github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-07-27 12:38:11 +00:00
Code Issues Projects Releases Wiki Activity

Add filesystem tests into kernel test and fix failure cases

Browse Source 
Make sure we do not remove filesystems we expect to have.

Fix the failure cases for the kernel tests which were not working properly
due to shell code.

Fix some 4.11 kernel changes in config that show up once tests are fixed.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This commit is contained in:
Justin Cormack 2017-06-12 11:31:23 +02:00
parent 5df3e2e6ed
commit 90a5cad216
8 changed files with 106 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
test/cases/020_kernel/000_config_4.4.x/test-kernel-config.yml
View File

@ -7,7 +7,7 @@ init:
- linuxkit/containerd:b50181bc6e0084e5fcd6b6ad3cf433c4f66cae5a - linuxkit/containerd:b50181bc6e0084e5fcd6b6ad3cf433c4f66cae5a
onboot: onboot:
- name: check-kernel-config - name: check-kernel-config
image: "linuxkit/test-kernel-config:ecff41279ccbc408079a3996a956432651c6eb9c" image: "linuxkit/test-kernel-config:2acaa564c1801dd2ae1546c70c472dc58ac030a1"
readonly: true readonly: true
- name: poweroff - name: poweroff
image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28" image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28"

2
test/cases/020_kernel/001_config_4.9.x/test-kernel-config.yml
View File

@ -7,7 +7,7 @@ init:
- linuxkit/containerd:b50181bc6e0084e5fcd6b6ad3cf433c4f66cae5a - linuxkit/containerd:b50181bc6e0084e5fcd6b6ad3cf433c4f66cae5a
onboot: onboot:
- name: check-kernel-config - name: check-kernel-config
image: "linuxkit/test-kernel-config:ecff41279ccbc408079a3996a956432651c6eb9c" image: "linuxkit/test-kernel-config:2acaa564c1801dd2ae1546c70c472dc58ac030a1"
readonly: true readonly: true
- name: poweroff - name: poweroff
image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28" image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28"

2
test/cases/020_kernel/003_config_4.11.x/test-kernel-config.yml
View File

@ -7,7 +7,7 @@ init:
- linuxkit/containerd:b50181bc6e0084e5fcd6b6ad3cf433c4f66cae5a - linuxkit/containerd:b50181bc6e0084e5fcd6b6ad3cf433c4f66cae5a
onboot: onboot:
- name: check-kernel-config - name: check-kernel-config
image: "linuxkit/test-kernel-config:ecff41279ccbc408079a3996a956432651c6eb9c" image: "linuxkit/test-kernel-config:2acaa564c1801dd2ae1546c70c472dc58ac030a1"
readonly: true readonly: true
- name: poweroff - name: poweroff
image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28" image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28"

2
test/hack/test.yml
View File

@ -12,7 +12,7 @@ onboot:
image: "linuxkit/dhcpcd:7d2b8aaaf20c24ad7d11a5ea2ea5b4a80dc966f1" image: "linuxkit/dhcpcd:7d2b8aaaf20c24ad7d11a5ea2ea5b4a80dc966f1"
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
- name: check-kernel-config - name: check-kernel-config
image: "linuxkit/test-kernel-config:ecff41279ccbc408079a3996a956432651c6eb9c" image: "linuxkit/test-kernel-config:2acaa564c1801dd2ae1546c70c472dc58ac030a1"
readonly: true readonly: true
- name: poweroff - name: poweroff
image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28" image: "linuxkit/poweroff:7404cf2295df89ccfa2dda41997a28307a90cf28"

2
test/pkg/kernel-config/Makefile
View File

@ -5,7 +5,7 @@ IMAGE=test-kernel-config
default: push default: push
hash: Dockerfile check.sh check-kernel-config.sh etc/linuxkit hash: Dockerfile check.sh check-kernel-config.sh
DOCKER_CONTENT_TRUST=1 docker pull $(BASE) DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
tar cf - $^ | docker build --no-cache -t $(IMAGE):build - tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
docker run --rm --entrypoint=/bin/sh $(IMAGE):build -c "cat $^ /lib/apk/db/installed | sha1sum" | sed 's/ .*//' > hash docker run --rm --entrypoint=/bin/sh $(IMAGE):build -c "cat $^ /lib/apk/db/installed | sha1sum" | sed 's/ .*//' > hash

138
test/pkg/kernel-config/check-kernel-config.sh
View File

@ -2,6 +2,11 @@
set -e set -e
function fail {
printf "FAILURE: $1\n"
FAILED=1
}
echo "starting kernel config sanity test with ${1:-/proc/config.gz}" echo "starting kernel config sanity test with ${1:-/proc/config.gz}"
if [ -n "$1" ]; then if [ -n "$1" ]; then
@ -19,59 +24,116 @@ kernelMinor="${kernelMinor%%.*}"
# Most tests against https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project # Most tests against https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project
# Positive cases # Positive cases
echo $UNZIPPED_CONFIG | grep -q CONFIG_BUG=y || (echo "CONFIG_BUG=y" && exit 1) echo $UNZIPPED_CONFIG | grep -q CONFIG_BUG=y || fail "CONFIG_BUG=y"
echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_KERNEL=y || (echo "CONFIG_DEBUG_KERNEL=y" && exit 1) echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_KERNEL=y || fail "CONFIG_DEBUG_KERNEL=y"
echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_RODATA=y || (echo "CONFIG_DEBUG_RODATA=y" && exit 1) echo $UNZIPPED_CONFIG | grep -q CONFIG_CC_STACKPROTECTOR=y || fail "CONFIG_CC_STACKPROTECTOR=y"
echo $UNZIPPED_CONFIG | grep -q CONFIG_CC_STACKPROTECTOR=y || (echo "CONFIG_CC_STACKPROTECTOR=y" && exit 1) echo $UNZIPPED_CONFIG | grep -q CONFIG_CC_STACKPROTECTOR_STRONG=y || fail "CONFIG_CC_STACKPROTECTOR_STRONG=y"
echo $UNZIPPED_CONFIG | grep -q CONFIG_CC_STACKPROTECTOR_STRONG=y || (echo "CONFIG_CC_STACKPROTECTOR_STRONG=y" && exit 1) echo $UNZIPPED_CONFIG | grep -q CONFIG_STRICT_DEVMEM=y || fail "CONFIG_STRICT_DEVMEM=y"
echo $UNZIPPED_CONFIG | grep -q CONFIG_STRICT_DEVMEM=y || (echo "CONFIG_STRICT_DEVMEM=y" && exit 1) echo $UNZIPPED_CONFIG | grep -q CONFIG_SYN_COOKIES=y || fail "CONFIG_SYN_COOKIES=y"
echo $UNZIPPED_CONFIG | grep -q CONFIG_SYN_COOKIES=y || (echo "CONFIG_SYN_COOKIES=y" && exit 1) echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_CREDENTIALS=y || fail "CONFIG_DEBUG_CREDENTIALS=y"
echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_CREDENTIALS=y || (echo "CONFIG_DEBUG_CREDENTIALS=y" && exit 1) echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_NOTIFIERS=y || fail "CONFIG_DEBUG_NOTIFIERS=y"
echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_NOTIFIERS=y || (echo "CONFIG_DEBUG_NOTIFIERS=y" && exit 1) echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_LIST=y || fail "CONFIG_DEBUG_LIST=y"
echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_LIST=y || (echo "CONFIG_DEBUG_LIST=y" && exit 1) echo $UNZIPPED_CONFIG | grep -q CONFIG_SECCOMP=y || fail "CONFIG_SECCOMP=y"
echo $UNZIPPED_CONFIG | grep -q CONFIG_SECCOMP=y || (echo "CONFIG_SECCOMP=y" && exit 1) echo $UNZIPPED_CONFIG | grep -q CONFIG_SECCOMP_FILTER=y || fail "CONFIG_SECCOMP_FILTER=y"
echo $UNZIPPED_CONFIG | grep -q CONFIG_SECCOMP_FILTER=y || (echo "CONFIG_SECCOMP_FILTER=y" && exit 1) echo $UNZIPPED_CONFIG | grep -q CONFIG_SECURITY=y || fail "CONFIG_SECURITY=y"
echo $UNZIPPED_CONFIG | grep -q CONFIG_SECURITY=y || (echo "CONFIG_SECURITY=y" && exit 1) echo $UNZIPPED_CONFIG | grep -q CONFIG_SECURITY_YAMA=y || fail "CONFIG_SECURITY_YAMA=y"
echo $UNZIPPED_CONFIG | grep -q CONFIG_SECURITY_YAMA=y || (echo "CONFIG_SECURITY_YAMA=y" && exit 1) echo $UNZIPPED_CONFIG | grep -q CONFIG_PANIC_ON_OOPS=y || fail "CONFIG_PANIC_ON_OOPS=y"
echo $UNZIPPED_CONFIG | grep -q CONFIG_PANIC_ON_OOPS=y || (echo "CONFIG_PANIC_ON_OOPS=y" && exit 1) echo $UNZIPPED_CONFIG | grep -q CONFIG_SYN_COOKIES=y || fail "CONFIG_SYN_COOKIES=y"
echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_SET_MODULE_RONX=y || (echo "CONFIG_DEBUG_SET_MODULE_RONX=y" && exit 1) echo $UNZIPPED_CONFIG | grep -q CONFIG_LEGACY_VSYSCALL_NONE=y || fail "CONFIG_LEGACY_VSYSCALL_NONE=y"
echo $UNZIPPED_CONFIG | grep -q CONFIG_SYN_COOKIES=y || (echo "CONFIG_SYN_COOKIES=y" && exit 1) echo $UNZIPPED_CONFIG | grep -q CONFIG_RANDOMIZE_BASE=y || fail "CONFIG_RANDOMIZE_BASE=y"
echo $UNZIPPED_CONFIG | grep -q CONFIG_LEGACY_VSYSCALL_NONE=y || (echo "CONFIG_LEGACY_VSYSCALL_NONE=y" && exit 1)
echo $UNZIPPED_CONFIG | grep -q CONFIG_RANDOMIZE_BASE=y || (echo "CONFIG_RANDOMIZE_BASE=y" && exit 1)
# Conditional on kernel version # Conditional on kernel version
if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 5 ]; then if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 5 ]; then
echo $UNZIPPED_CONFIG | grep -q CONFIG_IO_STRICT_DEVMEM=y || (echo "CONFIG_IO_STRICT_DEVMEM=y" && exit 1) echo $UNZIPPED_CONFIG | grep -q CONFIG_IO_STRICT_DEVMEM=y || fail "CONFIG_IO_STRICT_DEVMEM=y"
echo $UNZIPPED_CONFIG | grep -q CONFIG_UBSAN=y || (echo "CONFIG_UBSAN=y" && exit 1) echo $UNZIPPED_CONFIG | grep -q CONFIG_UBSAN=y || fail "CONFIG_UBSAN=y"
fi fi
if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 7 ]; then if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 7 ]; then
echo $UNZIPPED_CONFIG | grep -q CONFIG_SLAB_FREELIST_RANDOM=y || (echo "CONFIG_SLAB_FREELIST_RANDOM=y" && exit 1) echo $UNZIPPED_CONFIG | grep -q CONFIG_SLAB_FREELIST_RANDOM=y || fail "CONFIG_SLAB_FREELIST_RANDOM=y"
fi fi
if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 8 ]; then if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 8 ]; then
echo $UNZIPPED_CONFIG | grep -q CONFIG_HARDENED_USERCOPY=y || (echo "CONFIG_HARDENED_USERCOPY=y" && exit 1) echo $UNZIPPED_CONFIG | grep -q CONFIG_HARDENED_USERCOPY=y || fail "CONFIG_HARDENED_USERCOPY=y"
echo $UNZIPPED_CONFIG | grep -q CONFIG_RANDOMIZE_MEMORY=y || (echo "CONFIG_RANDOMIZE_MEMORY=y" && exit 1) echo $UNZIPPED_CONFIG | grep -q CONFIG_RANDOMIZE_MEMORY=y || fail "CONFIG_RANDOMIZE_MEMORY=y"
fi fi
# poisoning cannot be enabled in 4.4 # poisoning cannot be enabled in 4.4
if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 9 ]; then if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 9 ]; then
echo $UNZIPPED_CONFIG | grep -q CONFIG_PAGE_POISONING=y || (echo "CONFIG_PAGE_POISONING=y" && exit 1) echo $UNZIPPED_CONFIG | grep -q CONFIG_PAGE_POISONING=y || fail "CONFIG_PAGE_POISONING=y"
echo $UNZIPPED_CONFIG | grep -q CONFIG_PAGE_POISONING_NO_SANITY=y || (echo "CONFIG_PAGE_POISONING_NO_SANITY=y" && exit 1) echo $UNZIPPED_CONFIG | grep -q CONFIG_PAGE_POISONING_NO_SANITY=y || fail "CONFIG_PAGE_POISONING_NO_SANITY=y"
echo $UNZIPPED_CONFIG | grep -q CONFIG_PAGE_POISONING_ZERO=y || (echo "CONFIG_PAGE_POISONING_ZERO=y" && exit 1) echo $UNZIPPED_CONFIG | grep -q CONFIG_PAGE_POISONING_ZERO=y || fail "CONFIG_PAGE_POISONING_ZERO=y"
fi fi
if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 10 ]; then if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 10 ]; then
echo $UNZIPPED_CONFIG | grep -q CONFIG_BUG_ON_DATA_CORRUPTION=y || (echo "CONFIG_BUG_ON_DATA_CORRUPTION=y" && exit 1) echo $UNZIPPED_CONFIG | grep -q CONFIG_BUG_ON_DATA_CORRUPTION=y || fail "CONFIG_BUG_ON_DATA_CORRUPTION=y"
fi
if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -le 10 ]; then
echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_RODATA=y || fail "CONFIG_DEBUG_RODATA=y"
echo $UNZIPPED_CONFIG | grep -q CONFIG_DEBUG_SET_MODULE_RONX=y || fail "CONFIG_DEBUG_SET_MODULE_RONX=y"
fi
if [ "$kernelMajor" -ge 4 -a "$kernelMinor" -ge 11 ]; then
echo $UNZIPPED_CONFIG | grep -q CONFIG_STRICT_KERNEL_RWX=y || fail "CONFIG_STRICT_KERNEL_RWX=y"
fi fi
# Negative cases # Negative cases
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_ACPI_CUSTOM_METHOD is not set' || (echo "CONFIG_ACPI_CUSTOM_METHOD is not set" && exit 1) echo $UNZIPPED_CONFIG | grep -q 'CONFIG_ACPI_CUSTOM_METHOD is not set' || fail "CONFIG_ACPI_CUSTOM_METHOD is not set"
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_COMPAT_BRK is not set' || (echo "CONFIG_COMPAT_BRK is not set" && exit 1) echo $UNZIPPED_CONFIG | grep -q 'CONFIG_COMPAT_BRK is not set' || fail "CONFIG_COMPAT_BRK is not set"
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_DEVKMEM is not set' || (echo "CONFIG_DEVKMEM is not set" && exit 1) echo $UNZIPPED_CONFIG | grep -q 'CONFIG_DEVKMEM is not set' || fail "CONFIG_DEVKMEM is not set"
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_COMPAT_VDSO is not set' || (echo "CONFIG_COMPAT_VDSO is not set" && exit 1) echo $UNZIPPED_CONFIG | grep -q 'CONFIG_COMPAT_VDSO is not set' || fail "CONFIG_COMPAT_VDSO is not set"
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_KEXEC is not set' || (echo "CONFIG_KEXEC is not set" && exit 1) echo $UNZIPPED_CONFIG | grep -q 'CONFIG_KEXEC is not set' || fail "CONFIG_KEXEC is not set"
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_HIBERNATION is not set' || (echo "CONFIG_HIBERNATION is not set" && exit 1) echo $UNZIPPED_CONFIG | grep -q 'CONFIG_HIBERNATION is not set' || fail "CONFIG_HIBERNATION is not set"
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_LEGACY_PTYS is not set' || (echo "CONFIG_LEGACY_PTYS is not set" && exit 1) echo $UNZIPPED_CONFIG | grep -q 'CONFIG_LEGACY_PTYS is not set' || fail "CONFIG_LEGACY_PTYS is not set"
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_X86_X32 is not set' || (echo "CONFIG_X86_X32 is not set" && exit 1) echo $UNZIPPED_CONFIG | grep -q 'CONFIG_X86_X32 is not set' || fail "CONFIG_X86_X32 is not set"
echo $UNZIPPED_CONFIG | grep -q 'CONFIG_MODIFY_LDT_SYSCALL is not set' || (echo "CONFIG_MODIFY_LDT_SYSCALL is not set" && exit 1) echo $UNZIPPED_CONFIG | grep -q 'CONFIG_MODIFY_LDT_SYSCALL is not set' || fail "CONFIG_MODIFY_LDT_SYSCALL is not set"
echo "kernel config test succeeded!" # check filesystems that are built in
for fs in \
sysfs \
rootfs \
tmpfs \
bdev \
proc \
cpuset \
cgroup \
devtmpfs \
binfmt_misc \
debugfs \
tracefs \
securityfs \
sockfs \
bpf \
pipefs \
ramfs \
hugetlbfs \
rpc_pipefs \
devpts \
ext4 \
vfat \
msdos \
iso9660 \
nfs \
nfs4 \
nfsd \
cifs \
ntfs \
fuseblk \
fuse \
fusectl \
overlay \
udf \
xfs \
9p \
pstore \
mqueue \
oprofilefs
do
grep -q "[[:space:]]${fs}\$" /proc/filesystems || fail "${fs} filesystem missing"
done
if [ -z "$FAILED" ]
then
echo "kernel config test succeeded!"
else
echo "kernel config test failed!"
exit 1
fi

3
test/pkg/kernel-config/check.sh
View File

@ -2,11 +2,10 @@
function failed { function failed {
printf "Kernel config test suite FAILED\n" printf "Kernel config test suite FAILED\n"
exit 1
} }
/check-kernel-config.sh || failed /check-kernel-config.sh || failed
bash /check-config.sh || failed bash /check-config.sh || failed
printf "Kernel config test suite PASSED\n" printf "Kernel config test suite PASSED\n"
cat /etc/linuxkit

9
test/pkg/kernel-config/etc/linuxkit
View File

@ -1,9 +0,0 @@
## .
## ## ## ==
## ## ## ## ## ===
/"""""""""""""""""\___/ ===
~~~ {~~ ~~~~ ~~~ ~~~~ ~~~ ~ / ===- ~~~
\______ o __/
\ \ __/
\____\_______/