diff options
Diffstat (limited to 'test')
| -rw-r--r-- | test/common/mod.rs | 127 | ||||
| -rw-r--r-- | test/sys/test_ptrace.rs | 2 | ||||
| -rw-r--r-- | test/sys/test_socket.rs | 14 | ||||
| -rw-r--r-- | test/sys/test_sockopt.rs | 2 | ||||
| -rw-r--r-- | test/sys/test_uio.rs | 1 | ||||
| -rw-r--r-- | test/sys/test_wait.rs | 1 | ||||
| -rw-r--r-- | test/test.rs | 111 | ||||
| -rw-r--r-- | test/test_fcntl.rs | 4 | ||||
| -rw-r--r-- | test/test_kmod/mod.rs | 1 | ||||
| -rw-r--r-- | test/test_mount.rs | 3 | ||||
| -rw-r--r-- | test/test_unistd.rs | 5 |
11 files changed, 159 insertions, 112 deletions
diff --git a/test/common/mod.rs b/test/common/mod.rs new file mode 100644 index 00000000..ace03fc6 --- /dev/null +++ b/test/common/mod.rs @@ -0,0 +1,127 @@ +use cfg_if::cfg_if; + +#[macro_export] macro_rules! skip { + ($($reason: expr),+) => { + use ::std::io::{self, Write}; + + let stderr = io::stderr(); + let mut handle = stderr.lock(); + writeln!(handle, $($reason),+).unwrap(); + return; + } +} + +cfg_if! { + if #[cfg(any(target_os = "android", target_os = "linux"))] { + #[macro_export] macro_rules! require_capability { + ($capname:ident) => { + use ::caps::{Capability, CapSet, has_cap}; + + if !has_cap(None, CapSet::Effective, Capability::$capname) + .unwrap() + { + skip!("Insufficient capabilities. Skipping test."); + } + } + } + } else if #[cfg(not(target_os = "redox"))] { + #[macro_export] macro_rules! require_capability { + ($capname:ident) => {} + } + } +} + +#[cfg(any(target_os = "linux", target_os= "android"))] +#[macro_export] macro_rules! skip_if_cirrus { + ($reason:expr) => { + if std::env::var_os("CIRRUS_CI").is_some() { + skip!("{}", $reason); + } + } +} + +#[cfg(target_os = "freebsd")] +#[macro_export] macro_rules! skip_if_jailed { + ($name:expr) => { + use ::sysctl::CtlValue; + + if let CtlValue::Int(1) = ::sysctl::value("security.jail.jailed") + .unwrap() + { + skip!("{} cannot run in a jail. Skipping test.", $name); + } + } +} + +#[cfg(not(target_os = "redox"))] +#[macro_export] macro_rules! skip_if_not_root { + ($name:expr) => { + use nix::unistd::Uid; + + if !Uid::current().is_root() { + skip!("{} requires root privileges. Skipping test.", $name); + } + }; +} + +cfg_if! { + if #[cfg(any(target_os = "android", target_os = "linux"))] { + #[macro_export] macro_rules! skip_if_seccomp { + ($name:expr) => { + if let Ok(s) = std::fs::read_to_string("/proc/self/status") { + for l in s.lines() { + let mut fields = l.split_whitespace(); + if fields.next() == Some("Seccomp:") && + fields.next() != Some("0") + { + skip!("{} cannot be run in Seccomp mode. Skipping test.", + stringify!($name)); + } + } + } + } + } + } else if #[cfg(not(target_os = "redox"))] { + #[macro_export] macro_rules! skip_if_seccomp { + ($name:expr) => {} + } + } +} + +cfg_if! { + if #[cfg(target_os = "linux")] { + #[macro_export] macro_rules! require_kernel_version { + ($name:expr, $version_requirement:expr) => { + use semver::{Version, VersionReq}; + + let version_requirement = VersionReq::parse($version_requirement) + .expect("Bad match_version provided"); + + let uname = nix::sys::utsname::uname(); + println!("{}", uname.sysname()); + println!("{}", uname.nodename()); + println!("{}", uname.release()); + println!("{}", uname.version()); + println!("{}", uname.machine()); + + // Fix stuff that the semver parser can't handle + let fixed_release = &uname.release().to_string() + // Fedora 33 reports version as 4.18.el8_2.x86_64 or + // 5.18.200-fc33.x86_64. Remove the underscore. + .replace("_", "-") + // Cirrus-CI reports version as 4.19.112+ . Remove the + + .replace("+", ""); + let mut version = Version::parse(fixed_release).unwrap(); + + //Keep only numeric parts + version.pre.clear(); + version.build.clear(); + + if !version_requirement.matches(&version) { + skip!("Skip {} because kernel version `{}` doesn't match the requirement `{}`", + stringify!($name), version, version_requirement); + } + } + } + } +} diff --git a/test/sys/test_ptrace.rs b/test/sys/test_ptrace.rs index 3b60dd70..38cf408b 100644 --- a/test/sys/test_ptrace.rs +++ b/test/sys/test_ptrace.rs @@ -8,6 +8,8 @@ use nix::sys::ptrace::Options; #[cfg(any(target_os = "android", target_os = "linux"))] use std::mem; +use crate::*; + #[test] fn test_ptrace() { // Just make sure ptrace can be called at all, for now. diff --git a/test/sys/test_socket.rs b/test/sys/test_socket.rs index c5abb7ba..313b2d86 100644 --- a/test/sys/test_socket.rs +++ b/test/sys/test_socket.rs @@ -9,6 +9,8 @@ use std::slice; use std::str::FromStr; use libc::c_char; use tempfile; +#[cfg(any(target_os = "linux", target_os= "android"))] +use crate::*; #[test] pub fn test_inetv4_addr_to_sock_addr() { @@ -237,6 +239,9 @@ mod recvfrom { use nix::sys::socket::sockopt::{UdpGroSegment, UdpGsoSegment}; #[test] + // Disable the test on emulated platforms because it fails in Cirrus-CI. Lack of QEMU + // support is suspected. + #[cfg_attr(not(any(target_arch = "x86_64", target_arch="i686")), ignore)] pub fn gso() { require_kernel_version!(udp_offload::gso, ">= 4.18"); @@ -288,6 +293,9 @@ mod recvfrom { } #[test] + // Disable the test on emulated platforms because it fails in Cirrus-CI. Lack of QEMU + // support is suspected. + #[cfg_attr(not(any(target_arch = "x86_64", target_arch="i686")), ignore)] pub fn gro() { require_kernel_version!(udp_offload::gro, ">= 5.3"); @@ -592,12 +600,13 @@ pub fn test_af_alg_cipher() { ControlMessage, MsgFlags}; use nix::sys::socket::sockopt::AlgSetKey; + skip_if_cirrus!("Fails for an unknown reason Cirrus CI. Bug #1352"); // Travis's seccomp profile blocks AF_ALG // https://docs.docker.com/engine/security/seccomp/ skip_if_seccomp!(test_af_alg_cipher); let alg_type = "skcipher"; - let alg_name = "ctr(aes)"; + let alg_name = "ctr-aes-aesni"; // 256-bits secret key let key = vec![0u8; 32]; // 16-bytes IV @@ -660,6 +669,7 @@ pub fn test_af_alg_aead() { ControlMessage, MsgFlags}; use nix::sys::socket::sockopt::{AlgSetKey, AlgSetAeadAuthSize}; + skip_if_cirrus!("Fails for an unknown reason Cirrus CI. Bug #1352"); // Travis's seccomp profile blocks AF_ALG // https://docs.docker.com/engine/security/seccomp/ skip_if_seccomp!(test_af_alg_aead); @@ -1018,7 +1028,7 @@ fn test_too_large_cmsgspace() { fn test_impl_scm_credentials_and_rights(mut space: Vec<u8>) { use libc::ucred; use nix::sys::uio::IoVec; - use nix::unistd::{pipe, read, write, close, getpid, getuid, getgid}; + use nix::unistd::{pipe, write, close, getpid, getuid, getgid}; use nix::sys::socket::{socketpair, sendmsg, recvmsg, setsockopt, SockType, SockFlag, ControlMessage, ControlMessageOwned, MsgFlags}; diff --git a/test/sys/test_sockopt.rs b/test/sys/test_sockopt.rs index 8e2adced..56065931 100644 --- a/test/sys/test_sockopt.rs +++ b/test/sys/test_sockopt.rs @@ -1,5 +1,7 @@ use rand::{thread_rng, Rng}; use nix::sys::socket::{socket, sockopt, getsockopt, setsockopt, AddressFamily, SockType, SockFlag, SockProtocol}; +#[cfg(any(target_os = "android", target_os = "linux"))] +use crate::*; #[cfg(target_os = "linux")] #[test] diff --git a/test/sys/test_uio.rs b/test/sys/test_uio.rs index 4fa838c9..8d22bf17 100644 --- a/test/sys/test_uio.rs +++ b/test/sys/test_uio.rs @@ -203,6 +203,7 @@ fn test_process_vm_readv() { use nix::unistd::ForkResult::*; use nix::sys::signal::*; use nix::sys::wait::*; + use crate::*; require_capability!(CAP_SYS_PTRACE); let _ = crate::FORK_MTX.lock().expect("Mutex got poisoned by another test"); diff --git a/test/sys/test_wait.rs b/test/sys/test_wait.rs index d1056250..5bb298eb 100644 --- a/test/sys/test_wait.rs +++ b/test/sys/test_wait.rs @@ -67,6 +67,7 @@ mod ptrace { use nix::unistd::*; use nix::unistd::ForkResult::*; use libc::_exit; + use crate::*; fn ptrace_child() -> ! { ptrace::traceme().unwrap(); diff --git a/test/test.rs b/test/test.rs index 37c81f94..b57c1a66 100644 --- a/test/test.rs +++ b/test/test.rs @@ -5,115 +5,7 @@ extern crate nix; #[macro_use] extern crate lazy_static; -macro_rules! skip { - ($($reason: expr),+) => { - use ::std::io::{self, Write}; - - let stderr = io::stderr(); - let mut handle = stderr.lock(); - writeln!(handle, $($reason),+).unwrap(); - return; - } -} - -cfg_if! { - if #[cfg(any(target_os = "android", target_os = "linux"))] { - macro_rules! require_capability { - ($capname:ident) => { - use ::caps::{Capability, CapSet, has_cap}; - - if !has_cap(None, CapSet::Effective, Capability::$capname) - .unwrap() - { - skip!("Insufficient capabilities. Skipping test."); - } - } - } - } else if #[cfg(not(target_os = "redox"))] { - macro_rules! require_capability { - ($capname:ident) => {} - } - } -} - -#[cfg(target_os = "freebsd")] -macro_rules! skip_if_jailed { - ($name:expr) => { - use ::sysctl::CtlValue; - - if let CtlValue::Int(1) = ::sysctl::value("security.jail.jailed") - .unwrap() - { - skip!("{} cannot run in a jail. Skipping test.", $name); - } - } -} - -#[cfg(not(target_os = "redox"))] -macro_rules! skip_if_not_root { - ($name:expr) => { - use nix::unistd::Uid; - - if !Uid::current().is_root() { - skip!("{} requires root privileges. Skipping test.", $name); - } - }; -} - -cfg_if! { - if #[cfg(any(target_os = "android", target_os = "linux"))] { - macro_rules! skip_if_seccomp { - ($name:expr) => { - if let Ok(s) = std::fs::read_to_string("/proc/self/status") { - for l in s.lines() { - let mut fields = l.split_whitespace(); - if fields.next() == Some("Seccomp:") && - fields.next() != Some("0") - { - skip!("{} cannot be run in Seccomp mode. Skipping test.", - stringify!($name)); - } - } - } - } - } - } else if #[cfg(not(target_os = "redox"))] { - macro_rules! skip_if_seccomp { - ($name:expr) => {} - } - } -} - -cfg_if! { - if #[cfg(target_os = "linux")] { - macro_rules! require_kernel_version { - ($name:expr, $version_requirement:expr) => { - use semver::{Version, VersionReq}; - - let version_requirement = VersionReq::parse($version_requirement) - .expect("Bad match_version provided"); - - let uname = nix::sys::utsname::uname(); - - // Linux may report version as 4.18.el8_2.x86_64 or 5.18.200-fc33.x86_64 - // semver sematics does not support underscore. Replace this with hypen. - let mut version = Version::parse( - &uname.release().to_string().replace("_", "-") - ).unwrap(); - - //Keep only numeric parts - version.pre.clear(); - version.build.clear(); - - if !version_requirement.matches(&version) { - skip!("Skip {} because kernel version `{}` doesn't match the requirement `{}`", - stringify!($name), version, version_requirement); - } - } - } - } -} - +mod common; mod sys; #[cfg(not(target_os = "redox"))] mod test_dir; @@ -151,6 +43,7 @@ use std::path::PathBuf; use std::sync::{Mutex, RwLock, RwLockWriteGuard}; use nix::unistd::{chdir, getcwd, read}; + /// Helper function analogous to `std::io::Read::read_exact`, but for `RawFD`s fn read_exact(f: RawFd, buf: &mut [u8]) { let mut len = 0; diff --git a/test/test_fcntl.rs b/test/test_fcntl.rs index 29719072..1e8b2678 100644 --- a/test/test_fcntl.rs +++ b/test/test_fcntl.rs @@ -19,6 +19,8 @@ use std::io::prelude::*; #[cfg(not(target_os = "redox"))] use std::os::unix::fs; +use crate::*; + #[test] #[cfg(not(target_os = "redox"))] fn test_openat() { @@ -93,6 +95,8 @@ mod linux_android { use tempfile::{tempfile, NamedTempFile}; + use crate::*; + /// This test creates a temporary file containing the contents /// 'foobarbaz' and uses the `copy_file_range` call to transfer /// 3 bytes at offset 3 (`bar`) to another empty file at offset 0. The diff --git a/test/test_kmod/mod.rs b/test/test_kmod/mod.rs index e7472ab8..fb7260ba 100644 --- a/test/test_kmod/mod.rs +++ b/test/test_kmod/mod.rs @@ -2,6 +2,7 @@ use std::fs::copy; use std::path::PathBuf; use std::process::Command; use tempfile::{tempdir, TempDir}; +use crate::*; fn compile_kernel_module() -> (PathBuf, String, TempDir) { let _m = crate::FORK_MTX diff --git a/test/test_mount.rs b/test/test_mount.rs index 605276b5..c1b6c8a3 100644 --- a/test/test_mount.rs +++ b/test/test_mount.rs @@ -1,3 +1,5 @@ +mod common; + // Impelmentation note: to allow unprivileged users to run it, this test makes // use of user and mount namespaces. On systems that allow unprivileged user // namespaces (Linux >= 3.8 compiled with CONFIG_USER_NS), the test should run @@ -222,6 +224,7 @@ fn main() { use test_mount::{setup_namespaces, test_mount_tmpfs_without_flags_allows_rwx, test_mount_rdonly_disallows_write, test_mount_noexec_disallows_exec, test_mount_bind}; + skip_if_cirrus!("Fails for an unknown reason Cirrus CI. Bug #1351"); setup_namespaces(); run_tests!(test_mount_tmpfs_without_flags_allows_rwx, diff --git a/test/test_unistd.rs b/test/test_unistd.rs index 34f7f561..de696718 100644 --- a/test/test_unistd.rs +++ b/test/test_unistd.rs @@ -26,6 +26,8 @@ use std::path::Path; use tempfile::{tempdir, tempfile}; use libc::{_exit, off_t}; +use crate::*; + #[test] #[cfg(not(any(target_os = "netbsd")))] fn test_fork_and_waitpid() { @@ -990,8 +992,9 @@ fn test_setfsuid() { let nobody = User::from_name("nobody").unwrap().unwrap(); // create a temporary file with permissions '-rw-r-----' - let file = tempfile::NamedTempFile::new().unwrap(); + let file = tempfile::NamedTempFile::new_in("/var/tmp").unwrap(); let temp_path = file.into_temp_path(); + dbg!(&temp_path); let temp_path_2 = (&temp_path).to_path_buf(); let mut permissions = fs::metadata(&temp_path).unwrap().permissions(); permissions.set_mode(640); |