diff --git a/.image-garden.mk b/.image-garden.mk index 19cc2ded1..50754dad4 100644 --- a/.image-garden.mk +++ b/.image-garden.mk @@ -79,6 +79,7 @@ packages: - python311 - python311-devel - swig +- which endef define FEDORA_CLOUD_INIT_USER_DATA_TEMPLATE diff --git a/common/Make.rules b/common/Make.rules index 842789616..4194ddf85 100644 --- a/common/Make.rules +++ b/common/Make.rules @@ -35,7 +35,7 @@ VERSION=$(shell cat $(COMMONDIR)/Version) pathsearch = $(firstword $(wildcard $(addsuffix /$(1),$(subst :, ,$(PATH))))) map = $(foreach a,$(2),$(call $(1),$(a))) -AWK?=$(or $(shell command -v awk),$(error awk utility required for build but not available)) +AWK?=$(or $(shell which awk),$(error awk utility required for build but not available)) define nl diff --git a/tests/regression/apparmor/Makefile b/tests/regression/apparmor/Makefile index 0bf82645e..f8bf34d92 100644 --- a/tests/regression/apparmor/Makefile +++ b/tests/regression/apparmor/Makefile @@ -27,7 +27,7 @@ manually, or build against in-tree libapparmor.${nl}\ endif # LIBAPPARMOR not set LDLIBS += $(LIBAPPARMOR) - AA_EXEC = $(shell command -v aa-exec) + AA_EXEC = $(shell which aa-exec) ifeq ($(AA_EXEC),) AA_EXEC_ERROR_MESSAGE = $(error ${nl}\ ************************************************************************${nl}\ @@ -85,6 +85,9 @@ endif SYSCTL_INCLUDE="\#include " USE_SYSCTL:=$(shell echo $(SYSCTL_INCLUDE) | cpp -dM >/dev/null 2>/dev/null && echo true) +LINUX_MOUNT_INCLUDE="\#include " +HAVE_LINUX_MOUNT_H:=$(shell echo $(LINUX_MOUNT_INCLUDE) | cpp -dM >/dev/null 2>/dev/null && echo true) + CFLAGS += -g -O0 $(EXTRA_WARNINGS) SRC=access.c \ @@ -125,7 +128,6 @@ SRC=access.c \ mmap.c \ mkdir.c \ mount.c \ - move_mount.c \ named_pipe.c \ net_inet_rcv.c \ net_inet_snd.c \ @@ -174,6 +176,11 @@ ifneq (,$(findstring $(shell uname -i),i386 i486 i586 i686 x86 x86_64)) SRC+=syscall_ioperm.c syscall_iopl.c endif +#only do move_mount test if we have linux/mount.h +ifeq ($(HAVE_LINUX_MOUNT_H),true) +SRC+=move_mount.c +endif + #only do sysctl syscall test if defines installed and OR supported by the # kernel ifeq ($(USE_SYSCTL),true) @@ -181,7 +188,7 @@ SRC+=syscall_sysctl.c endif # Only do xattrs_profile test if we have the required setfattr binary -ifneq (,$(shell command -v setfattr)) +ifneq (,$(shell which setfattr > /dev/null && echo TRUE)) SRC+=xattrs_profile.c else $(warning ${nl}\ @@ -192,7 +199,7 @@ Install attr or equivalent package to build and run this test${nl}\ endif # Only do overlayfs_fuse test if we have the required fuse-overlayfs binary -ifeq (,$(shell command -v fuse-overlayfs)) +ifeq (,$(shell which fuse-overlayfs > /dev/null && echo TRUE)) $(warning ${nl}\ ************************************************************************${nl}\ No fuse-overlayfs skipping overlayfs_fuse tests ...${nl}\ @@ -321,12 +328,12 @@ TESTS=aa_exec \ nfs # Only do overlayfs_fuse test if we have the required fuse-overlayfs binary -ifneq (,$(shell command -v fuse-overlayfs)) +ifneq (,$(shell which fuse-overlayfs > /dev/null && echo TRUE)) TESTS+=overlayfs_fuse endif # Only do xattrs_profile test if we have the required setfattr binary -ifneq (,$(shell command -v setfattr)) +ifneq (,$(shell which setfattr > /dev/null && echo TRUE)) TESTS+=xattrs_profile endif diff --git a/tests/regression/apparmor/complain.sh b/tests/regression/apparmor/complain.sh index 6b9b137d6..ffca342e7 100644 --- a/tests/regression/apparmor/complain.sh +++ b/tests/regression/apparmor/complain.sh @@ -29,5 +29,5 @@ runchecktest "Complain mode profile (file exec no permission entry)" pass exec e # This test will fail on a kernel that doesn't have # https://lists.ubuntu.com/archives/apparmor/2024-August/013338.html applied -genprofile -C $(command -v echo):cx +genprofile -C $(which echo):cx runchecktest "Complain mode profile (file exec cx permission entry)" pass exec echo PASS diff --git a/tests/regression/apparmor/mount.sh b/tests/regression/apparmor/mount.sh index 6c1a00deb..58d667ffd 100755 --- a/tests/regression/apparmor/mount.sh +++ b/tests/regression/apparmor/mount.sh @@ -305,6 +305,11 @@ open_tree_tests() { mnt_target=$2 fsname=$3 settest move_mount + + if [ ! -f "$bin/move_mount" ]; then + echo " WARNING: move_mount binary was not built, skipping open_tree_tests ..." + return + fi # TODO: check for move_mount syscall support # TODO: check that parser supports detached # eg. move_mount tmpfs /tmp/move_mount_test tmpfs @@ -377,6 +382,11 @@ fsmount_tests() { mnt_target=$2 fsname=$3 settest move_mount + + if [ ! -f "$bin/move_mount" ]; then + echo " WARNING: move_mount binary was not built, skipping fsmount_tests ..." + return + fi # TODO: check for move_mount syscall support # TODO: check that parser supports detached # eg. move_mount tmpfs /tmp/move_mount_test tmpfs @@ -423,6 +433,11 @@ all_rule() { runchecktest "MOUNT (confined allow all remount)" pass mount ${loop_device} ${mount_point} -o remount remove_mnt + if [ ! -f "$bin/move_mount" ]; then + echo " WARNING: move_mount binary was not built, skipping all_rule move_mount tests ..." + return + fi + settest move_mount genprofile "all"