mirror of
https://github.com/linuxkit/linuxkit.git
synced 2025-11-04 10:23:38 +00:00
Merge pull request #2022 from justincormack/sys-in-getty
mount /sys in getty container and add and fix kernel tests
This commit is contained in:
Riyaz Faizullabhoy
GitHub
@@ -20,7 +20,7 @@ onboot:
|
||||
command: ["/mount.sh", "/var/lib/docker"]
|
||||
services:
|
||||
- name: getty
|
||||
image: "linuxkit/getty:148946d72d1c96df3ea91cb8ee4f9583cd3cc5c2"
|
||||
image: "linuxkit/getty:ef9d667af71089326419fb08e9cc9d567cf15748"
|
||||
env:
|
||||
- INSECURE=true
|
||||
- name: rngd
|
||||
|
||||
@@ -16,7 +16,7 @@ onboot:
|
||||
image: "linuxkit/metadata:31a0b0f5557c6123beaa9c33e3400ae3c03447e0"
|
||||
services:
|
||||
- name: getty
|
||||
image: "linuxkit/getty:148946d72d1c96df3ea91cb8ee4f9583cd3cc5c2"
|
||||
image: "linuxkit/getty:ef9d667af71089326419fb08e9cc9d567cf15748"
|
||||
env:
|
||||
- INSECURE=true
|
||||
- name: rngd
|
||||
|
||||
@@ -14,7 +14,7 @@ onboot:
|
||||
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
|
||||
services:
|
||||
- name: getty
|
||||
image: "linuxkit/getty:148946d72d1c96df3ea91cb8ee4f9583cd3cc5c2"
|
||||
image: "linuxkit/getty:ef9d667af71089326419fb08e9cc9d567cf15748"
|
||||
# to make insecure with passwordless root login, uncomment following lines
|
||||
#env:
|
||||
# - INSECURE=true
|
||||
|
||||
@@ -11,7 +11,7 @@ onboot:
|
||||
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
|
||||
services:
|
||||
- name: getty
|
||||
image: "linuxkit/getty:148946d72d1c96df3ea91cb8ee4f9583cd3cc5c2"
|
||||
image: "linuxkit/getty:ef9d667af71089326419fb08e9cc9d567cf15748"
|
||||
env:
|
||||
- INSECURE=true
|
||||
trust:
|
||||
|
||||
@@ -7,7 +7,7 @@ init:
|
||||
- linuxkit/containerd:b50181bc6e0084e5fcd6b6ad3cf433c4f66cae5a
|
||||
services:
|
||||
- name: getty
|
||||
image: "linuxkit/getty:148946d72d1c96df3ea91cb8ee4f9583cd3cc5c2"
|
||||
image: "linuxkit/getty:ef9d667af71089326419fb08e9cc9d567cf15748"
|
||||
env:
|
||||
- INSECURE=true
|
||||
- name: rngd
|
||||
|
||||
@@ -13,7 +13,7 @@ onboot:
|
||||
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
|
||||
services:
|
||||
- name: getty
|
||||
image: "linuxkit/getty:148946d72d1c96df3ea91cb8ee4f9583cd3cc5c2"
|
||||
image: "linuxkit/getty:ef9d667af71089326419fb08e9cc9d567cf15748"
|
||||
env:
|
||||
- INSECURE=true
|
||||
- name: redis
|
||||
|
||||
@@ -11,7 +11,7 @@ onboot:
|
||||
image: "linuxkit/sysctl:3aa6bc663c2849ef239be7d941d3eaf3e6fcc018"
|
||||
services:
|
||||
- name: getty
|
||||
image: "linuxkit/getty:148946d72d1c96df3ea91cb8ee4f9583cd3cc5c2"
|
||||
image: "linuxkit/getty:ef9d667af71089326419fb08e9cc9d567cf15748"
|
||||
env:
|
||||
- INSECURE=true
|
||||
- name: rngd
|
||||
|
||||
@@ -24,7 +24,7 @@ onboot:
|
||||
command: ["/swap.sh", "--path", "/var/external/swap", "--size", "1G", "--encrypt"]
|
||||
services:
|
||||
- name: getty
|
||||
image: "linuxkit/getty:148946d72d1c96df3ea91cb8ee4f9583cd3cc5c2"
|
||||
image: "linuxkit/getty:ef9d667af71089326419fb08e9cc9d567cf15748"
|
||||
env:
|
||||
- INSECURE=true
|
||||
- name: rngd
|
||||
|
||||
@@ -11,7 +11,7 @@ onboot:
|
||||
image: "linuxkit/sysctl:3aa6bc663c2849ef239be7d941d3eaf3e6fcc018"
|
||||
services:
|
||||
- name: getty
|
||||
image: "linuxkit/getty:148946d72d1c96df3ea91cb8ee4f9583cd3cc5c2"
|
||||
image: "linuxkit/getty:ef9d667af71089326419fb08e9cc9d567cf15748"
|
||||
env:
|
||||
- INSECURE=true
|
||||
- name: rngd
|
||||
|
||||
@@ -16,7 +16,7 @@ onboot:
|
||||
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
|
||||
services:
|
||||
- name: getty
|
||||
image: "linuxkit/getty:148946d72d1c96df3ea91cb8ee4f9583cd3cc5c2"
|
||||
image: "linuxkit/getty:ef9d667af71089326419fb08e9cc9d567cf15748"
|
||||
env:
|
||||
- INSECURE=true
|
||||
- name: rngd
|
||||
|
||||
@@ -17,4 +17,4 @@ COPY --from=mirror /out/ /
|
||||
COPY usr/ /usr/
|
||||
COPY etc/ /etc/
|
||||
CMD ["/usr/bin/rungetty.sh"]
|
||||
LABEL org.mobyproject.config='{"pid": "host", "net":"host", "binds": ["/run:/run", "/etc:/hostroot/etc","/tmp/ctr:/tmp/ctr", "/usr/bin/ctr:/usr/bin/ctr", "/usr/bin/runc:/usr/bin/runc", "/usr/bin/dist:/usr/bin/dist", "/var:/var","/containers:/containers","/dev:/dev"], "capabilities": ["all"]}'
|
||||
LABEL org.mobyproject.config='{"pid": "host", "net":"host", "binds": ["/run:/run", "/etc:/hostroot/etc","/tmp/ctr:/tmp/ctr", "/usr/bin/ctr:/usr/bin/ctr", "/usr/bin/runc:/usr/bin/runc", "/usr/bin/dist:/usr/bin/dist", "/var:/var","/containers:/containers","/dev:/dev","/sys:/sys"], "capabilities": ["all"]}'
|
||||
|
||||
@@ -7,7 +7,7 @@ init:
|
||||
- linuxkit/containerd:b50181bc6e0084e5fcd6b6ad3cf433c4f66cae5a
|
||||
onboot:
|
||||
- name: check-kernel-config
|
||||
image: "linuxkit/test-kernel-config:ecff41279ccbc408079a3996a956432651c6eb9c"
|
||||
image: "linuxkit/test-kernel-config:2acaa564c1801dd2ae1546c70c472dc58ac030a1"
|
||||
readonly: true
|
||||
- name: poweroff
|
||||
image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28"
|
||||
|
||||
@@ -7,7 +7,7 @@ init:
|
||||
- linuxkit/containerd:b50181bc6e0084e5fcd6b6ad3cf433c4f66cae5a
|
||||
onboot:
|
||||
- name: check-kernel-config
|
||||
image: "linuxkit/test-kernel-config:ecff41279ccbc408079a3996a956432651c6eb9c"
|
||||
image: "linuxkit/test-kernel-config:2acaa564c1801dd2ae1546c70c472dc58ac030a1"
|
||||
readonly: true
|
||||
- name: poweroff
|
||||
image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28"
|
||||
|
||||
@@ -7,7 +7,7 @@ init:
|
||||
- linuxkit/containerd:b50181bc6e0084e5fcd6b6ad3cf433c4f66cae5a
|
||||
onboot:
|
||||
- name: check-kernel-config
|
||||
image: "linuxkit/test-kernel-config:ecff41279ccbc408079a3996a956432651c6eb9c"
|
||||
image: "linuxkit/test-kernel-config:2acaa564c1801dd2ae1546c70c472dc58ac030a1"
|
||||
readonly: true
|
||||
- name: poweroff
|
||||
image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28"
|
||||
|
||||
@@ -12,7 +12,7 @@ onboot:
|
||||
image: "linuxkit/dhcpcd:7d2b8aaaf20c24ad7d11a5ea2ea5b4a80dc966f1"
|
||||
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
|
||||
- name: check-kernel-config
|
||||
image: "linuxkit/test-kernel-config:ecff41279ccbc408079a3996a956432651c6eb9c"
|
||||
image: "linuxkit/test-kernel-config:2acaa564c1801dd2ae1546c70c472dc58ac030a1"
|
||||
readonly: true
|
||||
- name: poweroff
|
||||
image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28"
|
||||
|
||||
@@ -5,7 +5,7 @@ IMAGE=test-kernel-config
|
||||
|
||||
default: push
|
||||
|
||||
hash: Dockerfile check.sh check-kernel-config.sh etc/linuxkit
|
||||
hash: Dockerfile check.sh check-kernel-config.sh
|
||||
DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
|
||||
tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
|
||||
docker run --rm --entrypoint=/bin/sh $(IMAGE):build -c "cat $^ /lib/apk/db/installed | sha1sum" | sed 's/ .*//' > hash
|
||||
|
||||
@@ -2,6 +2,11 @@
|
||||
|
||||
set -e
|
||||
|
||||
function fail {
|
||||
printf "FAILURE: $1\n"
|
||||
FAILED=1
|
||||
}
|
||||
|
||||
echo "starting kernel config sanity test with ${1:-/proc/config.gz}"
|
||||
|
||||
if [ -n "$1" ]; then
|
||||
@@ -19,59 +24,116 @@ kernelMinor="${kernelMinor%%.*}"
|
||||
# Most tests against https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project
|
||||
# Positive cases
|
||||
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_BUG=y || (echo "CONFIG_BUG=y" && exit 1)
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_KERNEL=y || (echo "CONFIG_DEBUG_KERNEL=y" && exit 1)
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_RODATA=y || (echo "CONFIG_DEBUG_RODATA=y" && exit 1)
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_CC_STACKPROTECTOR=y || (echo "CONFIG_CC_STACKPROTECTOR=y" && exit 1)
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_CC_STACKPROTECTOR_STRONG=y || (echo "CONFIG_CC_STACKPROTECTOR_STRONG=y" && exit 1)
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_STRICT_DEVMEM=y || (echo "CONFIG_STRICT_DEVMEM=y" && exit 1)
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_SYN_COOKIES=y || (echo "CONFIG_SYN_COOKIES=y" && exit 1)
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_CREDENTIALS=y || (echo "CONFIG_DEBUG_CREDENTIALS=y" && exit 1)
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_NOTIFIERS=y || (echo "CONFIG_DEBUG_NOTIFIERS=y" && exit 1)
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_LIST=y || (echo "CONFIG_DEBUG_LIST=y" && exit 1)
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_SECCOMP=y || (echo "CONFIG_SECCOMP=y" && exit 1)
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_SECCOMP_FILTER=y || (echo "CONFIG_SECCOMP_FILTER=y" && exit 1)
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_SECURITY=y || (echo "CONFIG_SECURITY=y" && exit 1)
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_SECURITY_YAMA=y || (echo "CONFIG_SECURITY_YAMA=y" && exit 1)
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_PANIC_ON_OOPS=y || (echo "CONFIG_PANIC_ON_OOPS=y" && exit 1)
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_SET_MODULE_RONX=y || (echo "CONFIG_DEBUG_SET_MODULE_RONX=y" && exit 1)
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_SYN_COOKIES=y || (echo "CONFIG_SYN_COOKIES=y" && exit 1)
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_LEGACY_VSYSCALL_NONE=y || (echo "CONFIG_LEGACY_VSYSCALL_NONE=y" && exit 1)
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_RANDOMIZE_BASE=y || (echo "CONFIG_RANDOMIZE_BASE=y" && exit 1)
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_BUG=y || fail "CONFIG_BUG=y"
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_KERNEL=y || fail "CONFIG_DEBUG_KERNEL=y"
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_CC_STACKPROTECTOR=y || fail "CONFIG_CC_STACKPROTECTOR=y"
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_CC_STACKPROTECTOR_STRONG=y || fail "CONFIG_CC_STACKPROTECTOR_STRONG=y"
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_STRICT_DEVMEM=y || fail "CONFIG_STRICT_DEVMEM=y"
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_SYN_COOKIES=y || fail "CONFIG_SYN_COOKIES=y"
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_CREDENTIALS=y || fail "CONFIG_DEBUG_CREDENTIALS=y"
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_NOTIFIERS=y || fail "CONFIG_DEBUG_NOTIFIERS=y"
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_LIST=y || fail "CONFIG_DEBUG_LIST=y"
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_SECCOMP=y || fail "CONFIG_SECCOMP=y"
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_SECCOMP_FILTER=y || fail "CONFIG_SECCOMP_FILTER=y"
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_SECURITY=y || fail "CONFIG_SECURITY=y"
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_SECURITY_YAMA=y || fail "CONFIG_SECURITY_YAMA=y"
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_PANIC_ON_OOPS=y || fail "CONFIG_PANIC_ON_OOPS=y"
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_SYN_COOKIES=y || fail "CONFIG_SYN_COOKIES=y"
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_LEGACY_VSYSCALL_NONE=y || fail "CONFIG_LEGACY_VSYSCALL_NONE=y"
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_RANDOMIZE_BASE=y || fail "CONFIG_RANDOMIZE_BASE=y"
|
||||
|
||||
# Conditional on kernel version
|
||||
if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 5 ]; then
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_IO_STRICT_DEVMEM=y || (echo "CONFIG_IO_STRICT_DEVMEM=y" && exit 1)
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_UBSAN=y || (echo "CONFIG_UBSAN=y" && exit 1)
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_IO_STRICT_DEVMEM=y || fail "CONFIG_IO_STRICT_DEVMEM=y"
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_UBSAN=y || fail "CONFIG_UBSAN=y"
|
||||
fi
|
||||
if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 7 ]; then
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_SLAB_FREELIST_RANDOM=y || (echo "CONFIG_SLAB_FREELIST_RANDOM=y" && exit 1)
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_SLAB_FREELIST_RANDOM=y || fail "CONFIG_SLAB_FREELIST_RANDOM=y"
|
||||
fi
|
||||
if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 8 ]; then
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_HARDENED_USERCOPY=y || (echo "CONFIG_HARDENED_USERCOPY=y" && exit 1)
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_RANDOMIZE_MEMORY=y || (echo "CONFIG_RANDOMIZE_MEMORY=y" && exit 1)
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_HARDENED_USERCOPY=y || fail "CONFIG_HARDENED_USERCOPY=y"
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_RANDOMIZE_MEMORY=y || fail "CONFIG_RANDOMIZE_MEMORY=y"
|
||||
fi
|
||||
|
||||
# poisoning cannot be enabled in 4.4
|
||||
if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 9 ]; then
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_PAGE_POISONING=y || (echo "CONFIG_PAGE_POISONING=y" && exit 1)
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_PAGE_POISONING_NO_SANITY=y || (echo "CONFIG_PAGE_POISONING_NO_SANITY=y" && exit 1)
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_PAGE_POISONING_ZERO=y || (echo "CONFIG_PAGE_POISONING_ZERO=y" && exit 1)
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_PAGE_POISONING=y || fail "CONFIG_PAGE_POISONING=y"
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_PAGE_POISONING_NO_SANITY=y || fail "CONFIG_PAGE_POISONING_NO_SANITY=y"
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_PAGE_POISONING_ZERO=y || fail "CONFIG_PAGE_POISONING_ZERO=y"
|
||||
fi
|
||||
|
||||
if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 10 ]; then
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_BUG_ON_DATA_CORRUPTION=y || (echo "CONFIG_BUG_ON_DATA_CORRUPTION=y" && exit 1)
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_BUG_ON_DATA_CORRUPTION=y || fail "CONFIG_BUG_ON_DATA_CORRUPTION=y"
|
||||
fi
|
||||
|
||||
if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -le 10 ]; then
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_RODATA=y || fail "CONFIG_DEBUG_RODATA=y"
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_SET_MODULE_RONX=y || fail "CONFIG_DEBUG_SET_MODULE_RONX=y"
|
||||
fi
|
||||
|
||||
if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 11 ]; then
|
||||
echo $UNZIPPED_CONFIG | grep -q CONFIG_STRICT_KERNEL_RWX=y || fail "CONFIG_STRICT_KERNEL_RWX=y"
|
||||
fi
|
||||
|
||||
# Negative cases
|
||||
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_ACPI_CUSTOM_METHOD is not set' || (echo "CONFIG_ACPI_CUSTOM_METHOD is not set" && exit 1)
|
||||
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_COMPAT_BRK is not set' || (echo "CONFIG_COMPAT_BRK is not set" && exit 1)
|
||||
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_DEVKMEM is not set' || (echo "CONFIG_DEVKMEM is not set" && exit 1)
|
||||
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_COMPAT_VDSO is not set' || (echo "CONFIG_COMPAT_VDSO is not set" && exit 1)
|
||||
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_KEXEC is not set' || (echo "CONFIG_KEXEC is not set" && exit 1)
|
||||
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_HIBERNATION is not set' || (echo "CONFIG_HIBERNATION is not set" && exit 1)
|
||||
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_LEGACY_PTYS is not set' || (echo "CONFIG_LEGACY_PTYS is not set" && exit 1)
|
||||
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_X86_X32 is not set' || (echo "CONFIG_X86_X32 is not set" && exit 1)
|
||||
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_MODIFY_LDT_SYSCALL is not set' || (echo "CONFIG_MODIFY_LDT_SYSCALL is not set" && exit 1)
|
||||
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_ACPI_CUSTOM_METHOD is not set' || fail "CONFIG_ACPI_CUSTOM_METHOD is not set"
|
||||
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_COMPAT_BRK is not set' || fail "CONFIG_COMPAT_BRK is not set"
|
||||
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_DEVKMEM is not set' || fail "CONFIG_DEVKMEM is not set"
|
||||
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_COMPAT_VDSO is not set' || fail "CONFIG_COMPAT_VDSO is not set"
|
||||
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_KEXEC is not set' || fail "CONFIG_KEXEC is not set"
|
||||
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_HIBERNATION is not set' || fail "CONFIG_HIBERNATION is not set"
|
||||
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_LEGACY_PTYS is not set' || fail "CONFIG_LEGACY_PTYS is not set"
|
||||
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_X86_X32 is not set' || fail "CONFIG_X86_X32 is not set"
|
||||
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_MODIFY_LDT_SYSCALL is not set' || fail "CONFIG_MODIFY_LDT_SYSCALL is not set"
|
||||
|
||||
echo "kernel config test succeeded!"
|
||||
# check filesystems that are built in
|
||||
for fs in \
|
||||
sysfs \
|
||||
rootfs \
|
||||
tmpfs \
|
||||
bdev \
|
||||
proc \
|
||||
cpuset \
|
||||
cgroup \
|
||||
devtmpfs \
|
||||
binfmt_misc \
|
||||
debugfs \
|
||||
tracefs \
|
||||
securityfs \
|
||||
sockfs \
|
||||
bpf \
|
||||
pipefs \
|
||||
ramfs \
|
||||
hugetlbfs \
|
||||
rpc_pipefs \
|
||||
devpts \
|
||||
ext4 \
|
||||
vfat \
|
||||
msdos \
|
||||
iso9660 \
|
||||
nfs \
|
||||
nfs4 \
|
||||
nfsd \
|
||||
cifs \
|
||||
ntfs \
|
||||
fuseblk \
|
||||
fuse \
|
||||
fusectl \
|
||||
overlay \
|
||||
udf \
|
||||
xfs \
|
||||
9p \
|
||||
pstore \
|
||||
mqueue \
|
||||
oprofilefs
|
||||
do
|
||||
grep -q "[[:space:]]${fs}\$" /proc/filesystems || fail "${fs} filesystem missing"
|
||||
done
|
||||
|
||||
if [ -z "$FAILED" ]
|
||||
then
|
||||
echo "kernel config test succeeded!"
|
||||
else
|
||||
echo "kernel config test failed!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
@@ -2,11 +2,10 @@
|
||||
|
||||
function failed {
|
||||
printf "Kernel config test suite FAILED\n"
|
||||
exit 1
|
||||
}
|
||||
|
||||
/check-kernel-config.sh || failed
|
||||
bash /check-config.sh || failed
|
||||
|
||||
printf "Kernel config test suite PASSED\n"
|
||||
|
||||
cat /etc/linuxkit
|
||||
|
||||
@@ -1,9 +0,0 @@
|
||||
|
||||
## .
|
||||
## ## ## ==
|
||||
## ## ## ## ## ===
|
||||
/"""""""""""""""""\___/ ===
|
||||
~~~ {~~ ~~~~ ~~~ ~~~~ ~~~ ~ / ===- ~~~
|
||||
\______ o __/
|
||||
\ \ __/
|
||||
\____\_______/
|
||||
Reference in New Issue
Block a user