From 19b3beff9fc6d8a5cda82ce2d9cbe3b86f82b988 Mon Sep 17 00:00:00 2001 From: Justin Cormack Date: Mon, 12 Jun 2017 10:44:14 +0200 Subject: [PATCH 1/3] Mount system /sys into getty container Without this the mounts underneath here were not visible. fix #2019 Signed-off-by: Justin Cormack --- pkg/getty/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/getty/Dockerfile b/pkg/getty/Dockerfile index 63123c911..3333ab88e 100644 --- a/pkg/getty/Dockerfile +++ b/pkg/getty/Dockerfile @@ -17,4 +17,4 @@ COPY --from=mirror /out/ / COPY usr/ /usr/ COPY etc/ /etc/ CMD ["/usr/bin/rungetty.sh"] -LABEL org.mobyproject.config='{"pid": "host", "net":"host", "binds": ["/run:/run", "/etc:/hostroot/etc","/tmp/ctr:/tmp/ctr", "/usr/bin/ctr:/usr/bin/ctr", "/usr/bin/runc:/usr/bin/runc", "/usr/bin/dist:/usr/bin/dist", "/var:/var","/containers:/containers","/dev:/dev"], "capabilities": ["all"]}' +LABEL org.mobyproject.config='{"pid": "host", "net":"host", "binds": ["/run:/run", "/etc:/hostroot/etc","/tmp/ctr:/tmp/ctr", "/usr/bin/ctr:/usr/bin/ctr", "/usr/bin/runc:/usr/bin/runc", "/usr/bin/dist:/usr/bin/dist", "/var:/var","/containers:/containers","/dev:/dev","/sys:/sys"], "capabilities": ["all"]}' From 5df3e2e6ed47437254f7ab92bbb8387a65af1dce Mon Sep 17 00:00:00 2001 From: Justin Cormack Date: Mon, 12 Jun 2017 10:49:59 +0200 Subject: [PATCH 2/3] Update to new getty image Signed-off-by: Justin Cormack --- examples/docker.yml | 2 +- examples/gcp.yml | 2 +- examples/getty.yml | 2 +- examples/minimal.yml | 2 +- examples/node_exporter.yml | 2 +- examples/redis-os.yml | 2 +- examples/sshd.yml | 2 +- examples/swap.yml | 2 +- examples/vmware.yml | 2 +- linuxkit.yml | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/examples/docker.yml b/examples/docker.yml index 5b550cbb9..9713ddfec 100644 --- a/examples/docker.yml +++ b/examples/docker.yml @@ -20,7 +20,7 @@ onboot: command: ["/mount.sh", "/var/lib/docker"] services: - name: getty - image: "linuxkit/getty:148946d72d1c96df3ea91cb8ee4f9583cd3cc5c2" + image: "linuxkit/getty:ef9d667af71089326419fb08e9cc9d567cf15748" env: - INSECURE=true - name: rngd diff --git a/examples/gcp.yml b/examples/gcp.yml index 587a07dc9..07ac46d67 100644 --- a/examples/gcp.yml +++ b/examples/gcp.yml @@ -16,7 +16,7 @@ onboot: image: "linuxkit/metadata:31a0b0f5557c6123beaa9c33e3400ae3c03447e0" services: - name: getty - image: "linuxkit/getty:148946d72d1c96df3ea91cb8ee4f9583cd3cc5c2" + image: "linuxkit/getty:ef9d667af71089326419fb08e9cc9d567cf15748" env: - INSECURE=true - name: rngd diff --git a/examples/getty.yml b/examples/getty.yml index 4d4a34732..053191343 100644 --- a/examples/getty.yml +++ b/examples/getty.yml @@ -14,7 +14,7 @@ onboot: command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] services: - name: getty - image: "linuxkit/getty:148946d72d1c96df3ea91cb8ee4f9583cd3cc5c2" + image: "linuxkit/getty:ef9d667af71089326419fb08e9cc9d567cf15748" # to make insecure with passwordless root login, uncomment following lines #env: # - INSECURE=true diff --git a/examples/minimal.yml b/examples/minimal.yml index 18de506d0..a72ff023e 100644 --- a/examples/minimal.yml +++ b/examples/minimal.yml @@ -11,7 +11,7 @@ onboot: command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] services: - name: getty - image: "linuxkit/getty:148946d72d1c96df3ea91cb8ee4f9583cd3cc5c2" + image: "linuxkit/getty:ef9d667af71089326419fb08e9cc9d567cf15748" env: - INSECURE=true trust: diff --git a/examples/node_exporter.yml b/examples/node_exporter.yml index 6d588f482..d1934480e 100644 --- a/examples/node_exporter.yml +++ b/examples/node_exporter.yml @@ -7,7 +7,7 @@ init: - linuxkit/containerd:b50181bc6e0084e5fcd6b6ad3cf433c4f66cae5a services: - name: getty - image: "linuxkit/getty:148946d72d1c96df3ea91cb8ee4f9583cd3cc5c2" + image: "linuxkit/getty:ef9d667af71089326419fb08e9cc9d567cf15748" env: - INSECURE=true - name: rngd diff --git a/examples/redis-os.yml b/examples/redis-os.yml index ec7d9193a..a5ad02223 100644 --- a/examples/redis-os.yml +++ b/examples/redis-os.yml @@ -13,7 +13,7 @@ onboot: command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] services: - name: getty - image: "linuxkit/getty:148946d72d1c96df3ea91cb8ee4f9583cd3cc5c2" + image: "linuxkit/getty:ef9d667af71089326419fb08e9cc9d567cf15748" env: - INSECURE=true - name: redis diff --git a/examples/sshd.yml b/examples/sshd.yml index c63c22ef1..80558d796 100644 --- a/examples/sshd.yml +++ b/examples/sshd.yml @@ -11,7 +11,7 @@ onboot: image: "linuxkit/sysctl:3aa6bc663c2849ef239be7d941d3eaf3e6fcc018" services: - name: getty - image: "linuxkit/getty:148946d72d1c96df3ea91cb8ee4f9583cd3cc5c2" + image: "linuxkit/getty:ef9d667af71089326419fb08e9cc9d567cf15748" env: - INSECURE=true - name: rngd diff --git a/examples/swap.yml b/examples/swap.yml index 47742a2f4..0d1755f21 100644 --- a/examples/swap.yml +++ b/examples/swap.yml @@ -24,7 +24,7 @@ onboot: command: ["/swap.sh", "--path", "/var/external/swap", "--size", "1G", "--encrypt"] services: - name: getty - image: "linuxkit/getty:148946d72d1c96df3ea91cb8ee4f9583cd3cc5c2" + image: "linuxkit/getty:ef9d667af71089326419fb08e9cc9d567cf15748" env: - INSECURE=true - name: rngd diff --git a/examples/vmware.yml b/examples/vmware.yml index 7d7428b90..83bcb1820 100644 --- a/examples/vmware.yml +++ b/examples/vmware.yml @@ -11,7 +11,7 @@ onboot: image: "linuxkit/sysctl:3aa6bc663c2849ef239be7d941d3eaf3e6fcc018" services: - name: getty - image: "linuxkit/getty:148946d72d1c96df3ea91cb8ee4f9583cd3cc5c2" + image: "linuxkit/getty:ef9d667af71089326419fb08e9cc9d567cf15748" env: - INSECURE=true - name: rngd diff --git a/linuxkit.yml b/linuxkit.yml index 1f8005c16..24ff4d1e8 100644 --- a/linuxkit.yml +++ b/linuxkit.yml @@ -16,7 +16,7 @@ onboot: command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] services: - name: getty - image: "linuxkit/getty:148946d72d1c96df3ea91cb8ee4f9583cd3cc5c2" + image: "linuxkit/getty:ef9d667af71089326419fb08e9cc9d567cf15748" env: - INSECURE=true - name: rngd From 90a5cad21616735abca359d36d8f2e0ccd15a479 Mon Sep 17 00:00:00 2001 From: Justin Cormack Date: Mon, 12 Jun 2017 11:31:23 +0200 Subject: [PATCH 3/3] Add filesystem tests into kernel test and fix failure cases Make sure we do not remove filesystems we expect to have. Fix the failure cases for the kernel tests which were not working properly due to shell code. Fix some 4.11 kernel changes in config that show up once tests are fixed. Signed-off-by: Justin Cormack --- .../000_config_4.4.x/test-kernel-config.yml | 2 +- .../001_config_4.9.x/test-kernel-config.yml | 2 +- .../003_config_4.11.x/test-kernel-config.yml | 2 +- test/hack/test.yml | 2 +- test/pkg/kernel-config/Makefile | 2 +- test/pkg/kernel-config/check-kernel-config.sh | 138 +++++++++++++----- test/pkg/kernel-config/check.sh | 3 +- test/pkg/kernel-config/etc/linuxkit | 9 -- 8 files changed, 106 insertions(+), 54 deletions(-) delete mode 100644 test/pkg/kernel-config/etc/linuxkit diff --git a/test/cases/020_kernel/000_config_4.4.x/test-kernel-config.yml b/test/cases/020_kernel/000_config_4.4.x/test-kernel-config.yml index d3b27ba50..19f492fbe 100644 --- a/test/cases/020_kernel/000_config_4.4.x/test-kernel-config.yml +++ b/test/cases/020_kernel/000_config_4.4.x/test-kernel-config.yml @@ -7,7 +7,7 @@ init: - linuxkit/containerd:b50181bc6e0084e5fcd6b6ad3cf433c4f66cae5a onboot: - name: check-kernel-config - image: "linuxkit/test-kernel-config:ecff41279ccbc408079a3996a956432651c6eb9c" + image: "linuxkit/test-kernel-config:2acaa564c1801dd2ae1546c70c472dc58ac030a1" readonly: true - name: poweroff image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28" diff --git a/test/cases/020_kernel/001_config_4.9.x/test-kernel-config.yml b/test/cases/020_kernel/001_config_4.9.x/test-kernel-config.yml index 0538404b8..243c49b2e 100644 --- a/test/cases/020_kernel/001_config_4.9.x/test-kernel-config.yml +++ b/test/cases/020_kernel/001_config_4.9.x/test-kernel-config.yml @@ -7,7 +7,7 @@ init: - linuxkit/containerd:b50181bc6e0084e5fcd6b6ad3cf433c4f66cae5a onboot: - name: check-kernel-config - image: "linuxkit/test-kernel-config:ecff41279ccbc408079a3996a956432651c6eb9c" + image: "linuxkit/test-kernel-config:2acaa564c1801dd2ae1546c70c472dc58ac030a1" readonly: true - name: poweroff image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28" diff --git a/test/cases/020_kernel/003_config_4.11.x/test-kernel-config.yml b/test/cases/020_kernel/003_config_4.11.x/test-kernel-config.yml index d282e517f..63211f498 100644 --- a/test/cases/020_kernel/003_config_4.11.x/test-kernel-config.yml +++ b/test/cases/020_kernel/003_config_4.11.x/test-kernel-config.yml @@ -7,7 +7,7 @@ init: - linuxkit/containerd:b50181bc6e0084e5fcd6b6ad3cf433c4f66cae5a onboot: - name: check-kernel-config - image: "linuxkit/test-kernel-config:ecff41279ccbc408079a3996a956432651c6eb9c" + image: "linuxkit/test-kernel-config:2acaa564c1801dd2ae1546c70c472dc58ac030a1" readonly: true - name: poweroff image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28" diff --git a/test/hack/test.yml b/test/hack/test.yml index cc6ed19ed..890d22e02 100644 --- a/test/hack/test.yml +++ b/test/hack/test.yml @@ -12,7 +12,7 @@ onboot: image: "linuxkit/dhcpcd:7d2b8aaaf20c24ad7d11a5ea2ea5b4a80dc966f1" command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] - name: check-kernel-config - image: "linuxkit/test-kernel-config:ecff41279ccbc408079a3996a956432651c6eb9c" + image: "linuxkit/test-kernel-config:2acaa564c1801dd2ae1546c70c472dc58ac030a1" readonly: true - name: poweroff image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28" diff --git a/test/pkg/kernel-config/Makefile b/test/pkg/kernel-config/Makefile index 0c8e9c30d..3ae702705 100644 --- a/test/pkg/kernel-config/Makefile +++ b/test/pkg/kernel-config/Makefile @@ -5,7 +5,7 @@ IMAGE=test-kernel-config default: push -hash: Dockerfile check.sh check-kernel-config.sh etc/linuxkit +hash: Dockerfile check.sh check-kernel-config.sh DOCKER_CONTENT_TRUST=1 docker pull $(BASE) tar cf - $^ | docker build --no-cache -t $(IMAGE):build - docker run --rm --entrypoint=/bin/sh $(IMAGE):build -c "cat $^ /lib/apk/db/installed | sha1sum" | sed 's/ .*//' > hash diff --git a/test/pkg/kernel-config/check-kernel-config.sh b/test/pkg/kernel-config/check-kernel-config.sh index a05026769..e30d642b3 100755 --- a/test/pkg/kernel-config/check-kernel-config.sh +++ b/test/pkg/kernel-config/check-kernel-config.sh @@ -2,6 +2,11 @@ set -e +function fail { + printf "FAILURE: $1\n" + FAILED=1 +} + echo "starting kernel config sanity test with ${1:-/proc/config.gz}" if [ -n "$1" ]; then @@ -19,59 +24,116 @@ kernelMinor="${kernelMinor%%.*}" # Most tests against https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project # Positive cases -echo $UNZIPPED_CONFIG | grep -q CONFIG_BUG=y || (echo "CONFIG_BUG=y" && exit 1) -echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_KERNEL=y || (echo "CONFIG_DEBUG_KERNEL=y" && exit 1) -echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_RODATA=y || (echo "CONFIG_DEBUG_RODATA=y" && exit 1) -echo $UNZIPPED_CONFIG | grep -q CONFIG_CC_STACKPROTECTOR=y || (echo "CONFIG_CC_STACKPROTECTOR=y" && exit 1) -echo $UNZIPPED_CONFIG | grep -q CONFIG_CC_STACKPROTECTOR_STRONG=y || (echo "CONFIG_CC_STACKPROTECTOR_STRONG=y" && exit 1) -echo $UNZIPPED_CONFIG | grep -q CONFIG_STRICT_DEVMEM=y || (echo "CONFIG_STRICT_DEVMEM=y" && exit 1) -echo $UNZIPPED_CONFIG | grep -q CONFIG_SYN_COOKIES=y || (echo "CONFIG_SYN_COOKIES=y" && exit 1) -echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_CREDENTIALS=y || (echo "CONFIG_DEBUG_CREDENTIALS=y" && exit 1) -echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_NOTIFIERS=y || (echo "CONFIG_DEBUG_NOTIFIERS=y" && exit 1) -echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_LIST=y || (echo "CONFIG_DEBUG_LIST=y" && exit 1) -echo $UNZIPPED_CONFIG | grep -q CONFIG_SECCOMP=y || (echo "CONFIG_SECCOMP=y" && exit 1) -echo $UNZIPPED_CONFIG | grep -q CONFIG_SECCOMP_FILTER=y || (echo "CONFIG_SECCOMP_FILTER=y" && exit 1) -echo $UNZIPPED_CONFIG | grep -q CONFIG_SECURITY=y || (echo "CONFIG_SECURITY=y" && exit 1) -echo $UNZIPPED_CONFIG | grep -q CONFIG_SECURITY_YAMA=y || (echo "CONFIG_SECURITY_YAMA=y" && exit 1) -echo $UNZIPPED_CONFIG | grep -q CONFIG_PANIC_ON_OOPS=y || (echo "CONFIG_PANIC_ON_OOPS=y" && exit 1) -echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_SET_MODULE_RONX=y || (echo "CONFIG_DEBUG_SET_MODULE_RONX=y" && exit 1) -echo $UNZIPPED_CONFIG | grep -q CONFIG_SYN_COOKIES=y || (echo "CONFIG_SYN_COOKIES=y" && exit 1) -echo $UNZIPPED_CONFIG | grep -q CONFIG_LEGACY_VSYSCALL_NONE=y || (echo "CONFIG_LEGACY_VSYSCALL_NONE=y" && exit 1) -echo $UNZIPPED_CONFIG | grep -q CONFIG_RANDOMIZE_BASE=y || (echo "CONFIG_RANDOMIZE_BASE=y" && exit 1) +echo $UNZIPPED_CONFIG | grep -q CONFIG_BUG=y || fail "CONFIG_BUG=y" +echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_KERNEL=y || fail "CONFIG_DEBUG_KERNEL=y" +echo $UNZIPPED_CONFIG | grep -q CONFIG_CC_STACKPROTECTOR=y || fail "CONFIG_CC_STACKPROTECTOR=y" +echo $UNZIPPED_CONFIG | grep -q CONFIG_CC_STACKPROTECTOR_STRONG=y || fail "CONFIG_CC_STACKPROTECTOR_STRONG=y" +echo $UNZIPPED_CONFIG | grep -q CONFIG_STRICT_DEVMEM=y || fail "CONFIG_STRICT_DEVMEM=y" +echo $UNZIPPED_CONFIG | grep -q CONFIG_SYN_COOKIES=y || fail "CONFIG_SYN_COOKIES=y" +echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_CREDENTIALS=y || fail "CONFIG_DEBUG_CREDENTIALS=y" +echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_NOTIFIERS=y || fail "CONFIG_DEBUG_NOTIFIERS=y" +echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_LIST=y || fail "CONFIG_DEBUG_LIST=y" +echo $UNZIPPED_CONFIG | grep -q CONFIG_SECCOMP=y || fail "CONFIG_SECCOMP=y" +echo $UNZIPPED_CONFIG | grep -q CONFIG_SECCOMP_FILTER=y || fail "CONFIG_SECCOMP_FILTER=y" +echo $UNZIPPED_CONFIG | grep -q CONFIG_SECURITY=y || fail "CONFIG_SECURITY=y" +echo $UNZIPPED_CONFIG | grep -q CONFIG_SECURITY_YAMA=y || fail "CONFIG_SECURITY_YAMA=y" +echo $UNZIPPED_CONFIG | grep -q CONFIG_PANIC_ON_OOPS=y || fail "CONFIG_PANIC_ON_OOPS=y" +echo $UNZIPPED_CONFIG | grep -q CONFIG_SYN_COOKIES=y || fail "CONFIG_SYN_COOKIES=y" +echo $UNZIPPED_CONFIG | grep -q CONFIG_LEGACY_VSYSCALL_NONE=y || fail "CONFIG_LEGACY_VSYSCALL_NONE=y" +echo $UNZIPPED_CONFIG | grep -q CONFIG_RANDOMIZE_BASE=y || fail "CONFIG_RANDOMIZE_BASE=y" # Conditional on kernel version if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 5 ]; then - echo $UNZIPPED_CONFIG | grep -q CONFIG_IO_STRICT_DEVMEM=y || (echo "CONFIG_IO_STRICT_DEVMEM=y" && exit 1) - echo $UNZIPPED_CONFIG | grep -q CONFIG_UBSAN=y || (echo "CONFIG_UBSAN=y" && exit 1) + echo $UNZIPPED_CONFIG | grep -q CONFIG_IO_STRICT_DEVMEM=y || fail "CONFIG_IO_STRICT_DEVMEM=y" + echo $UNZIPPED_CONFIG | grep -q CONFIG_UBSAN=y || fail "CONFIG_UBSAN=y" fi if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 7 ]; then - echo $UNZIPPED_CONFIG | grep -q CONFIG_SLAB_FREELIST_RANDOM=y || (echo "CONFIG_SLAB_FREELIST_RANDOM=y" && exit 1) + echo $UNZIPPED_CONFIG | grep -q CONFIG_SLAB_FREELIST_RANDOM=y || fail "CONFIG_SLAB_FREELIST_RANDOM=y" fi if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 8 ]; then - echo $UNZIPPED_CONFIG | grep -q CONFIG_HARDENED_USERCOPY=y || (echo "CONFIG_HARDENED_USERCOPY=y" && exit 1) - echo $UNZIPPED_CONFIG | grep -q CONFIG_RANDOMIZE_MEMORY=y || (echo "CONFIG_RANDOMIZE_MEMORY=y" && exit 1) + echo $UNZIPPED_CONFIG | grep -q CONFIG_HARDENED_USERCOPY=y || fail "CONFIG_HARDENED_USERCOPY=y" + echo $UNZIPPED_CONFIG | grep -q CONFIG_RANDOMIZE_MEMORY=y || fail "CONFIG_RANDOMIZE_MEMORY=y" fi # poisoning cannot be enabled in 4.4 if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 9 ]; then - echo $UNZIPPED_CONFIG | grep -q CONFIG_PAGE_POISONING=y || (echo "CONFIG_PAGE_POISONING=y" && exit 1) - echo $UNZIPPED_CONFIG | grep -q CONFIG_PAGE_POISONING_NO_SANITY=y || (echo "CONFIG_PAGE_POISONING_NO_SANITY=y" && exit 1) - echo $UNZIPPED_CONFIG | grep -q CONFIG_PAGE_POISONING_ZERO=y || (echo "CONFIG_PAGE_POISONING_ZERO=y" && exit 1) + echo $UNZIPPED_CONFIG | grep -q CONFIG_PAGE_POISONING=y || fail "CONFIG_PAGE_POISONING=y" + echo $UNZIPPED_CONFIG | grep -q CONFIG_PAGE_POISONING_NO_SANITY=y || fail "CONFIG_PAGE_POISONING_NO_SANITY=y" + echo $UNZIPPED_CONFIG | grep -q CONFIG_PAGE_POISONING_ZERO=y || fail "CONFIG_PAGE_POISONING_ZERO=y" fi if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 10 ]; then - echo $UNZIPPED_CONFIG | grep -q CONFIG_BUG_ON_DATA_CORRUPTION=y || (echo "CONFIG_BUG_ON_DATA_CORRUPTION=y" && exit 1) + echo $UNZIPPED_CONFIG | grep -q CONFIG_BUG_ON_DATA_CORRUPTION=y || fail "CONFIG_BUG_ON_DATA_CORRUPTION=y" +fi + +if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -le 10 ]; then + echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_RODATA=y || fail "CONFIG_DEBUG_RODATA=y" + echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_SET_MODULE_RONX=y || fail "CONFIG_DEBUG_SET_MODULE_RONX=y" +fi + +if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 11 ]; then + echo $UNZIPPED_CONFIG | grep -q CONFIG_STRICT_KERNEL_RWX=y || fail "CONFIG_STRICT_KERNEL_RWX=y" fi # Negative cases -echo $UNZIPPED_CONFIG | grep -q 'CONFIG_ACPI_CUSTOM_METHOD is not set' || (echo "CONFIG_ACPI_CUSTOM_METHOD is not set" && exit 1) -echo $UNZIPPED_CONFIG | grep -q 'CONFIG_COMPAT_BRK is not set' || (echo "CONFIG_COMPAT_BRK is not set" && exit 1) -echo $UNZIPPED_CONFIG | grep -q 'CONFIG_DEVKMEM is not set' || (echo "CONFIG_DEVKMEM is not set" && exit 1) -echo $UNZIPPED_CONFIG | grep -q 'CONFIG_COMPAT_VDSO is not set' || (echo "CONFIG_COMPAT_VDSO is not set" && exit 1) -echo $UNZIPPED_CONFIG | grep -q 'CONFIG_KEXEC is not set' || (echo "CONFIG_KEXEC is not set" && exit 1) -echo $UNZIPPED_CONFIG | grep -q 'CONFIG_HIBERNATION is not set' || (echo "CONFIG_HIBERNATION is not set" && exit 1) -echo $UNZIPPED_CONFIG | grep -q 'CONFIG_LEGACY_PTYS is not set' || (echo "CONFIG_LEGACY_PTYS is not set" && exit 1) -echo $UNZIPPED_CONFIG | grep -q 'CONFIG_X86_X32 is not set' || (echo "CONFIG_X86_X32 is not set" && exit 1) -echo $UNZIPPED_CONFIG | grep -q 'CONFIG_MODIFY_LDT_SYSCALL is not set' || (echo "CONFIG_MODIFY_LDT_SYSCALL is not set" && exit 1) +echo $UNZIPPED_CONFIG | grep -q 'CONFIG_ACPI_CUSTOM_METHOD is not set' || fail "CONFIG_ACPI_CUSTOM_METHOD is not set" +echo $UNZIPPED_CONFIG | grep -q 'CONFIG_COMPAT_BRK is not set' || fail "CONFIG_COMPAT_BRK is not set" +echo $UNZIPPED_CONFIG | grep -q 'CONFIG_DEVKMEM is not set' || fail "CONFIG_DEVKMEM is not set" +echo $UNZIPPED_CONFIG | grep -q 'CONFIG_COMPAT_VDSO is not set' || fail "CONFIG_COMPAT_VDSO is not set" +echo $UNZIPPED_CONFIG | grep -q 'CONFIG_KEXEC is not set' || fail "CONFIG_KEXEC is not set" +echo $UNZIPPED_CONFIG | grep -q 'CONFIG_HIBERNATION is not set' || fail "CONFIG_HIBERNATION is not set" +echo $UNZIPPED_CONFIG | grep -q 'CONFIG_LEGACY_PTYS is not set' || fail "CONFIG_LEGACY_PTYS is not set" +echo $UNZIPPED_CONFIG | grep -q 'CONFIG_X86_X32 is not set' || fail "CONFIG_X86_X32 is not set" +echo $UNZIPPED_CONFIG | grep -q 'CONFIG_MODIFY_LDT_SYSCALL is not set' || fail "CONFIG_MODIFY_LDT_SYSCALL is not set" -echo "kernel config test succeeded!" +# check filesystems that are built in +for fs in \ +sysfs \ +rootfs \ +tmpfs \ +bdev \ +proc \ +cpuset \ +cgroup \ +devtmpfs \ +binfmt_misc \ +debugfs \ +tracefs \ +securityfs \ +sockfs \ +bpf \ +pipefs \ +ramfs \ +hugetlbfs \ +rpc_pipefs \ +devpts \ +ext4 \ +vfat \ +msdos \ +iso9660 \ +nfs \ +nfs4 \ +nfsd \ +cifs \ +ntfs \ +fuseblk \ +fuse \ +fusectl \ +overlay \ +udf \ +xfs \ +9p \ +pstore \ +mqueue \ +oprofilefs +do + grep -q "[[:space:]]${fs}\$" /proc/filesystems || fail "${fs} filesystem missing" +done + +if [ -z "$FAILED" ] +then + echo "kernel config test succeeded!" +else + echo "kernel config test failed!" + exit 1 +fi diff --git a/test/pkg/kernel-config/check.sh b/test/pkg/kernel-config/check.sh index dd37b4239..d46760603 100755 --- a/test/pkg/kernel-config/check.sh +++ b/test/pkg/kernel-config/check.sh @@ -2,11 +2,10 @@ function failed { printf "Kernel config test suite FAILED\n" + exit 1 } /check-kernel-config.sh || failed bash /check-config.sh || failed printf "Kernel config test suite PASSED\n" - -cat /etc/linuxkit diff --git a/test/pkg/kernel-config/etc/linuxkit b/test/pkg/kernel-config/etc/linuxkit deleted file mode 100644 index 17d4dfb92..000000000 --- a/test/pkg/kernel-config/etc/linuxkit +++ /dev/null @@ -1,9 +0,0 @@ - - ## . - ## ## ## == - ## ## ## ## ## === - /"""""""""""""""""\___/ === - ~~~ {~~ ~~~~ ~~~ ~~~~ ~~~ ~ / ===- ~~~ - \______ o __/ - \ \ __/ - \____\_______/