Menu
▾
▴
[Audit-test-developer] [PATCH 12/46] improve removal process of test users within the suite
|
From: Jiri J. <jja...@re...> - 2014-09-23 09:44:33
|
- use killall -9 on all processes of the test users, to kill
leftover processes that might be running (ie. when the test
fails on an unexpected exception)
- use userdel -rf instead of removing homedir, mail spool
and cron spool manually, the `-f' should be unnecessary,
but makes the removal process a bit more robust in case
there are leftover zombies (stuck in a syscall)
Without this change, ls /var/spool/mail:
cg_user1 cg_user2 cs_user1 cs_user2 eal eal2 joe ll_user
pd_user1 pd_user2 rpc
Signed-off-by: Jiri Jaburek <jja...@re...>
---
audit-test/kvm/test_libvirt_access.bash | 4 ++--
audit-test/kvm/test_libvirt_access_ssh.bash | 4 ++--
audit-test/kvm/test_selinux_chcon_resource.bash | 4 ++--
audit-test/libpam/tests/test_sudo.bash | 16 +++++++++-------
audit-test/misc/tests/test_ipc_permission.bash | 11 ++++-------
audit-test/misc/tests/test_procperm.bash | 11 ++++-------
audit-test/netfilebt/testperm.bash | 6 ++++--
audit-test/netfilter/testpermip4.bash | 6 ++++--
audit-test/netfilter/testpermip6.bash | 6 ++++--
audit-test/trustedprograms/tests/cron_functions.bash | 19 ++++---------------
audit-test/trustedprograms/tests/lastlog01 | 10 ++++------
audit-test/trustedprograms/tests/test_usermod_l.bash | 2 +-
.../trustedprograms/tests/tp_auth_functions.bash | 2 +-
audit-test/trustedprograms/tests/utils.plib | 2 ++
audit-test/utils/run.bash | 8 +++++---
15 files changed, 52 insertions(+), 59 deletions(-)
diff --git a/audit-test/kvm/test_libvirt_access.bash b/audit-test/kvm/test_libvirt_access.bash
index d4eba93..2018f6b 100755
--- a/audit-test/kvm/test_libvirt_access.bash
+++ b/audit-test/kvm/test_libvirt_access.bash
@@ -28,7 +28,7 @@ source testcase.bash || exit 2
set -x
-append_cleanup "userdel -fr -Z testuser1"
+append_cleanup "killall -9 -u testuser1; userdel -fr -Z testuser1"
append_cleanup "groupdel testuser1"
userdel -fr -Z testuser1
groupdel testuser1
@@ -38,7 +38,7 @@ if [[ $? -ne 0 ]]; then
exit_error
fi
-append_cleanup "userdel -fr -Z testuser2"
+append_cleanup "killall -9 -u testuser2; userdel -fr -Z testuser2"
append_cleanup "groupdel testuser2"
userdel -fr -Z testuser2
groupdel testuser2
diff --git a/audit-test/kvm/test_libvirt_access_ssh.bash b/audit-test/kvm/test_libvirt_access_ssh.bash
index 00ad5dd..20fbfa6 100755
--- a/audit-test/kvm/test_libvirt_access_ssh.bash
+++ b/audit-test/kvm/test_libvirt_access_ssh.bash
@@ -28,7 +28,7 @@ source testcase.bash || exit 2
set -x
-append_cleanup "userdel -fr -Z testuser1"
+append_cleanup "killall -9 -u testuser1; userdel -fr -Z testuser1"
append_cleanup "groupdel testuser1"
userdel -fr -Z testuser1
groupdel testuser1
@@ -38,7 +38,7 @@ if [[ $? -ne 0 ]]; then
exit_error
fi
-append_cleanup "userdel -fr -Z testuser2"
+append_cleanup "killall -9 -u testuser2; userdel -fr -Z testuser2"
append_cleanup "groupdel testuser2"
userdel -fr -Z testuser2
groupdel testuser2
diff --git a/audit-test/kvm/test_selinux_chcon_resource.bash b/audit-test/kvm/test_selinux_chcon_resource.bash
index edf4517..9ffa11a 100755
--- a/audit-test/kvm/test_selinux_chcon_resource.bash
+++ b/audit-test/kvm/test_selinux_chcon_resource.bash
@@ -27,7 +27,7 @@ source testcase.bash || exit 2
set -x
-append_cleanup "userdel -fr testuser1"
+append_cleanup "killall -9 -u testuser1; userdel -fr testuser1"
append_cleanup "groupdel testuser1"
userdel -fr testuser1
groupdel testuser1
@@ -37,7 +37,7 @@ if [[ $? -ne 0 ]]; then
exit_error
fi
-append_cleanup "userdel -fr testuser2"
+append_cleanup "killall -9 -u testuser2; userdel -fr testuser2"
append_cleanup "groupdel testuser2"
userdel -fr testuser2
groupdel testuser2
diff --git a/audit-test/libpam/tests/test_sudo.bash b/audit-test/libpam/tests/test_sudo.bash
index 5bd48f6..1a2f5ed 100755
--- a/audit-test/libpam/tests/test_sudo.bash
+++ b/audit-test/libpam/tests/test_sudo.bash
@@ -206,18 +206,20 @@ CMD_RET_p4=0
source pam_functions.bash || exit 2
setup_cleanup() {
- prepend_cleanup "rm -rf /home/$USERG /home/$USERO /home/$USERT /var/mail/$USERG /var/mail/$USERO /var/mail/$USERT"
prepend_cleanup "rm -f /etc/sudoers.new"
prepend_cleanup "groupdel $GROUP"
- prepend_cleanup "userdel $USERT"
- prepend_cleanup "userdel $USERO"
- prepend_cleanup "userdel $USERG"
+ prepend_cleanup "killall -9 -u $USERT; userdel -rf $USERT"
+ prepend_cleanup "killall -9 -u $USERO; userdel -rf $USERO"
+ prepend_cleanup "killall -9 -u $USERG; userdel -rf $USERG"
}
gen_user() {
- userdel $USERG 2> /dev/null
- userdel $USERO 2> /dev/null
- userdel $USERT 2> /dev/null
+ killall -9 -u $USERG
+ killall -9 -u $USERO
+ killall -9 -u $USERT
+ userdel -rf $USERG 2> /dev/null
+ userdel -rf $USERO 2> /dev/null
+ userdel -rf $USERT 2> /dev/null
groupdel $GROUP 2> /dev/null
groupadd $GROUP
useradd -u $USERG_ID -g $GROUP -p $PASSENC $USERG
diff --git a/audit-test/misc/tests/test_ipc_permission.bash b/audit-test/misc/tests/test_ipc_permission.bash
index 664a151..bc5ab20 100755
--- a/audit-test/misc/tests/test_ipc_permission.bash
+++ b/audit-test/misc/tests/test_ipc_permission.bash
@@ -41,9 +41,8 @@ TEST_USER2="permtest3"
function create_user(){
echo "Creating test user $TEST_USER2..."
if egrep "^$TEST_USER2" /etc/passwd; then
- userdel $TEST_USER2 >& /dev/null
- [ -d "home/$TEST_USER2" ] && rm -rf /home/$TEST_USER2
- sleep 1
+ killall -9 -u $TEST_USER2
+ userdel -rf $TEST_USER2
fi
useradd -g $TEST_USER2 $TEST_USER2
@@ -72,10 +71,8 @@ function create_group(){
function delete_user(){
echo "Deleting test user $TEST_USER2..."
- userdel -r $TEST_USER2 >& /dev/null
- [ -d "/home/$TEST_USER2" ] && rm -rf /home/$TEST_USER2
-
- sleep 1
+ killall -9 -u $TEST_USER2
+ userdel -rf $TEST_USER2 >& /dev/null
if [ "$?" != "0" ]; then
echo "Not able to delete test user $TEST_USER2."
exit 1
diff --git a/audit-test/misc/tests/test_procperm.bash b/audit-test/misc/tests/test_procperm.bash
index 0074bcb..554d9f5 100755
--- a/audit-test/misc/tests/test_procperm.bash
+++ b/audit-test/misc/tests/test_procperm.bash
@@ -39,11 +39,9 @@ function create_user(){
echo "Creating test user $TEST_USER..."
#erase user if he may exist , so we can have a clean env
- userdel $TEST_USER >& /dev/null
+ killall -9 -u $TEST_USER
+ userdel -rf $TEST_USER >& /dev/null
groupdel $TEST_USER >& /dev/null
- [ -d "/home/$TEST_USER" ] && rm -rf /home/$TEST_USER
-
- sleep 1
useradd -m -p "$TEST_USER_ENCRYPTED_PASSWD" $TEST_USER
@@ -60,10 +58,9 @@ function create_user(){
function delete_user(){
echo "Deleting test user $TEST_USER..."
- userdel $TEST_USER >& /dev/null
- sleep 1
+ killall -9 -u $TEST_USER
+ userdel -rf $TEST_USER >& /dev/null
groupdel $TEST_USER >& /dev/null
- [ -d "/home/$TEST_USER" ] && rm -rf /home/$TEST_USER
if [ "$?" != "0" ]; then
echo "Not able to delete test user $TEST_USER."
diff --git a/audit-test/netfilebt/testperm.bash b/audit-test/netfilebt/testperm.bash
index 88300df..888e9ae 100755
--- a/audit-test/netfilebt/testperm.bash
+++ b/audit-test/netfilebt/testperm.bash
@@ -32,12 +32,14 @@ useradd -m -p usertest "$TEST_USER"
rc=$?
if [[ $rc -ne 0 ]]; then
echo "operation not permitted, return code is $rc"
- userdel -r "$TEST_USER" &>/dev/null
+ killall -9 -u "$TEST_USER"
+ userdel -rf "$TEST_USER" &>/dev/null
ebtables -L
exit_pass
else
echo "test failed, ebtables operation permitted"
- userdel -r "$TEST_USER" &>/dev/null
+ killall -9 -u "$TEST_USER"
+ userdel -rf "$TEST_USER" &>/dev/null
ebtables -L
exit_fail
fi
diff --git a/audit-test/netfilter/testpermip4.bash b/audit-test/netfilter/testpermip4.bash
index 26a86ab..5787012 100755
--- a/audit-test/netfilter/testpermip4.bash
+++ b/audit-test/netfilter/testpermip4.bash
@@ -14,12 +14,14 @@ useradd -m -p usertest "$TEST_USER"
rc=$?
if [[ $rc -ne 0 ]]; then
echo "operation not permitted, return code is $rc"
- userdel -r "$TEST_USER" &>/dev/null
+ killall -9 -u "$TEST_USER"
+ userdel -rf "$TEST_USER" &>/dev/null
ebtables -L
exit_pass
else
echo "test failed, ebtables operation permitted"
- userdel -r "$TEST_USER" &>/dev/null
+ killall -9 -u "$TEST_USER"
+ userdel -rf "$TEST_USER" &>/dev/null
ebtables -L
exit_fail
fi
diff --git a/audit-test/netfilter/testpermip6.bash b/audit-test/netfilter/testpermip6.bash
index b8b5535..9524d33 100755
--- a/audit-test/netfilter/testpermip6.bash
+++ b/audit-test/netfilter/testpermip6.bash
@@ -13,12 +13,14 @@ useradd -m -p usertest "$TEST_USER"
rc=$?
if [[ $rc -ne 0 ]]; then
echo "operation not permitted, return code is $rc"
- userdel -r "$TEST_USER" &>/dev/null
+ killall -9 -u "$TEST_USER"
+ userdel -rf "$TEST_USER" &>/dev/null
ebtables -L
exit_pass
else
echo "test failed, ebtables operation permitted"
- userdel -r "$TEST_USER" &>/dev/null
+ killall -9 -u "$TEST_USER"
+ userdel -rf "$TEST_USER" &>/dev/null
ebtables -L
exit_fail
fi
diff --git a/audit-test/trustedprograms/tests/cron_functions.bash b/audit-test/trustedprograms/tests/cron_functions.bash
index e8da274..3491941 100644
--- a/audit-test/trustedprograms/tests/cron_functions.bash
+++ b/audit-test/trustedprograms/tests/cron_functions.bash
@@ -59,20 +59,9 @@ function cleanup {
crontab -r -u $TEST_USER
fi
- if [ -d "/home/$TEST_USER2" ]; then
- userdel $TEST_USER2
- rm -rf /home/$TEST_USER2
- fi
+ killall -9 -u $TEST_USER2
+ userdel -rf $TEST_USER2 2>/dev/null
- if [ -d "$TEST_DIR" ]; then
- rm -rf $TEST_DIR
- fi
-
- if [ -e "$CRON_ALLOW" ]; then
- rm -f $CRON_ALLOW
- fi
-
- if [ -e "$CRON_DENY" ]; then
- rm -f $CRON_DENY
- fi
+ rm -rf $TEST_DIR
+ rm -f $CRON_ALLOW $CRON_DENY
}
diff --git a/audit-test/trustedprograms/tests/lastlog01 b/audit-test/trustedprograms/tests/lastlog01
index e559970..047a368 100755
--- a/audit-test/trustedprograms/tests/lastlog01
+++ b/audit-test/trustedprograms/tests/lastlog01
@@ -34,7 +34,6 @@ RHOST="localhost"
TEST_USER='ll_user'
TEST_USER_PASSWD='ltP_t3st*_pass'
TEST_USER_ENCRYPTED_PASSWD='$6$mdf9vvfz$2hQcpjsaKz21PUmjoVfLT23XZb/HbFEKmK6GePHj3arBU2cadAmVDcakSU9HgjaI0u.yzx.XAS3hNXZLtuCZ1.'
-TEST_USER_HOMEDIR="/home/$TEST_USER"
TEST=0
#-----------------------------------------------------------------------
@@ -46,9 +45,8 @@ create_user(){
echo "Creating test user $TEST_USER..."
#erase user if he may exist , so we can have a clean env
- rm -rf /home/$TEST_USER
- userdel $TEST_USER
- sleep 1
+ killall -9 -u $TEST_USER
+ userdel -rf $TEST_USER
useradd -m -p "$TEST_USER_ENCRYPTED_PASSWD" -g users $TEST_USER
@@ -67,8 +65,8 @@ create_user(){
delete_user(){
echo "Deleting test user $TEST_USER..."
- rm -rf /home/$TEST_USER
- userdel $TEST_USER
+ killall -9 -u $TEST_USER
+ userdel -rf $TEST_USER
if [ $? != 0 ]
then
echo "Not able to delete test user $TEST_USER."
diff --git a/audit-test/trustedprograms/tests/test_usermod_l.bash b/audit-test/trustedprograms/tests/test_usermod_l.bash
index b91610d..452c5c6 100755
--- a/audit-test/trustedprograms/tests/test_usermod_l.bash
+++ b/audit-test/trustedprograms/tests/test_usermod_l.bash
@@ -23,7 +23,7 @@ source tp_auth_functions.bash || exit 2
# setup
useradd -n -G games -u $uid $user || exit_error "groupadd failed"
read user2 uid2 <<<"$(generate_unique_user)"
-prepend_cleanup "userdel -r $user2"
+prepend_cleanup "killall -9 -u $user2; userdel -rf $user2"
# test
setpid usermod -l $user2 $user || exit_error "usermod failed"
diff --git a/audit-test/trustedprograms/tests/tp_auth_functions.bash b/audit-test/trustedprograms/tests/tp_auth_functions.bash
index 9f0ffee..4792216 100644
--- a/audit-test/trustedprograms/tests/tp_auth_functions.bash
+++ b/audit-test/trustedprograms/tests/tp_auth_functions.bash
@@ -82,7 +82,7 @@ function user_cleanup {
read group gid <<<"$(generate_unique_group)"
read user uid <<<"$(generate_unique_user)"
-prepend_cleanup "grep -q '^$user:' /etc/passwd && { killall -9 -u '$user' ; userdel -r '$user'; }"
+prepend_cleanup "grep -q '^$user:' /etc/passwd && { killall -9 -u '$user' ; userdel -rf '$user'; }"
prepend_cleanup "grep -q '^$group:' /etc/group && groupdel '$group'"
set -x
diff --git a/audit-test/trustedprograms/tests/utils.plib b/audit-test/trustedprograms/tests/utils.plib
index 75f4cb8..2c58855 100755
--- a/audit-test/trustedprograms/tests/utils.plib
+++ b/audit-test/trustedprograms/tests/utils.plib
@@ -13,6 +13,7 @@ sub create_user($) {
if ( ! $username ) {
return -1;
}
+ `killall -9 -u '$username'`;
`userdel -rf '$username' 2>/dev/null`;
`useradd -m -g users '$username'`;
if ($? != 0) {
@@ -27,6 +28,7 @@ sub delete_user($) {
return -1;
}
clear_oldpassword();
+ `killall -9 -u '$username'`;
`userdel -rf '$username'`;
if ($? != 0) {
die("ERROR $?: Cannot delete user $username");
diff --git a/audit-test/utils/run.bash b/audit-test/utils/run.bash
index 721e744..7106479 100755
--- a/audit-test/utils/run.bash
+++ b/audit-test/utils/run.bash
@@ -247,7 +247,8 @@ function startup {
killall -HUP auditd # reload config when auditd was already running
# Add the test user which is used for unprivileged tests
- userdel -r "$TEST_USER" &>/dev/null
+ killall -9 -u "$TEST_USER"
+ userdel -Z -rf "$TEST_USER" &>/dev/null
groupdel "$TEST_USER" &>/dev/null
dmsg "Adding group $TEST_USER"
groupadd "$TEST_USER" || die
@@ -257,7 +258,8 @@ function startup {
faillock --user "$TEST_USER" --reset
# Add the test user which is in sysadm_r
- userdel -r "$TEST_ADMIN" &>/dev/null
+ killall -9 -u "$TEST_ADMIN"
+ userdel -Z -rf "$TEST_ADMIN" &>/dev/null
groupdel "$TEST_ADMIN" &>/dev/null
dmsg "Adding group $TEST_ADMIN"
groupadd "$TEST_ADMIN" || die
@@ -289,7 +291,7 @@ function cleanup {
killall -9 -u "$RUSER"
# Remove the test user
dmsg "Removing user $RUSER"
- userdel -Z -r "$RUSER" &>/dev/null
+ userdel -Z -rf "$RUSER" &>/dev/null
dmsg "Removing group $RUSER"
groupdel "$RUSER" &>/dev/null
# Cleanup polyinstantiated home directory
--
1.8.3.1
|
