Compare commits
2 Commits
478604992b
...
e5179b02a6
Author | SHA1 | Date |
---|---|---|
Luca Boccassi | e5179b02a6 | |
Luca Boccassi | 6e06b80854 |
|
@ -2,6 +2,7 @@
|
|||
|
||||
#include "audit-util.h"
|
||||
#include "tests.h"
|
||||
#include "virt.h"
|
||||
|
||||
TEST(audit_loginuid_from_pid) {
|
||||
_cleanup_(pidref_done) PidRef self = PIDREF_NULL, pid1 = PIDREF_NULL;
|
||||
|
@ -17,7 +18,22 @@ TEST(audit_loginuid_from_pid) {
|
|||
if (r >= 0)
|
||||
log_info("self audit login uid: " UID_FMT, uid);
|
||||
|
||||
ASSERT_ERROR(audit_loginuid_from_pid(&pid1, &uid), ENODATA);
|
||||
/* pid1 at build time does not necessarily have to be systemd, it could be anything and be in any
|
||||
* state outside of our control, as any custom-built, unknown and weird container manager stub pid1
|
||||
* might be in use. The audit helper should catch this on container-other and return -ENODATA
|
||||
* already, but we cannot have any coverage of this case, so a risk of regression is always present.
|
||||
* To be on the safe side, assert only on known container solutions (or VMs/bare-metal), and print a
|
||||
* loud warning and complain, asking to fix the audit setup of the container manager, if it is an
|
||||
* unknown one. As a specific example, on the Debian buildd network the stub pid1 is not systemd,
|
||||
* and has a sessionid. */
|
||||
r = audit_loginuid_from_pid(&pid1, &uid);
|
||||
if (detect_container() != VIRTUALIZATION_CONTAINER_OTHER)
|
||||
ASSERT_ERROR(r, ENODATA);
|
||||
else if (r != -ENODATA)
|
||||
log_error("audit_loginuid_from_pid on pid1 unexpectedly returned %d instead of -ENODATA. "
|
||||
"This likely suggests that the container manager under which this test is run "
|
||||
"has incorrectly set up the audit subsystem, as the stub pid1 is not supposed to "
|
||||
"have an audit login id, and it should be fixed.", r);
|
||||
|
||||
uint32_t sessionid;
|
||||
r = audit_session_from_pid(&self, &sessionid);
|
||||
|
@ -26,7 +42,15 @@ TEST(audit_loginuid_from_pid) {
|
|||
if (r >= 0)
|
||||
log_info("self audit session id: %" PRIu32, sessionid);
|
||||
|
||||
ASSERT_ERROR(audit_session_from_pid(&pid1, &sessionid), ENODATA);
|
||||
/* As above. */
|
||||
r = audit_session_from_pid(&pid1, &sessionid);
|
||||
if (detect_container() != VIRTUALIZATION_CONTAINER_OTHER)
|
||||
ASSERT_ERROR(r, ENODATA);
|
||||
else if (r != -ENODATA)
|
||||
log_error("audit_session_from_pid on pid1 unexpectedly returned %d instead of -ENODATA. "
|
||||
"This likely suggests that the container manager under which this test is run "
|
||||
"has incorrectly set up the audit subsystem, as the stub pid1 is not supposed to "
|
||||
"have an audit session id, and it should be fixed.", r);
|
||||
}
|
||||
|
||||
static int intro(void) {
|
||||
|
|
Loading…
Reference in New Issue