-
Notifications
You must be signed in to change notification settings - Fork 587
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
tests: add snapcraft sources for test-snapd-audit-control
Signed-off-by: Oliver Calder <[email protected]>
- Loading branch information
1 parent
b6aa250
commit 727df4d
Showing
5 changed files
with
95 additions
and
0 deletions.
There are no files selected for viewing
12 changes: 12 additions & 0 deletions
12
tests/lib/snaps/store/test-snapd-audit-control/adjust-oom-score
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| #!/bin/sh -e | ||
|
|
||
| orig="$(cat /proc/self/oom_score_adj)" | ||
| echo 123 > /proc/self/oom_score_adj | ||
| new="$(cat /proc/self/oom_score_adj)" | ||
| test "$new" = "123" | ||
| echo "Changed /proc/self/oom_score_adj from $orig to $new" | ||
|
|
||
| echo "$orig" > /proc/self/oom_score_adj | ||
| new="$(cat /proc/self/oom_score_adj)" | ||
| test "$new" = "$orig" | ||
| echo "Changed /proc/self/oom_score_adj back to $orig" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| #!/usr/bin/sh -e | ||
|
|
||
| # Only works when run as root. Rather than set up a daemon, just assume the | ||
| # caller will be root in the spread VM, and check that snap confinement only | ||
| # lets this work when the audit_control capability is set. | ||
|
|
||
| # Try to disable rate limit on audit logs. If the audit_control capability is | ||
| # set, then this will exit 0. Since auditd is not running, it will print the | ||
| # message "The audit system is disabled". If the audit_control capability is | ||
| # not set, then it will exit with a non-zero status. | ||
| auditctl -r 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| #!/bin/sh -e | ||
|
|
||
| # Attempt to read /proc/$pid/loginuid and /proc/$pid/sessionid for every known | ||
| # pid. | ||
| procs="$(find /proc -maxdepth 1 -type d -name '[0-9]*')" | ||
| for proc in $procs ; do | ||
| # proc is of the form "/proc/1234" | ||
| if ! [ -d "$proc" ] ; then | ||
| # Skip any pids which no longer exist | ||
| continue | ||
| fi | ||
| loginuid="$(cat "$proc/loginuid")" | ||
| sessionid="$(cat "$proc/sessionid")" | ||
| echo "$proc/loginuid: $loginuid" | ||
| echo "$proc/sessionid: $sessionid" | ||
| done |
39 changes: 39 additions & 0 deletions
39
tests/lib/snaps/store/test-snapd-audit-control/snap/snapcraft.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| name: test-snapd-audit-control | ||
| base: core22 | ||
| version: '1.1' | ||
| summary: Basic snap to test the audit-control interface | ||
| description: | | ||
| A basic snap which uses the audit_control capability, reads /proc/*/loginuid | ||
| and /proc/*/sessionid, writes /run/auditd.pid and /run/auditd.state, and | ||
| adjusts its OOM score. | ||
| grade: stable # must be 'stable' to release into candidate/stable channels | ||
| confinement: strict # use 'strict' once you have the right plugs and slots | ||
|
|
||
| parts: | ||
| auditd: | ||
| stage-packages: | ||
| - auditd | ||
| plugin: nil | ||
| bins: | ||
| plugin: dump | ||
| source: . | ||
| organize: | ||
| audit-rate: bin/ | ||
| read-ids: bin/ | ||
| write-auditd-pid-state: bin/ | ||
| adjust-oom-score: bin/ | ||
|
|
||
| apps: | ||
| audit-rate: | ||
| command: bin/audit-rate | ||
| plugs: [audit-control] | ||
| read-ids: | ||
| command: bin/read-ids | ||
| plugs: [audit-control] | ||
| write-auditd-pid-state: | ||
| command: bin/write-auditd-pid-state | ||
| plugs: [audit-control] | ||
| adjust-oom-score: | ||
| command: bin/adjust-oom-score | ||
| plugs: [audit-control] |
17 changes: 17 additions & 0 deletions
17
tests/lib/snaps/store/test-snapd-audit-control/write-auditd-pid-state
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| #!/bin/sh -e | ||
|
|
||
| for file in /run/auditd.pid /run/auditd.state /var/run/auditd.pid /var/run/auditd.state ; do | ||
| orig= | ||
| if [ -f "$file" ] ; then | ||
| orig="$(mktemp)" | ||
| cp --preserve=all "$file" "$orig" | ||
| fi | ||
| echo "wrote to $file" > "$file" | ||
| result="$(cat "$file")" | ||
| test "$result" = "wrote to $file" | ||
| echo "$result" | ||
| rm "$file" | ||
| if [ -n "$orig" ] ; then | ||
| mv "$orig" "$file" | ||
| fi | ||
| done |