[LTP] [PATCH v2 5/6] shell: Add tst_security.sh helper

Alexey Kodanev alexey.kodanev@oracle.com
Wed Dec 12 12:54:57 CET 2018


Hi Petr,
On 07.12.2018 15:35, Petr Vorel wrote:
> It prints info about AppArmor and SELinux and allows to disable it.
> This is due some false positives because improper usage or bugs
> in AppArmor profiles (e.g. traceroute, dnsmasq).
> 
> Signed-off-by: Petr Vorel <pvorel@suse.cz>
> ---
> 
...
>  
> -	if [ "$TST_NEEDS_ROOT" = 1 ]; then
> +	if [ "$TST_NEEDS_ROOT" = 1 ] || [ "$TST_DISABLE_APPARMOR" = 1 ] || [ "$TST_DISABLE_SELINUX" = 1 ]; then
>  		if [ "$(id -ru)" != 0 ]; then
>  			tst_brk TCONF "Must be super/root for this test!"
>  		fi
>  	fi
>  
> +	[ "$TST_DISABLE_APPARMOR" = 1 ] && tst_disable_apparmor
> +	[ "$TST_DISABLE_SELINUX" = 1 ] && tst_disable_selinux
> +
> +	if [ "$TST_SECURITY_WARN" = 1 ]; then
> +		tst_apparmor_enabled && \
> +			tst_res TINFO "AppArmor enabled, this may affect test results. Disable it with TST_DISABLE_APPARMOR=1 (requires super/root)"
> +		tst_selinux_enabled && \
> +			tst_res TINFO "SELinux enabled, this may affect test results. Disable it with TST_DISABLE_SELINUX=1 (requires super/root)"
> +	fi
> +
>  	tst_test_cmds $TST_NEEDS_CMDS

Since it may not affect test results, I don't think we should complicate
the tests with TST_SECURITY_WARN parameter. The usage is not obvious either.
Whether the test used dnsmasq or ping, for example, can be obtained from
$TST_NEEDS_CMDS.

And it's better to write these messages only if the test fails, suggesting
to change configuration.


More information about the ltp mailing list