diff --git a/CHANGES b/CHANGES index 2a82089069..95aa26898d 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +4818. [test] The logfileconfig system test could intermittently + report false negatives on some platforms. [RT #46615] + 4817. [cleanup] Use DNS_NAME_INITABSOLUTE and DNS_NAME_INITNONABSOLUTE. [RT #45433] diff --git a/bin/named/include/named/seccomp.h b/bin/named/include/named/seccomp.h index 2e7f6b41a1..a0490d2e95 100644 --- a/bin/named/include/named/seccomp.h +++ b/bin/named/include/named/seccomp.h @@ -26,6 +26,8 @@ int scmp_syscalls[] = { SCMP_SYS(access), SCMP_SYS(open), + SCMP_SYS(openat), + SCMP_SYS(lseek), SCMP_SYS(clock_gettime), SCMP_SYS(time), SCMP_SYS(read), @@ -54,6 +56,7 @@ int scmp_syscalls[] = { #ifdef HAVE_GETRANDOM SCMP_SYS(getrandom), #endif + SCMP_SYS(rename), SCMP_SYS(unlink), SCMP_SYS(socket), SCMP_SYS(sendto), @@ -72,7 +75,6 @@ int scmp_syscalls[] = { SCMP_SYS(getsockopt), SCMP_SYS(getsockname), SCMP_SYS(lstat), - SCMP_SYS(lseek), SCMP_SYS(getgid), SCMP_SYS(getegid), SCMP_SYS(getuid), @@ -83,9 +85,7 @@ int scmp_syscalls[] = { SCMP_SYS(setuid), SCMP_SYS(prctl), SCMP_SYS(epoll_wait), - SCMP_SYS(openat), SCMP_SYS(getdents), - SCMP_SYS(rename), SCMP_SYS(utimes), SCMP_SYS(dup), #endif @@ -93,6 +93,8 @@ int scmp_syscalls[] = { const char *scmp_syscall_names[] = { "access", "open", + "openat", + "lseek", "clock_gettime", "time", "read", @@ -121,6 +123,7 @@ const char *scmp_syscall_names[] = { #ifdef HAVE_GETRANDOM "getrandom", #endif + "rename", "unlink", "socket", "sendto", @@ -139,7 +142,6 @@ const char *scmp_syscall_names[] = { "getsockopt", "getsockname", "lstat", - "lseek", "getgid", "getegid", "getuid", @@ -150,9 +152,7 @@ const char *scmp_syscall_names[] = { "setuid", "prctl", "epoll_wait", - "openat", "getdents", - "rename", "utimes", "dup", #endif diff --git a/bin/tests/system/logfileconfig/tests.sh b/bin/tests/system/logfileconfig/tests.sh index ca7b80eddc..a2672e471e 100644 --- a/bin/tests/system/logfileconfig/tests.sh +++ b/bin/tests/system/logfileconfig/tests.sh @@ -35,6 +35,19 @@ PIDFILE="${THISDIR}/${CONFDIR}/named.pid" myRNDC="$RNDC -c ${THISDIR}/${CONFDIR}/rndc.conf" myNAMED="$NAMED -c ${THISDIR}/${CONFDIR}/named.conf -m record,size,mctx -T clienttest -T nosyslog -d 99 -X named.lock -U 4" +# Test given condition. If true, test again after a second. Used for testing +# filesystem-dependent conditions in order to prevent false negatives caused by +# directory contents not being synchronized immediately after rename() returns. +test_with_retry() { + if test "$@"; then + sleep 1 + if test "$@"; then + return 0 + fi + fi + return 1 +} + waitforpidfile() { for _w in 1 2 3 4 5 6 7 8 9 10 do @@ -48,9 +61,10 @@ n=0 cd $CONFDIR -n=`expr $n + 1` -echo "I:testing log file validity (named -g + only plain files allowed) ($n)" +echo "I:testing log file validity (named -g + only plain files allowed)" +n=`expr $n + 1` +echo "I: testing plain file (named -g) ($n)" # First run with a known good config. echo > $PLAINFILE cp $PLAINCONF named.conf @@ -58,9 +72,9 @@ $myRNDC reconfig > rndc.out.test$n 2>&1 grep "reloading configuration failed" named.run > /dev/null 2>&1 if [ $? -ne 0 ] then - echo "I: testing plain file succeeded" + echo "I: testing plain file succeeded" else - echo "I: testing plain file failed (unexpected)" + echo "I: testing plain file failed (unexpected)" echo "I:exit status: 1" exit 1 fi @@ -79,14 +93,14 @@ then grep "checking logging configuration failed: invalid file" named.run > /dev/null 2>&1 if [ $? -ne 0 ] then - echo "I: testing directory as file succeeded (UNEXPECTED)" + echo "I: testing directory as file succeeded (UNEXPECTED)" echo "I:exit status: 1" exit 1 else - echo "I: testing directory as log file failed (expected)" + echo "I: testing directory as log file failed (expected)" fi else - echo "I: skipping directory test (unable to create directory)" + echo "I: skipping directory test (unable to create directory)" fi # Now try pipe file, expect failure @@ -103,14 +117,14 @@ then grep "checking logging configuration failed: invalid file" named.run > /dev/null 2>&1 if [ $? -ne 0 ] then - echo "I: testing pipe file as log file succeeded (UNEXPECTED)" + echo "I: testing pipe file as log file succeeded (UNEXPECTED)" echo "I:exit status: 1" exit 1 else - echo "I: testing pipe file as log file failed (expected)" + echo "I: testing pipe file as log file failed (expected)" fi else - echo "I: skipping pipe test (unable to create pipe)" + echo "I: skipping pipe test (unable to create pipe)" fi # Now try symlink file to plain file, expect success @@ -129,14 +143,14 @@ then grep "reloading configuration failed" named.run > /dev/null 2>&1 if [ $? -ne 0 ] then - echo "I: testing symlink to plain file succeeded" + echo "I: testing symlink to plain file succeeded" else - echo "I: testing symlink to plain file failed (unexpected)" + echo "I: testing symlink to plain file failed (unexpected)" echo "I:exit status: 1" exit 1 fi else - echo "I: skipping symlink test (unable to create symlink)" + echo "I: skipping symlink test (unable to create symlink)" fi # Stop the server and run through a series of tests with various config # files while controlling the stop/start of the server. @@ -155,9 +169,10 @@ fi status=0 -n=`expr $n + 1` -echo "I:testing log file validity (only plain files allowed) ($n)" +echo "I:testing log file validity (only plain files allowed)" +n=`expr $n + 1` +echo "I: testing plain file (named -g) ($n)" # First run with a known good config. echo > $PLAINFILE cp $PLAINCONF named.conf @@ -165,9 +180,9 @@ $myRNDC reconfig > rndc.out.test$n 2>&1 grep "reloading configuration failed" named.run > /dev/null 2>&1 if [ $? -ne 0 ] then - echo "I: testing plain file succeeded" + echo "I: testing plain file succeeded" else - echo "I: testing plain file failed (unexpected)" + echo "I: testing plain file failed (unexpected)" echo "I:exit status: 1" exit 1 fi @@ -186,14 +201,14 @@ then grep "configuring logging: invalid file" named.run > /dev/null 2>&1 if [ $? -ne 0 ] then - echo "I: testing directory as file succeeded (UNEXPECTED)" + echo "I: testing directory as file succeeded (UNEXPECTED)" echo "I:exit status: 1" exit 1 else - echo "I: testing directory as log file failed (expected)" + echo "I: testing directory as log file failed (expected)" fi else - echo "I: skipping directory test (unable to create directory)" + echo "I: skipping directory test (unable to create directory)" fi # Now try pipe file, expect failure @@ -210,14 +225,14 @@ then grep "configuring logging: invalid file" named.run > /dev/null 2>&1 if [ $? -ne 0 ] then - echo "I: testing pipe file as log file succeeded (UNEXPECTED)" + echo "I: testing pipe file as log file succeeded (UNEXPECTED)" echo "I:exit status: 1" exit 1 else - echo "I: testing pipe file as log file failed (expected)" + echo "I: testing pipe file as log file failed (expected)" fi else - echo "I: skipping pipe test (unable to create pipe)" + echo "I: skipping pipe test (unable to create pipe)" fi # Now try symlink file to plain file, expect success @@ -237,18 +252,18 @@ then grep "reloading configuration failed" named.run > /dev/null 2>&1 if [ $? -ne 0 ] then - echo "I: testing symlink to plain file succeeded" + echo "I: testing symlink to plain file succeeded" else - echo "I: testing symlink to plain file failed (unexpected)" + echo "I: testing symlink to plain file failed (unexpected)" echo "I:exit status: 1" exit 1 fi else - echo "I: skipping symlink test (unable to create symlink)" + echo "I: skipping symlink test (unable to create symlink)" fi n=`expr $n + 1` -echo "I: testing default logfile using named -L file ($n)" +echo "I:testing default logfile using named -L file ($n)" # Now stop the server again and test the -L option rm -f $DLFILE $PERL ../../stop.pl .. ns1 @@ -256,7 +271,7 @@ if ! test -f $PIDFILE; then cp $PLAINCONF named.conf $myNAMED -L $DLFILE > /dev/null 2>&1 if [ $? -ne 0 ]; then - echo "I:failed to start $myNAMED" + echo "I: failed to start $myNAMED" echo "I:exit status: $status" exit $status fi @@ -272,7 +287,7 @@ if ! test -f $PIDFILE; then exit 1 fi else - echo "I:failed to cleanly stop $myNAMED" + echo "I: failed to cleanly stop $myNAMED" echo "I:exit status: 1" exit 1 fi @@ -284,9 +299,9 @@ echo "I: testing iso8601 timestamp ($n)" cp $ISOCONF named.conf $myRNDC reconfig > rndc.out.test$n 2>&1 if grep '^....-..-..T..:..:..\.... ' $ISOFILE > /dev/null; then - echo "I: testing iso8601 timestamp succeeded" + echo "I: testing iso8601 timestamp succeeded" else - echo "I: testing iso8601 timestamp failed" + echo "I: testing iso8601 timestamp failed" status=`expr $status + 1` fi @@ -295,14 +310,14 @@ echo "I: testing iso8601-utc timestamp ($n)" cp $ISOCONFUTC named.conf $myRNDC reconfig > rndc.out.test$n 2>&1 if grep '^....-..-..T..:..:..\....Z' $ISOUTCFILE > /dev/null; then - echo "I: testing iso8601-utc timestamp succeeded" + echo "I: testing iso8601-utc timestamp succeeded" else - echo "I: testing iso8601-utc timestamp failed" + echo "I: testing iso8601-utc timestamp failed" status=`expr $status + 1` fi n=`expr $n + 1` -echo "I: testing explict versions ($n)" +echo "I: testing explicit versions ($n)" cp $VERSCONF named.conf # a seconds since epoch version number touch $VERSFILE.1480039317 @@ -313,27 +328,27 @@ t2=`$PERL -e 'print time()."\n";'` t=`expr ${t2:-0} - ${t1:-0}` if test ${t:-1000} -gt 5 then - echo "I: testing explict versions failed cleanup of old entries took too long ($t secs)" + echo "I: testing explicit versions failed: cleanup of old entries took too long ($t secs)" status=`expr $status + 1` fi if ! grep "status: NOERROR" dig.out.test$n > /dev/null then - echo "I: testing explict versions failed DiG lookup failed" + echo "I: testing explicit versions failed: DiG lookup failed" status=`expr $status + 1` fi -if test -f $VERSFILE.1480039317 +if test_with_retry -f $VERSFILE.1480039317 then - echo "I: testing explict versions failed $VERSFILE.1480039317 not removed" + echo "I: testing explicit versions failed: $VERSFILE.1480039317 not removed" status=`expr $status + 1` fi -if test -f $VERSFILE.5 +if test_with_retry -f $VERSFILE.5 then - echo "I: testing explict versions failed $VERSFILE.5 exists" + echo "I: testing explicit versions failed: $VERSFILE.5 exists" status=`expr $status + 1` fi -if test ! -f $VERSFILE.4 +if test_with_retry ! -f $VERSFILE.4 then - echo "I: testing explict versions failed $VERSFILE.4 does not exist" + echo "I: testing explicit versions failed: $VERSFILE.4 does not exist" status=`expr $status + 1` fi @@ -349,17 +364,17 @@ t2=`$PERL -e 'print time()."\n";'` t=`expr ${t2:-0} - ${t1:-0}` if test ${t:-1000} -gt 5 then - echo "I: testing timestamped versions failed cleanup of old entries took too long ($t secs)" + echo "I: testing timestamped versions failed: cleanup of old entries took too long ($t secs)" status=`expr $status + 1` fi if ! grep "status: NOERROR" dig.out.test$n > /dev/null then - echo "I: testing timestamped versions failed DiG lookup failed" + echo "I: testing timestamped versions failed: DiG lookup failed" status=`expr $status + 1` fi -if test -f $TSFILE.1480039317 +if test_with_retry -f $TSFILE.1480039317 then - echo "I: testing timestamped versions failed $TSFILE.1480039317 not removed" + echo "I: testing timestamped versions failed: $TSFILE.1480039317 not removed" status=`expr $status + 1` fi @@ -375,22 +390,22 @@ t2=`$PERL -e 'print time()."\n";'` t=`expr ${t2:-0} - ${t1:-0}` if test ${t:-1000} -gt 5 then - echo "I: testing unlimited versions failed took too long ($t secs)" + echo "I: testing unlimited versions failed: took too long ($t secs)" status=`expr $status + 1` fi if ! grep "status: NOERROR" dig.out.test$n > /dev/null then - echo "I: testing unlimited versions failed DiG lookup failed" + echo "I: testing unlimited versions failed: DiG lookup failed" status=`expr $status + 1` fi -if test ! -f $UNLIMITEDFILE.1480039317 +if test_with_retry ! -f $UNLIMITEDFILE.1480039317 then - echo "I: testing unlimited versions failed $UNLIMITEDFILE.1480039317 removed" + echo "I: testing unlimited versions failed: $UNLIMITEDFILE.1480039317 removed" status=`expr $status + 1` fi -if test ! -f $UNLIMITEDFILE.4 +if test_with_retry ! -f $UNLIMITEDFILE.4 then - echo "I: testing unlimited versions failed $UNLIMITEDFILE.4 does not" + echo "I: testing unlimited versions failed: $UNLIMITEDFILE.4 does not exist" status=`expr $status + 1` fi