[GSoC-18] Regression Test-Suite for Audit Framework [Week-6]

Alan Somers asomers at freebsd.org
Mon Jun 25 19:18:08 UTC 2018 

On Mon, Jun 25, 2018 at 12:40 PM, Aniket Pandey <aniketp at freebsd.org> wrote:

> Hello All,
>
> This week, I primarily focused on getting the final bit of code merged in
> FreeBSD src and resolving the issues revealed therein. I also encountered a
> few interesting bugs and had to think out of the box to resolve them.
>
> 1) In the case of system calls concerned with manipulating SysV semaphore
> operations, there is an option to #define _WANT_SEMUN to access the
> semun union which is used for various commands of semctl(2). As defined in
> "sys/security/audit/audit_klib.c", each of those 'commands' is a unique
> audit event so it is recommended to test them all individually. But for
> some reason, the import of union semun wasn't working properly and it
> resulted in multiple incorrect forward declarations. To resolve the issue,
> I had to recompile the kernel from source as this change was introduced
> in r330299 [1] by brooks@ and apparently, I did not have the updated
> version of 12-CURRENT.
>

Recompiling the kernel can't have helped.  Brooks' change doesn't EXPOSE
semun if you DO define _WANT_SEMUN.  Rather, it HIDES semun if you DON"T
define _WANT_SEMUN.  Something else must've been the problem.


>
> 2) The wait4(2) issue with process control groups of system calls, about
> which I had discussed a few emails back, turned out to be a false setback.
> Usually, whenever I run my tests, I always have a clone of /dev/auditpipe
> open in a separate window to monitor the actual execution of system calls
> (Note: dtrace can also be used here). Now the auditpipe(4) device instance
> "waits" for syscalls to enter the execution context and thus, this
> extraneous wait4(2) tampers with tests by interfering with the syscall in
> concern. Although this could lead to a problem if someone has both the
> activities ongoing, however, Alan pointed out that these ATF tests would
> rarely be run in a production environment so that wouldn't affect the
> overall regression testing.
>

So the problem is that your test was completing or advancing too soon,
because it was matching an event generated from outside of Kyua?  That
sounds like a bug, and a very difficult one to debug.  You should add more
details to the regex to ensure that it doesn't happen again.  BTW,
auditpipe(4) can't "wait" for syscalls.  Only userland processes can call
"wait" or its variants.  And wait doesn't wait for syscalls; it waits for
processes to change their running state.


>
> 3) For setpgrp(2), I had to execute the tests from a forked child process
> as for some reason, Kyua denied modifying the process group ID of the main
> test-case process (with EPERM).
>
> 4) For some administrative syscalls like auditctl(2) and acct(2), I had to
> figure out how to get them to audit successfully without tampering with the
> system accounting records and the event auditing at /var/audit. For that, I
> followed the approach of confirming whether these utilities are enabled in
> the system or not. If so, then we might have to temporarily disrupt the
> system auditing/accounting by configuring a different file path to allow
> the tests to execute independently. Once done, restart the respective
> daemons. For acct(2), I had to use sysctlbyname(3) to get the accounting
> status as the normal system(3) utility outputs the exit status of the
> command ("ken.acct_configured" in our case) rather than the value in
> STDOUT.
>

sysctlbyname is also far faster than system(3).


>
> 5) I'm yet to figure out how to get mount(2) and nmount(2) to execute
> successfully. I tried mounting some dummy filesystems like nullfs, tmpfs,
> and even UFS. But all efforts were in vain. I'll try some workarounds for
> this issue. If anybody has any suggestions in this regard, I'll be glad to
> give it a try!
>
> Apart from the issues mentioned above, the week was productive in general.
> Almost all of my proposed work is now either in FreeBSD Head or is accepted
> and waiting to be landed. Few miscellaneous syscalls' tests remain, and
> I'll give them a run this week.
>
> Also, I've updated the documentation of my project repository [2]. Since
> the tests won't be in FreeBSD 11 Stable, I'll try to create a custom
> installation script for users who want to run the tests in the older stable
> version.
>

This is probably more work than it's worth.  It's likely that some of your
tests won't work on 11, because of changes to the syscalls involved.  If
you really want to run your tests on stable/11, then we should just go
through the normal MFC process.  I can show you how to do that.


>
> Thank you,
> With best regards,
> Aniket Pandey
>
> [1] https://reviews.freebsd.org/rS330299
> [2] https://github.com/aniketp/AuditTestSuite
> Project wiki:
> https://wiki.freebsd.org/SummerOfCode2018Projects/
> RegressionTestSuiteForAuditFramework
>
>

More information about the soc-status mailing list