diff options
author | Alex Richardson <arichardson@FreeBSD.org> | 2021-02-18 10:14:27 +0000 |
---|---|---|
committer | Alex Richardson <arichardson@FreeBSD.org> | 2021-02-18 14:02:48 +0000 |
commit | df093aa9463b2121d8307fb91c4ba7cf17f4ea64 (patch) | |
tree | 2ac429b40d84f1c3e3cb7eecc013281013e10d11 /tests/sys/audit/administrative.c | |
parent | cbcfe28f9d5f975f97b7fb4a0d72bc9780eb0c46 (diff) | |
download | src-df093aa9463b2121d8307fb91c4ba7cf17f4ea64.tar.gz src-df093aa9463b2121d8307fb91c4ba7cf17f4ea64.zip |
tests/sys/audit: Avoid race caused by starting auditd(8) for testing
In the CheriBSD CI we reproducibly see the first test in sys/audit
(administrative:acct_failure) fail due to a missing startup message.
It appears this is caused by a race condition when starting auditd:
`service auditd onestart` returns as soon as the initial auditd() parent
exits (after the daemon(3) call).
We can avoid this problem by setting up the auditd infrastructure
in-process: libauditd contains audit_quick_{start,stop}() functions that
look like they are ideally suited to this task.
This patch also avoids forking lots of shell processes for each of the 418
tests by using `auditon(A_SENDTRIGGER, &trigger, sizeof(trigger))` to check
for a running auditd(8) instead of using `service auditd onestatus`.
With these two changes (and D28388 to fix the XFAIL'd test) I can now
boot and run `cd /usr/tests/sys/audit && kyua test` without any failures
in a single-core QEMU instance. Before there would always be at least one
failed test.
Besides making the tests more reliable in CI, a nice side-effect of this
change is that it also significantly speeds up running them by avoiding
lots of fork()/execve() caused by shell scripts:
Running kyua test on an AArch64 QEMU took 315s before and now takes 68s,
so it's roughly 3.5 times faster. This effect is even larger when running
on a CHERI-RISC-V QEMU since emulating CHERI instructions on an x86 host
is noticeably slower than emulating AArch64.
Test Plan: aarch64+amd64 QEMU no longer fail.
Reviewed By: asomers
Differential Revision: https://reviews.freebsd.org/D28451
Diffstat (limited to 'tests/sys/audit/administrative.c')
-rw-r--r-- | tests/sys/audit/administrative.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/tests/sys/audit/administrative.c b/tests/sys/audit/administrative.c index 4ec73f4710e0..d75f6147cdf4 100644 --- a/tests/sys/audit/administrative.c +++ b/tests/sys/audit/administrative.c @@ -341,10 +341,16 @@ ATF_TC_CLEANUP(auditctl_success, tc) * at the configured path. To reset this, we need to stop and start the * auditd(8) again. Here, we check if auditd(8) was running already * before the test started. If so, we stop and start it again. + * + * TODO: should we skip this test if auditd(8) is already running to + * avoid restarting it? */ - system("service auditd onestop > /dev/null 2>&1"); - if (!atf_utils_file_exists("started_auditd")) + if (!atf_utils_file_exists("started_fake_auditd")) { + system("service auditd onestop > /dev/null 2>&1"); system("service auditd onestart > /dev/null 2>&1"); + } else { + cleanup(); + } } |