diff --git a/examples/docker.yml b/examples/docker.yml index 5b550cbb9..9713ddfec 100644 --- a/examples/docker.yml +++ b/examples/docker.yml @@ -20,7 +20,7 @@ onboot: command: ["/mount.sh", "/var/lib/docker"] services: - name: getty - image: "linuxkit/getty:148946d72d1c96df3ea91cb8ee4f9583cd3cc5c2" + image: "linuxkit/getty:ef9d667af71089326419fb08e9cc9d567cf15748" env: - INSECURE=true - name: rngd diff --git a/examples/gcp.yml b/examples/gcp.yml index 587a07dc9..07ac46d67 100644 --- a/examples/gcp.yml +++ b/examples/gcp.yml @@ -16,7 +16,7 @@ onboot: image: "linuxkit/metadata:31a0b0f5557c6123beaa9c33e3400ae3c03447e0" services: - name: getty - image: "linuxkit/getty:148946d72d1c96df3ea91cb8ee4f9583cd3cc5c2" + image: "linuxkit/getty:ef9d667af71089326419fb08e9cc9d567cf15748" env: - INSECURE=true - name: rngd diff --git a/examples/getty.yml b/examples/getty.yml index 4d4a34732..053191343 100644 --- a/examples/getty.yml +++ b/examples/getty.yml @@ -14,7 +14,7 @@ onboot: command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] services: - name: getty - image: "linuxkit/getty:148946d72d1c96df3ea91cb8ee4f9583cd3cc5c2" + image: "linuxkit/getty:ef9d667af71089326419fb08e9cc9d567cf15748" # to make insecure with passwordless root login, uncomment following lines #env: # - INSECURE=true diff --git a/examples/minimal.yml b/examples/minimal.yml index 18de506d0..a72ff023e 100644 --- a/examples/minimal.yml +++ b/examples/minimal.yml @@ -11,7 +11,7 @@ onboot: command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] services: - name: getty - image: "linuxkit/getty:148946d72d1c96df3ea91cb8ee4f9583cd3cc5c2" + image: "linuxkit/getty:ef9d667af71089326419fb08e9cc9d567cf15748" env: - INSECURE=true trust: diff --git a/examples/node_exporter.yml b/examples/node_exporter.yml index 6d588f482..d1934480e 100644 --- a/examples/node_exporter.yml +++ b/examples/node_exporter.yml @@ -7,7 +7,7 @@ init: - linuxkit/containerd:b50181bc6e0084e5fcd6b6ad3cf433c4f66cae5a services: - name: getty - image: "linuxkit/getty:148946d72d1c96df3ea91cb8ee4f9583cd3cc5c2" + image: "linuxkit/getty:ef9d667af71089326419fb08e9cc9d567cf15748" env: - INSECURE=true - name: rngd diff --git a/examples/redis-os.yml b/examples/redis-os.yml index ec7d9193a..a5ad02223 100644 --- a/examples/redis-os.yml +++ b/examples/redis-os.yml @@ -13,7 +13,7 @@ onboot: command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] services: - name: getty - image: "linuxkit/getty:148946d72d1c96df3ea91cb8ee4f9583cd3cc5c2" + image: "linuxkit/getty:ef9d667af71089326419fb08e9cc9d567cf15748" env: - INSECURE=true - name: redis diff --git a/examples/sshd.yml b/examples/sshd.yml index c63c22ef1..80558d796 100644 --- a/examples/sshd.yml +++ b/examples/sshd.yml @@ -11,7 +11,7 @@ onboot: image: "linuxkit/sysctl:3aa6bc663c2849ef239be7d941d3eaf3e6fcc018" services: - name: getty - image: "linuxkit/getty:148946d72d1c96df3ea91cb8ee4f9583cd3cc5c2" + image: "linuxkit/getty:ef9d667af71089326419fb08e9cc9d567cf15748" env: - INSECURE=true - name: rngd diff --git a/examples/swap.yml b/examples/swap.yml index 47742a2f4..0d1755f21 100644 --- a/examples/swap.yml +++ b/examples/swap.yml @@ -24,7 +24,7 @@ onboot: command: ["/swap.sh", "--path", "/var/external/swap", "--size", "1G", "--encrypt"] services: - name: getty - image: "linuxkit/getty:148946d72d1c96df3ea91cb8ee4f9583cd3cc5c2" + image: "linuxkit/getty:ef9d667af71089326419fb08e9cc9d567cf15748" env: - INSECURE=true - name: rngd diff --git a/examples/vmware.yml b/examples/vmware.yml index 7d7428b90..83bcb1820 100644 --- a/examples/vmware.yml +++ b/examples/vmware.yml @@ -11,7 +11,7 @@ onboot: image: "linuxkit/sysctl:3aa6bc663c2849ef239be7d941d3eaf3e6fcc018" services: - name: getty - image: "linuxkit/getty:148946d72d1c96df3ea91cb8ee4f9583cd3cc5c2" + image: "linuxkit/getty:ef9d667af71089326419fb08e9cc9d567cf15748" env: - INSECURE=true - name: rngd diff --git a/linuxkit.yml b/linuxkit.yml index 1f8005c16..24ff4d1e8 100644 --- a/linuxkit.yml +++ b/linuxkit.yml @@ -16,7 +16,7 @@ onboot: command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] services: - name: getty - image: "linuxkit/getty:148946d72d1c96df3ea91cb8ee4f9583cd3cc5c2" + image: "linuxkit/getty:ef9d667af71089326419fb08e9cc9d567cf15748" env: - INSECURE=true - name: rngd diff --git a/pkg/getty/Dockerfile b/pkg/getty/Dockerfile index 63123c911..3333ab88e 100644 --- a/pkg/getty/Dockerfile +++ b/pkg/getty/Dockerfile @@ -17,4 +17,4 @@ COPY --from=mirror /out/ / COPY usr/ /usr/ COPY etc/ /etc/ CMD ["/usr/bin/rungetty.sh"] -LABEL org.mobyproject.config='{"pid": "host", "net":"host", "binds": ["/run:/run", "/etc:/hostroot/etc","/tmp/ctr:/tmp/ctr", "/usr/bin/ctr:/usr/bin/ctr", "/usr/bin/runc:/usr/bin/runc", "/usr/bin/dist:/usr/bin/dist", "/var:/var","/containers:/containers","/dev:/dev"], "capabilities": ["all"]}' +LABEL org.mobyproject.config='{"pid": "host", "net":"host", "binds": ["/run:/run", "/etc:/hostroot/etc","/tmp/ctr:/tmp/ctr", "/usr/bin/ctr:/usr/bin/ctr", "/usr/bin/runc:/usr/bin/runc", "/usr/bin/dist:/usr/bin/dist", "/var:/var","/containers:/containers","/dev:/dev","/sys:/sys"], "capabilities": ["all"]}' diff --git a/test/cases/020_kernel/000_config_4.4.x/test-kernel-config.yml b/test/cases/020_kernel/000_config_4.4.x/test-kernel-config.yml index d3b27ba50..19f492fbe 100644 --- a/test/cases/020_kernel/000_config_4.4.x/test-kernel-config.yml +++ b/test/cases/020_kernel/000_config_4.4.x/test-kernel-config.yml @@ -7,7 +7,7 @@ init: - linuxkit/containerd:b50181bc6e0084e5fcd6b6ad3cf433c4f66cae5a onboot: - name: check-kernel-config - image: "linuxkit/test-kernel-config:ecff41279ccbc408079a3996a956432651c6eb9c" + image: "linuxkit/test-kernel-config:2acaa564c1801dd2ae1546c70c472dc58ac030a1" readonly: true - name: poweroff image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28" diff --git a/test/cases/020_kernel/001_config_4.9.x/test-kernel-config.yml b/test/cases/020_kernel/001_config_4.9.x/test-kernel-config.yml index 0538404b8..243c49b2e 100644 --- a/test/cases/020_kernel/001_config_4.9.x/test-kernel-config.yml +++ b/test/cases/020_kernel/001_config_4.9.x/test-kernel-config.yml @@ -7,7 +7,7 @@ init: - linuxkit/containerd:b50181bc6e0084e5fcd6b6ad3cf433c4f66cae5a onboot: - name: check-kernel-config - image: "linuxkit/test-kernel-config:ecff41279ccbc408079a3996a956432651c6eb9c" + image: "linuxkit/test-kernel-config:2acaa564c1801dd2ae1546c70c472dc58ac030a1" readonly: true - name: poweroff image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28" diff --git a/test/cases/020_kernel/003_config_4.11.x/test-kernel-config.yml b/test/cases/020_kernel/003_config_4.11.x/test-kernel-config.yml index d282e517f..63211f498 100644 --- a/test/cases/020_kernel/003_config_4.11.x/test-kernel-config.yml +++ b/test/cases/020_kernel/003_config_4.11.x/test-kernel-config.yml @@ -7,7 +7,7 @@ init: - linuxkit/containerd:b50181bc6e0084e5fcd6b6ad3cf433c4f66cae5a onboot: - name: check-kernel-config - image: "linuxkit/test-kernel-config:ecff41279ccbc408079a3996a956432651c6eb9c" + image: "linuxkit/test-kernel-config:2acaa564c1801dd2ae1546c70c472dc58ac030a1" readonly: true - name: poweroff image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28" diff --git a/test/hack/test.yml b/test/hack/test.yml index cc6ed19ed..890d22e02 100644 --- a/test/hack/test.yml +++ b/test/hack/test.yml @@ -12,7 +12,7 @@ onboot: image: "linuxkit/dhcpcd:7d2b8aaaf20c24ad7d11a5ea2ea5b4a80dc966f1" command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] - name: check-kernel-config - image: "linuxkit/test-kernel-config:ecff41279ccbc408079a3996a956432651c6eb9c" + image: "linuxkit/test-kernel-config:2acaa564c1801dd2ae1546c70c472dc58ac030a1" readonly: true - name: poweroff image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28" diff --git a/test/pkg/kernel-config/Makefile b/test/pkg/kernel-config/Makefile index 0c8e9c30d..3ae702705 100644 --- a/test/pkg/kernel-config/Makefile +++ b/test/pkg/kernel-config/Makefile @@ -5,7 +5,7 @@ IMAGE=test-kernel-config default: push -hash: Dockerfile check.sh check-kernel-config.sh etc/linuxkit +hash: Dockerfile check.sh check-kernel-config.sh DOCKER_CONTENT_TRUST=1 docker pull $(BASE) tar cf - $^ | docker build --no-cache -t $(IMAGE):build - docker run --rm --entrypoint=/bin/sh $(IMAGE):build -c "cat $^ /lib/apk/db/installed | sha1sum" | sed 's/ .*//' > hash diff --git a/test/pkg/kernel-config/check-kernel-config.sh b/test/pkg/kernel-config/check-kernel-config.sh index a05026769..e30d642b3 100755 --- a/test/pkg/kernel-config/check-kernel-config.sh +++ b/test/pkg/kernel-config/check-kernel-config.sh @@ -2,6 +2,11 @@ set -e +function fail { + printf "FAILURE: $1\n" + FAILED=1 +} + echo "starting kernel config sanity test with ${1:-/proc/config.gz}" if [ -n "$1" ]; then @@ -19,59 +24,116 @@ kernelMinor="${kernelMinor%%.*}" # Most tests against https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project # Positive cases -echo $UNZIPPED_CONFIG | grep -q CONFIG_BUG=y || (echo "CONFIG_BUG=y" && exit 1) -echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_KERNEL=y || (echo "CONFIG_DEBUG_KERNEL=y" && exit 1) -echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_RODATA=y || (echo "CONFIG_DEBUG_RODATA=y" && exit 1) -echo $UNZIPPED_CONFIG | grep -q CONFIG_CC_STACKPROTECTOR=y || (echo "CONFIG_CC_STACKPROTECTOR=y" && exit 1) -echo $UNZIPPED_CONFIG | grep -q CONFIG_CC_STACKPROTECTOR_STRONG=y || (echo "CONFIG_CC_STACKPROTECTOR_STRONG=y" && exit 1) -echo $UNZIPPED_CONFIG | grep -q CONFIG_STRICT_DEVMEM=y || (echo "CONFIG_STRICT_DEVMEM=y" && exit 1) -echo $UNZIPPED_CONFIG | grep -q CONFIG_SYN_COOKIES=y || (echo "CONFIG_SYN_COOKIES=y" && exit 1) -echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_CREDENTIALS=y || (echo "CONFIG_DEBUG_CREDENTIALS=y" && exit 1) -echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_NOTIFIERS=y || (echo "CONFIG_DEBUG_NOTIFIERS=y" && exit 1) -echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_LIST=y || (echo "CONFIG_DEBUG_LIST=y" && exit 1) -echo $UNZIPPED_CONFIG | grep -q CONFIG_SECCOMP=y || (echo "CONFIG_SECCOMP=y" && exit 1) -echo $UNZIPPED_CONFIG | grep -q CONFIG_SECCOMP_FILTER=y || (echo "CONFIG_SECCOMP_FILTER=y" && exit 1) -echo $UNZIPPED_CONFIG | grep -q CONFIG_SECURITY=y || (echo "CONFIG_SECURITY=y" && exit 1) -echo $UNZIPPED_CONFIG | grep -q CONFIG_SECURITY_YAMA=y || (echo "CONFIG_SECURITY_YAMA=y" && exit 1) -echo $UNZIPPED_CONFIG | grep -q CONFIG_PANIC_ON_OOPS=y || (echo "CONFIG_PANIC_ON_OOPS=y" && exit 1) -echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_SET_MODULE_RONX=y || (echo "CONFIG_DEBUG_SET_MODULE_RONX=y" && exit 1) -echo $UNZIPPED_CONFIG | grep -q CONFIG_SYN_COOKIES=y || (echo "CONFIG_SYN_COOKIES=y" && exit 1) -echo $UNZIPPED_CONFIG | grep -q CONFIG_LEGACY_VSYSCALL_NONE=y || (echo "CONFIG_LEGACY_VSYSCALL_NONE=y" && exit 1) -echo $UNZIPPED_CONFIG | grep -q CONFIG_RANDOMIZE_BASE=y || (echo "CONFIG_RANDOMIZE_BASE=y" && exit 1) +echo $UNZIPPED_CONFIG | grep -q CONFIG_BUG=y || fail "CONFIG_BUG=y" +echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_KERNEL=y || fail "CONFIG_DEBUG_KERNEL=y" +echo $UNZIPPED_CONFIG | grep -q CONFIG_CC_STACKPROTECTOR=y || fail "CONFIG_CC_STACKPROTECTOR=y" +echo $UNZIPPED_CONFIG | grep -q CONFIG_CC_STACKPROTECTOR_STRONG=y || fail "CONFIG_CC_STACKPROTECTOR_STRONG=y" +echo $UNZIPPED_CONFIG | grep -q CONFIG_STRICT_DEVMEM=y || fail "CONFIG_STRICT_DEVMEM=y" +echo $UNZIPPED_CONFIG | grep -q CONFIG_SYN_COOKIES=y || fail "CONFIG_SYN_COOKIES=y" +echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_CREDENTIALS=y || fail "CONFIG_DEBUG_CREDENTIALS=y" +echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_NOTIFIERS=y || fail "CONFIG_DEBUG_NOTIFIERS=y" +echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_LIST=y || fail "CONFIG_DEBUG_LIST=y" +echo $UNZIPPED_CONFIG | grep -q CONFIG_SECCOMP=y || fail "CONFIG_SECCOMP=y" +echo $UNZIPPED_CONFIG | grep -q CONFIG_SECCOMP_FILTER=y || fail "CONFIG_SECCOMP_FILTER=y" +echo $UNZIPPED_CONFIG | grep -q CONFIG_SECURITY=y || fail "CONFIG_SECURITY=y" +echo $UNZIPPED_CONFIG | grep -q CONFIG_SECURITY_YAMA=y || fail "CONFIG_SECURITY_YAMA=y" +echo $UNZIPPED_CONFIG | grep -q CONFIG_PANIC_ON_OOPS=y || fail "CONFIG_PANIC_ON_OOPS=y" +echo $UNZIPPED_CONFIG | grep -q CONFIG_SYN_COOKIES=y || fail "CONFIG_SYN_COOKIES=y" +echo $UNZIPPED_CONFIG | grep -q CONFIG_LEGACY_VSYSCALL_NONE=y || fail "CONFIG_LEGACY_VSYSCALL_NONE=y" +echo $UNZIPPED_CONFIG | grep -q CONFIG_RANDOMIZE_BASE=y || fail "CONFIG_RANDOMIZE_BASE=y" # Conditional on kernel version if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 5 ]; then - echo $UNZIPPED_CONFIG | grep -q CONFIG_IO_STRICT_DEVMEM=y || (echo "CONFIG_IO_STRICT_DEVMEM=y" && exit 1) - echo $UNZIPPED_CONFIG | grep -q CONFIG_UBSAN=y || (echo "CONFIG_UBSAN=y" && exit 1) + echo $UNZIPPED_CONFIG | grep -q CONFIG_IO_STRICT_DEVMEM=y || fail "CONFIG_IO_STRICT_DEVMEM=y" + echo $UNZIPPED_CONFIG | grep -q CONFIG_UBSAN=y || fail "CONFIG_UBSAN=y" fi if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 7 ]; then - echo $UNZIPPED_CONFIG | grep -q CONFIG_SLAB_FREELIST_RANDOM=y || (echo "CONFIG_SLAB_FREELIST_RANDOM=y" && exit 1) + echo $UNZIPPED_CONFIG | grep -q CONFIG_SLAB_FREELIST_RANDOM=y || fail "CONFIG_SLAB_FREELIST_RANDOM=y" fi if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 8 ]; then - echo $UNZIPPED_CONFIG | grep -q CONFIG_HARDENED_USERCOPY=y || (echo "CONFIG_HARDENED_USERCOPY=y" && exit 1) - echo $UNZIPPED_CONFIG | grep -q CONFIG_RANDOMIZE_MEMORY=y || (echo "CONFIG_RANDOMIZE_MEMORY=y" && exit 1) + echo $UNZIPPED_CONFIG | grep -q CONFIG_HARDENED_USERCOPY=y || fail "CONFIG_HARDENED_USERCOPY=y" + echo $UNZIPPED_CONFIG | grep -q CONFIG_RANDOMIZE_MEMORY=y || fail "CONFIG_RANDOMIZE_MEMORY=y" fi # poisoning cannot be enabled in 4.4 if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 9 ]; then - echo $UNZIPPED_CONFIG | grep -q CONFIG_PAGE_POISONING=y || (echo "CONFIG_PAGE_POISONING=y" && exit 1) - echo $UNZIPPED_CONFIG | grep -q CONFIG_PAGE_POISONING_NO_SANITY=y || (echo "CONFIG_PAGE_POISONING_NO_SANITY=y" && exit 1) - echo $UNZIPPED_CONFIG | grep -q CONFIG_PAGE_POISONING_ZERO=y || (echo "CONFIG_PAGE_POISONING_ZERO=y" && exit 1) + echo $UNZIPPED_CONFIG | grep -q CONFIG_PAGE_POISONING=y || fail "CONFIG_PAGE_POISONING=y" + echo $UNZIPPED_CONFIG | grep -q CONFIG_PAGE_POISONING_NO_SANITY=y || fail "CONFIG_PAGE_POISONING_NO_SANITY=y" + echo $UNZIPPED_CONFIG | grep -q CONFIG_PAGE_POISONING_ZERO=y || fail "CONFIG_PAGE_POISONING_ZERO=y" fi if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 10 ]; then - echo $UNZIPPED_CONFIG | grep -q CONFIG_BUG_ON_DATA_CORRUPTION=y || (echo "CONFIG_BUG_ON_DATA_CORRUPTION=y" && exit 1) + echo $UNZIPPED_CONFIG | grep -q CONFIG_BUG_ON_DATA_CORRUPTION=y || fail "CONFIG_BUG_ON_DATA_CORRUPTION=y" +fi + +if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -le 10 ]; then + echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_RODATA=y || fail "CONFIG_DEBUG_RODATA=y" + echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_SET_MODULE_RONX=y || fail "CONFIG_DEBUG_SET_MODULE_RONX=y" +fi + +if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 11 ]; then + echo $UNZIPPED_CONFIG | grep -q CONFIG_STRICT_KERNEL_RWX=y || fail "CONFIG_STRICT_KERNEL_RWX=y" fi # Negative cases -echo $UNZIPPED_CONFIG | grep -q 'CONFIG_ACPI_CUSTOM_METHOD is not set' || (echo "CONFIG_ACPI_CUSTOM_METHOD is not set" && exit 1) -echo $UNZIPPED_CONFIG | grep -q 'CONFIG_COMPAT_BRK is not set' || (echo "CONFIG_COMPAT_BRK is not set" && exit 1) -echo $UNZIPPED_CONFIG | grep -q 'CONFIG_DEVKMEM is not set' || (echo "CONFIG_DEVKMEM is not set" && exit 1) -echo $UNZIPPED_CONFIG | grep -q 'CONFIG_COMPAT_VDSO is not set' || (echo "CONFIG_COMPAT_VDSO is not set" && exit 1) -echo $UNZIPPED_CONFIG | grep -q 'CONFIG_KEXEC is not set' || (echo "CONFIG_KEXEC is not set" && exit 1) -echo $UNZIPPED_CONFIG | grep -q 'CONFIG_HIBERNATION is not set' || (echo "CONFIG_HIBERNATION is not set" && exit 1) -echo $UNZIPPED_CONFIG | grep -q 'CONFIG_LEGACY_PTYS is not set' || (echo "CONFIG_LEGACY_PTYS is not set" && exit 1) -echo $UNZIPPED_CONFIG | grep -q 'CONFIG_X86_X32 is not set' || (echo "CONFIG_X86_X32 is not set" && exit 1) -echo $UNZIPPED_CONFIG | grep -q 'CONFIG_MODIFY_LDT_SYSCALL is not set' || (echo "CONFIG_MODIFY_LDT_SYSCALL is not set" && exit 1) +echo $UNZIPPED_CONFIG | grep -q 'CONFIG_ACPI_CUSTOM_METHOD is not set' || fail "CONFIG_ACPI_CUSTOM_METHOD is not set" +echo $UNZIPPED_CONFIG | grep -q 'CONFIG_COMPAT_BRK is not set' || fail "CONFIG_COMPAT_BRK is not set" +echo $UNZIPPED_CONFIG | grep -q 'CONFIG_DEVKMEM is not set' || fail "CONFIG_DEVKMEM is not set" +echo $UNZIPPED_CONFIG | grep -q 'CONFIG_COMPAT_VDSO is not set' || fail "CONFIG_COMPAT_VDSO is not set" +echo $UNZIPPED_CONFIG | grep -q 'CONFIG_KEXEC is not set' || fail "CONFIG_KEXEC is not set" +echo $UNZIPPED_CONFIG | grep -q 'CONFIG_HIBERNATION is not set' || fail "CONFIG_HIBERNATION is not set" +echo $UNZIPPED_CONFIG | grep -q 'CONFIG_LEGACY_PTYS is not set' || fail "CONFIG_LEGACY_PTYS is not set" +echo $UNZIPPED_CONFIG | grep -q 'CONFIG_X86_X32 is not set' || fail "CONFIG_X86_X32 is not set" +echo $UNZIPPED_CONFIG | grep -q 'CONFIG_MODIFY_LDT_SYSCALL is not set' || fail "CONFIG_MODIFY_LDT_SYSCALL is not set" -echo "kernel config test succeeded!" +# check filesystems that are built in +for fs in \ +sysfs \ +rootfs \ +tmpfs \ +bdev \ +proc \ +cpuset \ +cgroup \ +devtmpfs \ +binfmt_misc \ +debugfs \ +tracefs \ +securityfs \ +sockfs \ +bpf \ +pipefs \ +ramfs \ +hugetlbfs \ +rpc_pipefs \ +devpts \ +ext4 \ +vfat \ +msdos \ +iso9660 \ +nfs \ +nfs4 \ +nfsd \ +cifs \ +ntfs \ +fuseblk \ +fuse \ +fusectl \ +overlay \ +udf \ +xfs \ +9p \ +pstore \ +mqueue \ +oprofilefs +do + grep -q "[[:space:]]${fs}\$" /proc/filesystems || fail "${fs} filesystem missing" +done + +if [ -z "$FAILED" ] +then + echo "kernel config test succeeded!" +else + echo "kernel config test failed!" + exit 1 +fi diff --git a/test/pkg/kernel-config/check.sh b/test/pkg/kernel-config/check.sh index dd37b4239..d46760603 100755 --- a/test/pkg/kernel-config/check.sh +++ b/test/pkg/kernel-config/check.sh @@ -2,11 +2,10 @@ function failed { printf "Kernel config test suite FAILED\n" + exit 1 } /check-kernel-config.sh || failed bash /check-config.sh || failed printf "Kernel config test suite PASSED\n" - -cat /etc/linuxkit diff --git a/test/pkg/kernel-config/etc/linuxkit b/test/pkg/kernel-config/etc/linuxkit deleted file mode 100644 index 17d4dfb92..000000000 --- a/test/pkg/kernel-config/etc/linuxkit +++ /dev/null @@ -1,9 +0,0 @@ - - ## . - ## ## ## == - ## ## ## ## ## === - /"""""""""""""""""\___/ === - ~~~ {~~ ~~~~ ~~~ ~~~~ ~~~ ~ / ===- ~~~ - \______ o __/ - \ \ __/ - \____\_______/