[GSoC-18] Regression Test-Suite for Audit Framework [Week-6]

Mon Jun 25 18:49:02 UTC 2018

Hello All,

This week, I primarily focused on getting the final bit of code merged in
FreeBSD src and resolving the issues revealed therein. I also encountered a
few interesting bugs and had to think out of the box to resolve them.

1) In the case of system calls concerned with manipulating SysV semaphore
operations, there is an option to #define _WANT_SEMUN to access the
semun union which is used for various commands of semctl(2). As defined in
"sys/security/audit/audit_klib.c", each of those 'commands' is a unique
audit event so it is recommended to test them all individually. But for
some reason, the import of union semun wasn't working properly and it
resulted in multiple incorrect forward declarations. To resolve the issue,
I had to recompile the kernel from source as this change was introduced
in r330299 [1] by brooks@ and apparently, I did not have the updated
version of 12-CURRENT.

2) The wait4(2) issue with process control groups of system calls, about
which I had discussed a few emails back, turned out to be a false setback.
Usually, whenever I run my tests, I always have a clone of /dev/auditpipe
open in a separate window to monitor the actual execution of system calls
(Note: dtrace can also be used here). Now the auditpipe(4) device instance
"waits" for syscalls to enter the execution context and thus, this
extraneous wait4(2) tampers with tests by interfering with the syscall in
concern. Although this could lead to a problem if someone has both the
activities ongoing, however, Alan pointed out that these ATF tests would
rarely be run in a production environment so that wouldn't affect the
overall regression testing.

3) For setpgrp(2), I had to execute the tests from a forked child process
as for some reason, Kyua denied modifying the process group ID of the main
test-case process (with EPERM).

4) For some administrative syscalls like auditctl(2) and acct(2), I had to
figure out how to get them to audit successfully without tampering with the
system accounting records and the event auditing at /var/audit. For that, I
followed the approach of confirming whether these utilities are enabled in
the system or not. If so, then we might have to temporarily disrupt the
system auditing/accounting by configuring a different file path to allow
the tests to execute independently. Once done, restart the respective
daemons. For acct(2), I had to use sysctlbyname(3) to get the accounting
status as the normal system(3) utility outputs the exit status of the
command ("ken.acct_configured" in our case) rather than the value in
STDOUT.

5) I'm yet to figure out how to get mount(2) and nmount(2) to execute
successfully. I tried mounting some dummy filesystems like nullfs, tmpfs,
and even UFS. But all efforts were in vain. I'll try some workarounds for
this issue. If anybody has any suggestions in this regard, I'll be glad to
give it a try!

Apart from the issues mentioned above, the week was productive in general.
Almost all of my proposed work is now either in FreeBSD Head or is accepted
and waiting to be landed. Few miscellaneous syscalls' tests remain, and
I'll give them a run this week.

Also, I've updated the documentation of my project repository [2]. Since
the tests won't be in FreeBSD 11 Stable, I'll try to create a custom
installation script for users who want to run the tests in the older stable
version.

Thank you,
With best regards,
Aniket Pandey

[1] https://reviews.freebsd.org/rS330299
[2] https://github.com/aniketp/AuditTestSuite
Project wiki:
https://wiki.freebsd.org/SummerOfCode2018Projects/RegressionTestSuiteForAuditFramework