From 765d5b87ef311a40ca77bec92b853e31301af999 Mon Sep 17 00:00:00 2001 From: Ryan Lee Date: Tue, 11 Mar 2025 16:24:04 -0700 Subject: [PATCH 1/4] regression: skip move_mount test if linux/mount.h is not found linux/mount.h is only used in the move_mount test, which exercises the move_mount syscall that was introduced sometime in 2018 or later. Older systems without the header also lack the syscall, so we can just skip the test in those cases. Signed-off-by: Ryan Lee --- tests/regression/apparmor/Makefile | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/tests/regression/apparmor/Makefile b/tests/regression/apparmor/Makefile index 0bf82645e..91ea0e71b 100644 --- a/tests/regression/apparmor/Makefile +++ b/tests/regression/apparmor/Makefile @@ -85,6 +85,9 @@ endif SYSCTL_INCLUDE="\#include " USE_SYSCTL:=$(shell echo $(SYSCTL_INCLUDE) | cpp -dM >/dev/null 2>/dev/null && echo true) +LINUX_MOUNT_INCLUDE="\#include " +HAVE_LINUX_MOUNT_H:=$(shell echo $(LINUX_MOUNT_INCLUDE) | cpp -dM >/dev/null 2>/dev/null && echo true) + CFLAGS += -g -O0 $(EXTRA_WARNINGS) SRC=access.c \ @@ -125,7 +128,6 @@ SRC=access.c \ mmap.c \ mkdir.c \ mount.c \ - move_mount.c \ named_pipe.c \ net_inet_rcv.c \ net_inet_snd.c \ @@ -174,6 +176,11 @@ ifneq (,$(findstring $(shell uname -i),i386 i486 i586 i686 x86 x86_64)) SRC+=syscall_ioperm.c syscall_iopl.c endif +#only do move_mount test if we have linux/mount.h +ifeq ($(HAVE_LINUX_MOUNT_H),true) +SRC+=move_mount.c +endif + #only do sysctl syscall test if defines installed and OR supported by the # kernel ifeq ($(USE_SYSCTL),true) From 52fc40a9cb30bd47d19b988eb29d429a4021a2da Mon Sep 17 00:00:00 2001 From: Ryan Lee Date: Tue, 11 Mar 2025 17:18:35 -0700 Subject: [PATCH 2/4] regression: replace command -v with which in Makefile The command shell builtin is not recognized by older versions of make, so switch back to using the which binary instead. Signed-off-by: Ryan Lee --- common/Make.rules | 2 +- tests/regression/apparmor/Makefile | 10 +++++----- tests/regression/apparmor/complain.sh | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/common/Make.rules b/common/Make.rules index 842789616..4194ddf85 100644 --- a/common/Make.rules +++ b/common/Make.rules @@ -35,7 +35,7 @@ VERSION=$(shell cat $(COMMONDIR)/Version) pathsearch = $(firstword $(wildcard $(addsuffix /$(1),$(subst :, ,$(PATH))))) map = $(foreach a,$(2),$(call $(1),$(a))) -AWK?=$(or $(shell command -v awk),$(error awk utility required for build but not available)) +AWK?=$(or $(shell which awk),$(error awk utility required for build but not available)) define nl diff --git a/tests/regression/apparmor/Makefile b/tests/regression/apparmor/Makefile index 91ea0e71b..f8bf34d92 100644 --- a/tests/regression/apparmor/Makefile +++ b/tests/regression/apparmor/Makefile @@ -27,7 +27,7 @@ manually, or build against in-tree libapparmor.${nl}\ endif # LIBAPPARMOR not set LDLIBS += $(LIBAPPARMOR) - AA_EXEC = $(shell command -v aa-exec) + AA_EXEC = $(shell which aa-exec) ifeq ($(AA_EXEC),) AA_EXEC_ERROR_MESSAGE = $(error ${nl}\ ************************************************************************${nl}\ @@ -188,7 +188,7 @@ SRC+=syscall_sysctl.c endif # Only do xattrs_profile test if we have the required setfattr binary -ifneq (,$(shell command -v setfattr)) +ifneq (,$(shell which setfattr > /dev/null && echo TRUE)) SRC+=xattrs_profile.c else $(warning ${nl}\ @@ -199,7 +199,7 @@ Install attr or equivalent package to build and run this test${nl}\ endif # Only do overlayfs_fuse test if we have the required fuse-overlayfs binary -ifeq (,$(shell command -v fuse-overlayfs)) +ifeq (,$(shell which fuse-overlayfs > /dev/null && echo TRUE)) $(warning ${nl}\ ************************************************************************${nl}\ No fuse-overlayfs skipping overlayfs_fuse tests ...${nl}\ @@ -328,12 +328,12 @@ TESTS=aa_exec \ nfs # Only do overlayfs_fuse test if we have the required fuse-overlayfs binary -ifneq (,$(shell command -v fuse-overlayfs)) +ifneq (,$(shell which fuse-overlayfs > /dev/null && echo TRUE)) TESTS+=overlayfs_fuse endif # Only do xattrs_profile test if we have the required setfattr binary -ifneq (,$(shell command -v setfattr)) +ifneq (,$(shell which setfattr > /dev/null && echo TRUE)) TESTS+=xattrs_profile endif diff --git a/tests/regression/apparmor/complain.sh b/tests/regression/apparmor/complain.sh index 6b9b137d6..ffca342e7 100644 --- a/tests/regression/apparmor/complain.sh +++ b/tests/regression/apparmor/complain.sh @@ -29,5 +29,5 @@ runchecktest "Complain mode profile (file exec no permission entry)" pass exec e # This test will fail on a kernel that doesn't have # https://lists.ubuntu.com/archives/apparmor/2024-August/013338.html applied -genprofile -C $(command -v echo):cx +genprofile -C $(which echo):cx runchecktest "Complain mode profile (file exec cx permission entry)" pass exec echo PASS From af936812eeb719fdb97860e4ed0057e3385fbd90 Mon Sep 17 00:00:00 2001 From: Ryan Lee Date: Wed, 12 Mar 2025 12:10:51 -0700 Subject: [PATCH 3/4] spread: add which to openSUSE Tumbleweek image-garden package list Signed-off-by: Ryan Lee --- .image-garden.mk | 1 + 1 file changed, 1 insertion(+) diff --git a/.image-garden.mk b/.image-garden.mk index 19cc2ded1..50754dad4 100644 --- a/.image-garden.mk +++ b/.image-garden.mk @@ -79,6 +79,7 @@ packages: - python311 - python311-devel - swig +- which endef define FEDORA_CLOUD_INIT_USER_DATA_TEMPLATE From 5edca7f64f1fe985edff187b58ebc83e79751c02 Mon Sep 17 00:00:00 2001 From: Ryan Lee Date: Wed, 12 Mar 2025 13:02:43 -0700 Subject: [PATCH 4/4] regression: skip move_mount tests when move_mount binary is unavailable Signed-off-by: Ryan Lee --- tests/regression/apparmor/mount.sh | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/tests/regression/apparmor/mount.sh b/tests/regression/apparmor/mount.sh index 6c1a00deb..58d667ffd 100755 --- a/tests/regression/apparmor/mount.sh +++ b/tests/regression/apparmor/mount.sh @@ -305,6 +305,11 @@ open_tree_tests() { mnt_target=$2 fsname=$3 settest move_mount + + if [ ! -f "$bin/move_mount" ]; then + echo " WARNING: move_mount binary was not built, skipping open_tree_tests ..." + return + fi # TODO: check for move_mount syscall support # TODO: check that parser supports detached # eg. move_mount tmpfs /tmp/move_mount_test tmpfs @@ -377,6 +382,11 @@ fsmount_tests() { mnt_target=$2 fsname=$3 settest move_mount + + if [ ! -f "$bin/move_mount" ]; then + echo " WARNING: move_mount binary was not built, skipping fsmount_tests ..." + return + fi # TODO: check for move_mount syscall support # TODO: check that parser supports detached # eg. move_mount tmpfs /tmp/move_mount_test tmpfs @@ -423,6 +433,11 @@ all_rule() { runchecktest "MOUNT (confined allow all remount)" pass mount ${loop_device} ${mount_point} -o remount remove_mnt + if [ ! -f "$bin/move_mount" ]; then + echo " WARNING: move_mount binary was not built, skipping all_rule move_mount tests ..." + return + fi + settest move_mount genprofile "all"