Date: Tue, 26 Jun 2018 00:10:57 +0530 From: Aniket Pandey <aniketp@freebsd.org> To: soc-status@freebsd.org Cc: Alan Somers <asomers@freebsd.org>, George Neville-Neil <gnn@neville-neil.com>, robert.watson@cl.cam.ac.uk Subject: [GSoC-18] Regression Test-Suite for Audit Framework [Week-6] Message-ID: <CADsqe1CaRiCu8BJTgcNFpA1JjkhyQxw_vT6GAwpOAhwVC6C5GQ@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello All, This week, I primarily focused on getting the final bit of code merged in FreeBSD src and resolving the issues revealed therein. I also encountered a few interesting bugs and had to think out of the box to resolve them. 1) In the case of system calls concerned with manipulating SysV semaphore operations, there is an option to #define _WANT_SEMUN to access the semun union which is used for various commands of semctl(2). As defined in "sys/security/audit/audit_klib.c", each of those 'commands' is a unique audit event so it is recommended to test them all individually. But for some reason, the import of union semun wasn't working properly and it resulted in multiple incorrect forward declarations. To resolve the issue, I had to recompile the kernel from source as this change was introduced in r330299 [1] by brooks@ and apparently, I did not have the updated version of 12-CURRENT. 2) The wait4(2) issue with process control groups of system calls, about which I had discussed a few emails back, turned out to be a false setback. Usually, whenever I run my tests, I always have a clone of /dev/auditpipe open in a separate window to monitor the actual execution of system calls (Note: dtrace can also be used here). Now the auditpipe(4) device instance "waits" for syscalls to enter the execution context and thus, this extraneous wait4(2) tampers with tests by interfering with the syscall in concern. Although this could lead to a problem if someone has both the activities ongoing, however, Alan pointed out that these ATF tests would rarely be run in a production environment so that wouldn't affect the overall regression testing. 3) For setpgrp(2), I had to execute the tests from a forked child process as for some reason, Kyua denied modifying the process group ID of the main test-case process (with EPERM). 4) For some administrative syscalls like auditctl(2) and acct(2), I had to figure out how to get them to audit successfully without tampering with the system accounting records and the event auditing at /var/audit. For that, I followed the approach of confirming whether these utilities are enabled in the system or not. If so, then we might have to temporarily disrupt the system auditing/accounting by configuring a different file path to allow the tests to execute independently. Once done, restart the respective daemons. For acct(2), I had to use sysctlbyname(3) to get the accounting status as the normal system(3) utility outputs the exit status of the command ("ken.acct_configured" in our case) rather than the value in STDOUT. 5) I'm yet to figure out how to get mount(2) and nmount(2) to execute successfully. I tried mounting some dummy filesystems like nullfs, tmpfs, and even UFS. But all efforts were in vain. I'll try some workarounds for this issue. If anybody has any suggestions in this regard, I'll be glad to give it a try! Apart from the issues mentioned above, the week was productive in general. Almost all of my proposed work is now either in FreeBSD Head or is accepted and waiting to be landed. Few miscellaneous syscalls' tests remain, and I'll give them a run this week. Also, I've updated the documentation of my project repository [2]. Since the tests won't be in FreeBSD 11 Stable, I'll try to create a custom installation script for users who want to run the tests in the older stable version. Thank you, With best regards, Aniket Pandey [1] https://reviews.freebsd.org/rS330299 [2] https://github.com/aniketp/AuditTestSuite Project wiki: https://wiki.freebsd.org/SummerOfCode2018Projects/RegressionTestSuiteForAuditFramework
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADsqe1CaRiCu8BJTgcNFpA1JjkhyQxw_vT6GAwpOAhwVC6C5GQ>