1 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
2 From: Wolfgang Bumiller <w.bumiller@proxmox.com>
3 Date: Mon, 23 Jul 2018 17:23:08 +0200
4 Subject: [PATCH] tests: lxc-test-apparmor-mount: show a log on error
6 Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
7 (cherry picked from commit d6523915861f2289505a11140874001099dfdfdc)
9 src/tests/lxc-test-apparmor-mount | 24 ++++++++++++++++++++----
10 1 file changed, 20 insertions(+), 4 deletions(-)
12 diff --git a/src/tests/lxc-test-apparmor-mount b/src/tests/lxc-test-apparmor-mount
13 index ddcee8a7..144467c8 100755
14 --- a/src/tests/lxc-test-apparmor-mount
15 +++ b/src/tests/lxc-test-apparmor-mount
16 @@ -45,6 +45,7 @@ DONE=0
17 KNOWN_RELEASES="precise trusty xenial yakkety zesty"
18 MOUNTSR=/sys/kernel/security/apparmor/features/mount
21 cname=`basename $dnam`
23 run_cmd lxc-destroy -f -n $cname || true
24 @@ -56,12 +57,21 @@ cleanup() {
25 rm -Rf $HDIR /run/user/$(id -u $TUSER)
27 if [ $DONE -eq 0 ]; then
28 + echo 'Failed container log:' >&2
40 + truncate -s0 "$logfile"
45 # Only run on a normally configured ubuntu lxc system
46 @@ -74,6 +84,8 @@ if [ "$(id -u)" != "0" ]; then
50 +chmod 0666 "$logfile"
52 # This would be much simpler if we could run it as
53 # root. However, in order to not have the bind mount
54 # of an empty directory over the securitfs 'mount' directory
55 @@ -160,7 +172,7 @@ fi
56 run_cmd lxc-create -t download -n $cname -- -d ubuntu -r $release -a $ARCH
58 echo "test default confined container"
59 -run_cmd lxc-start -n $cname -d
60 +run_cmd lxc-start -n $cname -d -lDEBUG -o "$logfile"
61 run_cmd lxc-wait -n $cname -s RUNNING
62 pid=`run_cmd lxc-info -p -H -n $cname`
63 profile=`cat /proc/$pid/attr/current`
64 @@ -169,10 +181,11 @@ if [ "x$profile" != "x${default_profile}" ]; then
67 run_cmd lxc-stop -n $cname -k
70 echo "test regular unconfined container"
71 echo "lxc.apparmor.profile = unconfined" >> $HDIR/.local/share/lxc/$cname/config
72 -run_cmd lxc-start -n $cname -d
73 +run_cmd lxc-start -n $cname -d -lDEBUG -o "$logfile"
74 run_cmd lxc-wait -n $cname -s RUNNING
75 pid=`run_cmd lxc-info -p -H -n $cname`
76 profile=`cat /proc/$pid/attr/current`
77 @@ -181,6 +194,7 @@ if [ "x$profile" != "xunconfined" ]; then
80 run_cmd lxc-stop -n $cname -k
83 echo "masking $MOUNTSR"
84 mount --bind $dnam $MOUNTSR
85 @@ -198,7 +212,7 @@ fi
87 echo "test regular unconfined container"
88 echo "lxc.apparmor.profile = unconfined" >> $HDIR/.local/share/lxc/$cname/config
89 -run_cmd lxc-start -n $cname -d
90 +run_cmd lxc-start -n $cname -d -lDEBUG -o "$logfile"
91 run_cmd lxc-wait -n $cname -s RUNNING
92 pid=`run_cmd lxc-info -p -H -n $cname`
93 if [ "$pid" = "-1" ]; then
94 @@ -211,11 +225,12 @@ if [ "x$profile" != "xunconfined" ]; then
97 run_cmd lxc-stop -n $cname -k
100 echo "testing override"
101 sed -i '/apparmor.profile/d' $HDIR/.local/share/lxc/$cname/config
102 echo "lxc.apparmor.allow_incomplete = 1" >> $HDIR/.local/share/lxc/$cname/config
103 -run_cmd lxc-start -n $cname -d
104 +run_cmd lxc-start -n $cname -d -lDEBUG -o "$logfile"
105 run_cmd lxc-wait -n $cname -s RUNNING
106 pid=`run_cmd lxc-info -p -H -n $cname`
107 if [ "$pid" = "-1" ]; then
108 @@ -228,5 +243,6 @@ if [ "x$profile" != "x${default_profile}" ]; then
111 run_cmd lxc-stop -n $cname -k