Compare commits

...

2 Commits

Author SHA1 Message Date
Luca Boccassi e5179b02a6
Merge 6e06b80854 into 321c202e7c 2024-11-25 16:38:35 +00:00
Luca Boccassi 6e06b80854 test-audit-util: do not assert on unknown container managers
The test can be ran on systems that are not booted on systemd, and/or
in a strange and unknown container manager stub pid1 that does not
behave as we expect, so making assertions based on the precise state
of an unknown, foreign pid1 is not guaranteed to yield the expected
results and may fail at any given time.

More specifically, this happens when building systemd on the buildd
network, which is used to build packages in Debian/Ubuntu:

 Assertion 'audit_session_from_pid(&pid1, &sessionid) == -ENODATA' failed at src/test/test-audit-util.c:27, function test_audit_loginuid_from_pid(). Aborting.

https://buildd.debian.org/status/fetch.php?pkg=systemd&arch=amd64&ver=257%7Erc2-1&stamp=1731712935&raw=0

Add a failsafe and print a loud complaint in the unit test, asking to
fix the container manager, if this situation is detected.
2024-11-22 13:48:22 +00:00
1 changed files with 26 additions and 2 deletions

View File

@ -2,6 +2,7 @@
#include "audit-util.h" #include "audit-util.h"
#include "tests.h" #include "tests.h"
#include "virt.h"
TEST(audit_loginuid_from_pid) { TEST(audit_loginuid_from_pid) {
_cleanup_(pidref_done) PidRef self = PIDREF_NULL, pid1 = PIDREF_NULL; _cleanup_(pidref_done) PidRef self = PIDREF_NULL, pid1 = PIDREF_NULL;
@ -17,7 +18,22 @@ TEST(audit_loginuid_from_pid) {
if (r >= 0) if (r >= 0)
log_info("self audit login uid: " UID_FMT, uid); log_info("self audit login uid: " UID_FMT, uid);
ASSERT_ERROR(audit_loginuid_from_pid(&pid1, &uid), ENODATA); /* pid1 at build time does not necessarily have to be systemd, it could be anything and be in any
* state outside of our control, as any custom-built, unknown and weird container manager stub pid1
* might be in use. The audit helper should catch this on container-other and return -ENODATA
* already, but we cannot have any coverage of this case, so a risk of regression is always present.
* To be on the safe side, assert only on known container solutions (or VMs/bare-metal), and print a
* loud warning and complain, asking to fix the audit setup of the container manager, if it is an
* unknown one. As a specific example, on the Debian buildd network the stub pid1 is not systemd,
* and has a sessionid. */
r = audit_loginuid_from_pid(&pid1, &uid);
if (detect_container() != VIRTUALIZATION_CONTAINER_OTHER)
ASSERT_ERROR(r, ENODATA);
else if (r != -ENODATA)
log_error("audit_loginuid_from_pid on pid1 unexpectedly returned %d instead of -ENODATA. "
"This likely suggests that the container manager under which this test is run "
"has incorrectly set up the audit subsystem, as the stub pid1 is not supposed to "
"have an audit login id, and it should be fixed.", r);
uint32_t sessionid; uint32_t sessionid;
r = audit_session_from_pid(&self, &sessionid); r = audit_session_from_pid(&self, &sessionid);
@ -26,7 +42,15 @@ TEST(audit_loginuid_from_pid) {
if (r >= 0) if (r >= 0)
log_info("self audit session id: %" PRIu32, sessionid); log_info("self audit session id: %" PRIu32, sessionid);
ASSERT_ERROR(audit_session_from_pid(&pid1, &sessionid), ENODATA); /* As above. */
r = audit_session_from_pid(&pid1, &sessionid);
if (detect_container() != VIRTUALIZATION_CONTAINER_OTHER)
ASSERT_ERROR(r, ENODATA);
else if (r != -ENODATA)
log_error("audit_session_from_pid on pid1 unexpectedly returned %d instead of -ENODATA. "
"This likely suggests that the container manager under which this test is run "
"has incorrectly set up the audit subsystem, as the stub pid1 is not supposed to "
"have an audit session id, and it should be fixed.", r);
} }
static int intro(void) { static int intro(void) {