> --- audit-test/utils/augrok | 15
> +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-)
>
> diff --git a/audit-test/utils/augrok b/audit-test/utils/augrok index 08f731a..f0542e5 100755
> --- a/audit-test/utils/augrok +++ b/audit-test/utils/augrok @@ -113,8 +113,12 @@ sub new {
> open(S, "gcc $m32 -E -dM /usr/include/syscall.h |") or die; my $line; while (defined($line =
> <S>)) { - next unless $line =~ /^#define\s+__NR_(\w+)\s+(\w+|\(.*?\))/; -
> $singleton->{$1} = $2; + if ($line =~ /^#define\s+__NR_(\w+)\s+(\w+|\(.*?\))/) { +
> $singleton->{$1} = $2; + } + if ($line =~
> /^#define\s+__NR3264_(\w+)\s+(\w+|\(.*?\))/) { + $singleton->{"3264_$1"} = $2; +
> } } close S;
>
> @@ -139,6 +143,13 @@ sub new { $changed = 1; }
>
> + #define __NR_truncate __NR3264_truncate + if ($v =~
> /^__NR3264_(\w+)$/ and + defined($new_v = $singleton->{"3264_$1"})) { +
> $singleton->{$k} = $new_v; + $changed = 1; + }
I just realized you wanted to do here elsif not only if.
Won't work and augrok breaks on s390x on defines like:
#define __NR_mq_getsetattr (__NR_mq_open+5)
for example
Could you please confirm that with this patch you are still fine?
diff --git a/audit-test/utils/augrok b/audit-test/utils/augrok
index a42cd21..973b85b 100755
- --- a/audit-test/utils/augrok
+++ b/audit-test/utils/augrok
@@ -144,7 +144,7 @@ sub new {
}
#define __NR_truncate __NR3264_truncate
- - if ($v =~ /^__NR3264_(\w+)$/ and
+ elsif ($v =~ /^__NR3264_(\w+)$/ and
defined($new_v = $singleton->{"3264_$1"})) {
$singleton->{$k} = $new_v;
$changed = 1;
Thanks and regards,
/M
> + # don't know how to handle this, hope it wasn't important else { print STDERR "Removing
> syscall{$k} = $v\n" if $opt{'debug'};
>
- --
Miroslav Vadkerti :: Senior Quality Assurance Engineer / RHCSS :: BaseOS QE - Security
Phone +420 532 294 129 :: CR cell +420 776 864 252 :: SR cell +421 904 135 440
IRC mvadkert at #qe #urt #brno #rpmdiff :: GnuPG ID 0x25881087 at pgp.mit.edu
Red Hat s.r.o, Purkyňova 99/71, 612 45, Brno, Czech Republic
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJT21CZAAoJEBliWhMliBCHGeUIAJ9YUOq9RMx5Ojb2sxOyMya+
3sUXtHgHilZAra3x9Yg2OJDADPGO46NJ47FnqWSGTP/tZmr3ppCRCXGyYFqWPFr/
r+f30K5vxs1YcyG7vIAj1838rds0M5c8PbXBrI2G+VT3c/1yzz96axcagQppzHvq
+uE0kAuoHP6gkIt/g/Dqc7aIA709OXR/OT1eIt+KOX66wLo7MCMmDC+x1ZE2aORH
CNHGB4SeGZKq3IaC1qiryAYIgBBMxTpHv+pz7Cb+vjCfx/o426Em+9fVBFXiY5mI
fq8PnjW8jRdX36iRC4pMjRu98t0QRhTPa56LTKwQgaBUBwpOmbrxWDfqf7ei83k=
=Gbyy
-----END PGP SIGNATURE-----
|
|
From: AKASHI T. <tak...@li...> - 2014-08-04 06:29:12
|
On 08/01/2014 05:32 PM, Miroslav Vadkerti wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Akashi,
>
> On 07/24/2014 08:02 AM, AKASHI Takahiro wrote:
>> On some architectures including arm64, system call numbers are defined in
>> /usr/include/asm-generic/unistd.h. This file contains irregular style of definitions like
>> #define __NR3264_truncate 45 #define __NR_truncate __NR3264_truncate (In fact, it's more
>> complicated.)
>>
>> This patch takes care of such cases.
>>
>> Signed-off-by: AKASHI Takahiro <tak...@li...> --- audit-test/utils/augrok | 15
>> +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-)
>>
>> diff --git a/audit-test/utils/augrok b/audit-test/utils/augrok index 08f731a..f0542e5 100755
>> --- a/audit-test/utils/augrok +++ b/audit-test/utils/augrok @@ -113,8 +113,12 @@ sub new {
>> open(S, "gcc $m32 -E -dM /usr/include/syscall.h |") or die; my $line; while (defined($line =
>> <S>)) { - next unless $line =~ /^#define\s+__NR_(\w+)\s+(\w+|\(.*?\))/; -
>> $singleton->{$1} = $2; + if ($line =~ /^#define\s+__NR_(\w+)\s+(\w+|\(.*?\))/) { +
>> $singleton->{$1} = $2; + } + if ($line =~
>> /^#define\s+__NR3264_(\w+)\s+(\w+|\(.*?\))/) { + $singleton->{"3264_$1"} = $2; +
>> } } close S;
>>
>> @@ -139,6 +143,13 @@ sub new { $changed = 1; }
>>
>> + #define __NR_truncate __NR3264_truncate + if ($v =~
>> /^__NR3264_(\w+)$/ and + defined($new_v = $singleton->{"3264_$1"})) { +
>> $singleton->{$k} = $new_v; + $changed = 1; + }
>
> I just realized you wanted to do here elsif not only if.
Thanks.
> Won't work and augrok breaks on s390x on defines like:
> #define __NR_mq_getsetattr (__NR_mq_open+5)
> for example
>
> Could you please confirm that with this patch you are still fine?
tested-by: AKASHI Takahiro <tak...@li...>
> diff --git a/audit-test/utils/augrok b/audit-test/utils/augrok
> index a42cd21..973b85b 100755
> - --- a/audit-test/utils/augrok
> +++ b/audit-test/utils/augrok
> @@ -144,7 +144,7 @@ sub new {
> }
>
> #define __NR_truncate __NR3264_truncate
> - - if ($v =~ /^__NR3264_(\w+)$/ and
> + elsif ($v =~ /^__NR3264_(\w+)$/ and
> defined($new_v = $singleton->{"3264_$1"})) {
> $singleton->{$k} = $new_v;
> $changed = 1;
>
> Thanks and regards,
> /M
>
>
>> + # don't know how to handle this, hope it wasn't important else { print STDERR "Removing
>> syscall{$k} = $v\n" if $opt{'debug'};
>>
>
> - --
> Miroslav Vadkerti :: Senior Quality Assurance Engineer / RHCSS :: BaseOS QE - Security
> Phone +420 532 294 129 :: CR cell +420 776 864 252 :: SR cell +421 904 135 440
> IRC mvadkert at #qe #urt #brno #rpmdiff :: GnuPG ID 0x25881087 at pgp.mit.edu
> Red Hat s.r.o, Purkyňova 99/71, 612 45, Brno, Czech Republic
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQEcBAEBAgAGBQJT21CZAAoJEBliWhMliBCHGeUIAJ9YUOq9RMx5Ojb2sxOyMya+
> 3sUXtHgHilZAra3x9Yg2OJDADPGO46NJ47FnqWSGTP/tZmr3ppCRCXGyYFqWPFr/
> r+f30K5vxs1YcyG7vIAj1838rds0M5c8PbXBrI2G+VT3c/1yzz96axcagQppzHvq
> +uE0kAuoHP6gkIt/g/Dqc7aIA709OXR/OT1eIt+KOX66wLo7MCMmDC+x1ZE2aORH
> CNHGB4SeGZKq3IaC1qiryAYIgBBMxTpHv+pz7Cb+vjCfx/o426Em+9fVBFXiY5mI
> fq8PnjW8jRdX36iRC4pMjRu98t0QRhTPa56LTKwQgaBUBwpOmbrxWDfqf7ei83k=
> =Gbyy
> -----END PGP SIGNATURE-----
>
|
|
From: Jiri J. <jja...@re...> - 2014-08-05 10:14:14
Attachments:
diff.txt
|
On 07/24/2014 08:02 AM, AKASHI Takahiro wrote: > This patch allows the test suite to be run on aarch64 (or arm64 in kernel > jargon) with 64-bit and 32-bit userspace. > I successfully built and ran it on > - ARMv8 fast model > - x86_64 Fedora 20 > but only against audit-test/syscalls and filter, and so fixes here might be > incomplete in the other categories (and on other architectures). > See audit-test/Makefile, which is a bit messy in general. > > v4: > * fix usages of LSM_SELINUX macro > > v3: > * correct makefiles/bash scripts around usages of LSM_SELINUX macro > * untabify the leading tabs > * protect utils/network-server with LSM_SELINUX > > v2: > * clean up the usages of macros, MACHINE, LSM_SELINUX and UTILS > * cosmetic changes (indentation, splitting lines) for readability > > AKASHI Takahiro (5): > audit-test: use LSM_SELINUX instead of SUSE to work-around SE-Linux > audit-test: handle __NR3264_xxx syscall definitions > audit-test/syscalls: add aarch64 support > audit-test/filter: add aarch64 support > audit-test/syscalls: add arm support > > audit-test/filter/run.conf | 2 ++ > audit-test/filter/tests/test_auid.bash | 9 +++++-- > audit-test/filter/tests/test_class_attr.bash | 28 +++++++++++++++----- > audit-test/filter/tests/test_dev_inode.bash | 11 +++++--- > audit-test/filter/tests/test_success.bash | 8 ++++-- > audit-test/filter/tests/test_syscall.bash | 8 ++++-- > audit-test/filter/tests/test_type.bash | 9 +++++-- > audit-test/filter/tests/test_watch_dir_remove.bash | 20 ++++++++------ > audit-test/filter/tests/test_watch_open.bash | 10 +++++-- > audit-test/filter/tests/test_watch_remove.bash | 4 +++ > audit-test/rules.mk | 11 +++++--- > audit-test/syscalls/cap-run.conf | 15 +++++++---- > audit-test/syscalls/dac-run.conf | 24 +++++++++++------ > audit-test/syscalls/mac-run.conf | 24 +++++++++++------ > audit-test/utils/Makefile | 7 ++++- > audit-test/utils/augrok | 17 ++++++++++-- > audit-test/utils/bin/Makefile | 14 +++++++--- > audit-test/utils/bin/do_creat.c | 4 +-- > audit-test/utils/bin/do_mkdir.c | 4 +-- > audit-test/utils/bin/do_mkdirat.c | 4 +-- > audit-test/utils/bin/do_mknod.c | 4 +-- > audit-test/utils/bin/do_mknodat.c | 4 +-- > audit-test/utils/bin/do_mq_open.c | 4 +-- > audit-test/utils/bin/do_open.c | 4 +-- > audit-test/utils/bin/do_openat.c | 4 +-- > audit-test/utils/bin/do_symlink.c | 4 +-- > audit-test/utils/bin/do_symlinkat.c | 4 +-- > audit-test/utils/run.bash | 8 ++++-- > 28 files changed, 188 insertions(+), 81 deletions(-) > This series causes some regressions when running tests via ./run.bash instead of 'make run', specifically in all bash tests/scripts that used to check for non-existence of DISTRO=SUSE or used to presume that selinux is always available. Ie. the secontext tests from filter/ can't be run using just ./run.bash. This is due to the dependency on variables exported by the make system, specifically LSM_SELINUX and MACHINE (which is why ./run.bash won't work on aarch64 in a lot of places). Since this is more of a long-standing issue (exporing ie. ARCH and MODE manually instead of using MACHINE and autodetected native MODE), I would like to finally resolve it (and replace ARCH with MACHINE afterwards). I've considered several ways how to do this, from using variables in tester's shell (sourcing some file which would set them), to storing these variables in a file generated by the make system, to parsing the Makefiles, to letting make parse the Makefiles. Please see the attached patch - it's just an untested snippet, the final version would have comments / explanation of the issue. Please note that ie. manual specification of MODE still works, since the make system takes this into consideration. This patch essentially makes run.bash use variables "preprocessed" by the make system. We could make the export target depend on things like check_set_PPROFILE and get free/autodetected PPROFILE with ./run.bash as well. Any comments? Thanks, Jiri |
|
From: Jiri J. <jja...@re...> - 2014-08-11 11:54:36
|
On 08/05/2014 12:14 PM, Jiri Jaburek wrote: > On 07/24/2014 08:02 AM, AKASHI Takahiro wrote: >> This patch allows the test suite to be run on aarch64 (or arm64 in kernel >> jargon) with 64-bit and 32-bit userspace. >> I successfully built and ran it on >> - ARMv8 fast model >> - x86_64 Fedora 20 >> but only against audit-test/syscalls and filter, and so fixes here might be >> incomplete in the other categories (and on other architectures). >> See audit-test/Makefile, which is a bit messy in general. >> >> v4: >> * fix usages of LSM_SELINUX macro >> >> v3: >> * correct makefiles/bash scripts around usages of LSM_SELINUX macro >> * untabify the leading tabs >> * protect utils/network-server with LSM_SELINUX >> >> v2: >> * clean up the usages of macros, MACHINE, LSM_SELINUX and UTILS >> * cosmetic changes (indentation, splitting lines) for readability >> >> AKASHI Takahiro (5): >> audit-test: use LSM_SELINUX instead of SUSE to work-around SE-Linux >> audit-test: handle __NR3264_xxx syscall definitions >> audit-test/syscalls: add aarch64 support >> audit-test/filter: add aarch64 support >> audit-test/syscalls: add arm support >> >> audit-test/filter/run.conf | 2 ++ >> audit-test/filter/tests/test_auid.bash | 9 +++++-- >> audit-test/filter/tests/test_class_attr.bash | 28 +++++++++++++++----- >> audit-test/filter/tests/test_dev_inode.bash | 11 +++++--- >> audit-test/filter/tests/test_success.bash | 8 ++++-- >> audit-test/filter/tests/test_syscall.bash | 8 ++++-- >> audit-test/filter/tests/test_type.bash | 9 +++++-- >> audit-test/filter/tests/test_watch_dir_remove.bash | 20 ++++++++------ >> audit-test/filter/tests/test_watch_open.bash | 10 +++++-- >> audit-test/filter/tests/test_watch_remove.bash | 4 +++ >> audit-test/rules.mk | 11 +++++--- >> audit-test/syscalls/cap-run.conf | 15 +++++++---- >> audit-test/syscalls/dac-run.conf | 24 +++++++++++------ >> audit-test/syscalls/mac-run.conf | 24 +++++++++++------ >> audit-test/utils/Makefile | 7 ++++- >> audit-test/utils/augrok | 17 ++++++++++-- >> audit-test/utils/bin/Makefile | 14 +++++++--- >> audit-test/utils/bin/do_creat.c | 4 +-- >> audit-test/utils/bin/do_mkdir.c | 4 +-- >> audit-test/utils/bin/do_mkdirat.c | 4 +-- >> audit-test/utils/bin/do_mknod.c | 4 +-- >> audit-test/utils/bin/do_mknodat.c | 4 +-- >> audit-test/utils/bin/do_mq_open.c | 4 +-- >> audit-test/utils/bin/do_open.c | 4 +-- >> audit-test/utils/bin/do_openat.c | 4 +-- >> audit-test/utils/bin/do_symlink.c | 4 +-- >> audit-test/utils/bin/do_symlinkat.c | 4 +-- >> audit-test/utils/run.bash | 8 ++++-- >> 28 files changed, 188 insertions(+), 81 deletions(-) >> > > This series causes some regressions when running tests via ./run.bash > instead of 'make run', specifically in all bash tests/scripts that used > to check for non-existence of DISTRO=SUSE or used to presume that > selinux is always available. > Ie. the secontext tests from filter/ can't be run using just ./run.bash. > > This is due to the dependency on variables exported by the make system, > specifically LSM_SELINUX and MACHINE (which is why ./run.bash won't work > on aarch64 in a lot of places). > > Since this is more of a long-standing issue (exporing ie. ARCH and MODE > manually instead of using MACHINE and autodetected native MODE), I would > like to finally resolve it (and replace ARCH with MACHINE afterwards). > > I've considered several ways how to do this, from using variables in > tester's shell (sourcing some file which would set them), to storing > these variables in a file generated by the make system, to parsing the > Makefiles, to letting make parse the Makefiles. > > Please see the attached patch - it's just an untested snippet, the final > version would have comments / explanation of the issue. > > Please note that ie. manual specification of MODE still works, since the > make system takes this into consideration. This patch essentially makes > run.bash use variables "preprocessed" by the make system. > We could make the export target depend on things like check_set_PPROFILE > and get free/autodetected PPROFILE with ./run.bash as well. Linda, Miroslav, any comments on the attached patch, please? Thanks, Jiri |
|
From: Miroslav V. <mva...@re...> - 2014-08-12 08:38:50
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, sorry I missed this one. Right we need to be able to run tests only with run.bash and getting it from the makefile system seems nice to me. I see no issues with the patch and I like the sound of autodetected PPROFILE via run.bash. Best regards, /M On 08/11/2014 01:54 PM, Jiri Jaburek wrote: > On 08/05/2014 12:14 PM, Jiri Jaburek wrote: >> On 07/24/2014 08:02 AM, AKASHI Takahiro wrote: >>> This patch allows the test suite to be run on aarch64 (or arm64 in kernel jargon) with >>> 64-bit and 32-bit userspace. I successfully built and ran it on - ARMv8 fast model - x86_64 >>> Fedora 20 but only against audit-test/syscalls and filter, and so fixes here might be >>> incomplete in the other categories (and on other architectures). See audit-test/Makefile, >>> which is a bit messy in general. >>> >>> v4: * fix usages of LSM_SELINUX macro >>> >>> v3: * correct makefiles/bash scripts around usages of LSM_SELINUX macro * untabify the >>> leading tabs * protect utils/network-server with LSM_SELINUX >>> >>> v2: * clean up the usages of macros, MACHINE, LSM_SELINUX and UTILS * cosmetic changes >>> (indentation, splitting lines) for readability >>> >>> AKASHI Takahiro (5): audit-test: use LSM_SELINUX instead of SUSE to work-around SE-Linux >>> audit-test: handle __NR3264_xxx syscall definitions audit-test/syscalls: add aarch64 >>> support audit-test/filter: add aarch64 support audit-test/syscalls: add arm support >>> >>> audit-test/filter/run.conf | 2 ++ >>> audit-test/filter/tests/test_auid.bash | 9 +++++-- >>> audit-test/filter/tests/test_class_attr.bash | 28 +++++++++++++++----- >>> audit-test/filter/tests/test_dev_inode.bash | 11 +++++--- >>> audit-test/filter/tests/test_success.bash | 8 ++++-- >>> audit-test/filter/tests/test_syscall.bash | 8 ++++-- >>> audit-test/filter/tests/test_type.bash | 9 +++++-- >>> audit-test/filter/tests/test_watch_dir_remove.bash | 20 ++++++++------ >>> audit-test/filter/tests/test_watch_open.bash | 10 +++++-- >>> audit-test/filter/tests/test_watch_remove.bash | 4 +++ audit-test/rules.mk >>> | 11 +++++--- audit-test/syscalls/cap-run.conf | 15 +++++++---- >>> audit-test/syscalls/dac-run.conf | 24 +++++++++++------ >>> audit-test/syscalls/mac-run.conf | 24 +++++++++++------ >>> audit-test/utils/Makefile | 7 ++++- audit-test/utils/augrok >>> | 17 ++++++++++-- audit-test/utils/bin/Makefile | 14 +++++++--- >>> audit-test/utils/bin/do_creat.c | 4 +-- >>> audit-test/utils/bin/do_mkdir.c | 4 +-- >>> audit-test/utils/bin/do_mkdirat.c | 4 +-- >>> audit-test/utils/bin/do_mknod.c | 4 +-- >>> audit-test/utils/bin/do_mknodat.c | 4 +-- >>> audit-test/utils/bin/do_mq_open.c | 4 +-- >>> audit-test/utils/bin/do_open.c | 4 +-- >>> audit-test/utils/bin/do_openat.c | 4 +-- >>> audit-test/utils/bin/do_symlink.c | 4 +-- >>> audit-test/utils/bin/do_symlinkat.c | 4 +-- audit-test/utils/run.bash >>> | 8 ++++-- 28 files changed, 188 insertions(+), 81 deletions(-) >>> >> >> This series causes some regressions when running tests via ./run.bash instead of 'make run', >> specifically in all bash tests/scripts that used to check for non-existence of DISTRO=SUSE or >> used to presume that selinux is always available. Ie. the secontext tests from filter/ can't >> be run using just ./run.bash. >> >> This is due to the dependency on variables exported by the make system, specifically >> LSM_SELINUX and MACHINE (which is why ./run.bash won't work on aarch64 in a lot of places). >> >> Since this is more of a long-standing issue (exporing ie. ARCH and MODE manually instead of >> using MACHINE and autodetected native MODE), I would like to finally resolve it (and replace >> ARCH with MACHINE afterwards). >> >> I've considered several ways how to do this, from using variables in tester's shell (sourcing >> some file which would set them), to storing these variables in a file generated by the make >> system, to parsing the Makefiles, to letting make parse the Makefiles. >> >> Please see the attached patch - it's just an untested snippet, the final version would have >> comments / explanation of the issue. >> >> Please note that ie. manual specification of MODE still works, since the make system takes >> this into consideration. This patch essentially makes run.bash use variables "preprocessed" >> by the make system. We could make the export target depend on things like check_set_PPROFILE >> and get free/autodetected PPROFILE with ./run.bash as well. > > Linda, Miroslav, any comments on the attached patch, please? > > Thanks, Jiri > - -- Miroslav Vadkerti :: Senior Quality Assurance Engineer / RHCSS :: BaseOS QE - Security Phone +420 532 294 129 :: CR cell +420 776 864 252 :: SR cell +421 904 135 440 IRC mvadkert at #qe #urt #brno #rpmdiff :: GnuPG ID 0x25881087 at pgp.mit.edu Red Hat s.r.o, Purkyňova 99/71, 612 45, Brno, Czech Republic -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJT6dKLAAoJEBliWhMliBCHYtkH/1FVqoBL6DMCcg1tNC5+61W3 ukTgmTnXHFos17KBWHIRr5dyytKFPow7ycewi62kLPK+ABGeyF/WATUReuefbXQt 0TFBT/PYriyaIkU6jGlj5VyEZZH4DX/0lQjwZHj7KCmzMC0nVvReF0rO53LLoULQ cb+x8Uhpj7Jz0i8oC5lW3xd/EkXo5whxpOG6nKnVDbsPAwe0/5S9tB1WXRp0oA77 shpI1Og/NEgTBeIpvnq0oI2U6lx8jQgfGLHqeHkz4skJLTYhnMi7ATJCM1lRJV07 r+ZU7H4oLDt1z9fB6QsSVm9dFhNFQHdPsiCfa0QOvWvxPAvodr49jDSa0X/9ewA= =GIXx -----END PGP SIGNATURE----- |
Thanks for helping keep SourceForge clean.
X