Compare commits
2 Commits
478604992b
...
e5179b02a6
Author | SHA1 | Date |
---|---|---|
Luca Boccassi | e5179b02a6 | |
Luca Boccassi | 6e06b80854 |
|
@ -2,6 +2,7 @@
|
||||||
|
|
||||||
#include "audit-util.h"
|
#include "audit-util.h"
|
||||||
#include "tests.h"
|
#include "tests.h"
|
||||||
|
#include "virt.h"
|
||||||
|
|
||||||
TEST(audit_loginuid_from_pid) {
|
TEST(audit_loginuid_from_pid) {
|
||||||
_cleanup_(pidref_done) PidRef self = PIDREF_NULL, pid1 = PIDREF_NULL;
|
_cleanup_(pidref_done) PidRef self = PIDREF_NULL, pid1 = PIDREF_NULL;
|
||||||
|
@ -17,7 +18,22 @@ TEST(audit_loginuid_from_pid) {
|
||||||
if (r >= 0)
|
if (r >= 0)
|
||||||
log_info("self audit login uid: " UID_FMT, uid);
|
log_info("self audit login uid: " UID_FMT, uid);
|
||||||
|
|
||||||
ASSERT_ERROR(audit_loginuid_from_pid(&pid1, &uid), ENODATA);
|
/* pid1 at build time does not necessarily have to be systemd, it could be anything and be in any
|
||||||
|
* state outside of our control, as any custom-built, unknown and weird container manager stub pid1
|
||||||
|
* might be in use. The audit helper should catch this on container-other and return -ENODATA
|
||||||
|
* already, but we cannot have any coverage of this case, so a risk of regression is always present.
|
||||||
|
* To be on the safe side, assert only on known container solutions (or VMs/bare-metal), and print a
|
||||||
|
* loud warning and complain, asking to fix the audit setup of the container manager, if it is an
|
||||||
|
* unknown one. As a specific example, on the Debian buildd network the stub pid1 is not systemd,
|
||||||
|
* and has a sessionid. */
|
||||||
|
r = audit_loginuid_from_pid(&pid1, &uid);
|
||||||
|
if (detect_container() != VIRTUALIZATION_CONTAINER_OTHER)
|
||||||
|
ASSERT_ERROR(r, ENODATA);
|
||||||
|
else if (r != -ENODATA)
|
||||||
|
log_error("audit_loginuid_from_pid on pid1 unexpectedly returned %d instead of -ENODATA. "
|
||||||
|
"This likely suggests that the container manager under which this test is run "
|
||||||
|
"has incorrectly set up the audit subsystem, as the stub pid1 is not supposed to "
|
||||||
|
"have an audit login id, and it should be fixed.", r);
|
||||||
|
|
||||||
uint32_t sessionid;
|
uint32_t sessionid;
|
||||||
r = audit_session_from_pid(&self, &sessionid);
|
r = audit_session_from_pid(&self, &sessionid);
|
||||||
|
@ -26,7 +42,15 @@ TEST(audit_loginuid_from_pid) {
|
||||||
if (r >= 0)
|
if (r >= 0)
|
||||||
log_info("self audit session id: %" PRIu32, sessionid);
|
log_info("self audit session id: %" PRIu32, sessionid);
|
||||||
|
|
||||||
ASSERT_ERROR(audit_session_from_pid(&pid1, &sessionid), ENODATA);
|
/* As above. */
|
||||||
|
r = audit_session_from_pid(&pid1, &sessionid);
|
||||||
|
if (detect_container() != VIRTUALIZATION_CONTAINER_OTHER)
|
||||||
|
ASSERT_ERROR(r, ENODATA);
|
||||||
|
else if (r != -ENODATA)
|
||||||
|
log_error("audit_session_from_pid on pid1 unexpectedly returned %d instead of -ENODATA. "
|
||||||
|
"This likely suggests that the container manager under which this test is run "
|
||||||
|
"has incorrectly set up the audit subsystem, as the stub pid1 is not supposed to "
|
||||||
|
"have an audit session id, and it should be fixed.", r);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int intro(void) {
|
static int intro(void) {
|
||||||
|
|
Loading…
Reference in New Issue