def uffd_handler_paths(test_fc_session_root_path): """Build UFFD handler binaries.""" # pylint: disable=redefined-outer-name # The fixture pattern causes a pylint false positive for that rule. uffd_build_path = os.path.join(test_fc_session_root_path, build_tools.CARGO_RELEASE_REL_PATH) extra_args = '--release --target {}-unknown-linux-musl' extra_args = extra_args.format(platform.machine()) build_tools.cargo_build(uffd_build_path, extra_args=extra_args, src_dir='host_tools/uffd') release_binaries_path = os.path.join(test_fc_session_root_path, build_tools.CARGO_RELEASE_REL_PATH, build_tools.RELEASE_BINARIES_REL_PATH) valid_handler = os.path.normpath( os.path.join(release_binaries_path, 'valid_handler')) malicious_handler = os.path.normpath( os.path.join(release_binaries_path, 'malicious_handler')) yield { 'valid_handler': valid_handler, 'malicious_handler': malicious_handler, }
def test_build(test_session_root_path, features, build_type, target): """ Test different builds. This will generate build tests using the cartesian product of all features, build types (release/debug) and build targets (musl/gnu). """ extra_args = "--target {} ".format(target) if build_type == "release": extra_args += "--release " # The relative path of the binaries is computed using the build_type # (either release or debug) and if any features are provided also using # the features names. # For example, a default release build with no features will end up in # the relative directory "release", but for a vsock release build the # relative directory will be "release-vsock". rel_path = os.path.join( host.CARGO_BUILD_REL_PATH, build_type ) if features: rel_path += "-{}".format(features) extra_args = "--features {} ".format(features) build_path = os.path.join( test_session_root_path, rel_path ) host.cargo_build(build_path, extra_args=extra_args)
def test_build_release(test_session_root_path): """Test if a release-mode build works.""" build_path = os.path.join( test_session_root_path, host.CARGO_RELEASE_REL_PATH ) host.cargo_build(build_path, '--release')
def test_build(test_session_root_path, features, build_type, target): """ Test different builds. This will generate build tests using the cartesian product of all features, build types (release/debug) and build targets (musl/gnu). """ extra_env = '' extra_args = "--target {} ".format(target) if build_type == "release": extra_args += "--release " if "musl" in target: extra_env += "TARGET_CC=musl-gcc" # The relative path of the binaries is computed using the build_type # (either release or debug) and if any features are provided also using # the features names. # For example, a default release build with no features will end up in # the relative directory "release". rel_path = os.path.join(host.CARGO_BUILD_REL_PATH, build_type) if features: rel_path += "-{}".format(features) extra_args += "--features {} ".format(features) build_path = os.path.join(test_session_root_path, rel_path) host.cargo_build(build_path, extra_args=extra_args, extra_env=extra_env)
def bin_seccomp_paths(test_session_root_path): """Build jailers and jailed binaries to test seccomp. They currently consist of: * a jailer with a simple syscall whitelist; * a jailer with a (syscall, arguments) advanced whitelist; * a jailed binary that follows the seccomp rules; * a jailed binary that breaks the seccomp rules. """ # pylint: disable=redefined-outer-name # The fixture pattern causes a pylint false positive for that rule. seccomp_build_path = os.path.join( test_session_root_path, build_tools.CARGO_RELEASE_REL_PATH ) extra_args = '--release --target {}-unknown-linux-musl' extra_args = extra_args.format(platform.machine()) build_tools.cargo_build(seccomp_build_path, extra_args=extra_args, src_dir='integration_tests/security/demo_seccomp') release_binaries_path = os.path.join( test_session_root_path, build_tools.CARGO_RELEASE_REL_PATH, build_tools.RELEASE_BINARIES_REL_PATH ) demo_basic_jailer = os.path.normpath( os.path.join( release_binaries_path, 'demo_basic_jailer' ) ) demo_advanced_jailer = os.path.normpath( os.path.join( release_binaries_path, 'demo_advanced_jailer' ) ) demo_harmless = os.path.normpath( os.path.join( release_binaries_path, 'demo_harmless' ) ) demo_malicious = os.path.normpath( os.path.join( release_binaries_path, 'demo_malicious' ) ) yield { 'demo_basic_jailer': demo_basic_jailer, 'demo_advanced_jailer': demo_advanced_jailer, 'demo_harmless': demo_harmless, 'demo_malicious': demo_malicious }
def test_build_debug(test_session_root_path): """Test if a debug-mode build works.""" build_path = os.path.join( test_session_root_path, CARGO_DEBUG_REL_PATH ) host.cargo_build(build_path)
def test_build(test_session_root_path, features, build_type): """ Test different builds. Test builds using a cartesian product of possible features and build types. """ extra_args = "" if build_type == "release": extra_args += "--release " # The relative path of the binaries is computed using the build_type # (either release or debug) and if any features are provided also using # the features names. # For example, a default release build with no features will end up in # the relative directory "release", but for a vsock release build the # relative directory will be "release-vsock". rel_path = os.path.join(host.CARGO_BUILD_REL_PATH, build_type) if features: rel_path += "-{}".format(features) extra_args = "--features {} ".format(features) build_path = os.path.join(test_session_root_path, rel_path) host.cargo_build(build_path, extra_args=extra_args)
def test_build_debug_with_features(test_session_root_path): """Test if a debug-mode build works for supported features.""" build_path = os.path.join(test_session_root_path, CARGO_DEBUG_REL_PATH_FEATURES) # Building with multiple features is as simple as: # cargo build --features "feature1 feature2". We are currently # supporting only one features: vsock. host.cargo_build(build_path, '--features "{}"'.format('vsock'))
def test_arm_build_release(test_session_root_path): """Test cross compilation for arm in release mode.""" build_path = os.path.join( test_session_root_path, 'arm-build' ) host.cargo_build( build_path, '--target aarch64-unknown-linux-musl --release' )
def test_build_debug_with_features(test_session_root_path): """Test if a debug-mode build works for supported features.""" build_path = os.path.join( test_session_root_path, CARGO_DEBUG_REL_PATH_FEATURES ) # Building with multiple features is as simple as: # cargo build --features "feature1 feature2". We are currently # supporting only one features: vsock. host.cargo_build(build_path, '--features "{}"'.format('vsock'))
def test_build_release_with_features(test_session_root_path): """Test if a release-mode build works for supported features.""" build_path = os.path.join( test_session_root_path, CARGO_RELEASE_REL_PATH_FEATURES ) host.cargo_build( build_path, '--features "{}"'.format('vsock'), '--release' )
def aux_bin_paths(test_session_root_path): """Build external tools. They currently consist of: * a binary that can properly use the `clone()` syscall; * a very simple vsock client/server application; * a jailer with a simple syscall whitelist; * a jailer with a (syscall, arguments) advanced whitelist; * a jailed binary that follows the seccomp rules; * a jailed binary that breaks the seccomp rules. """ # pylint: disable=redefined-outer-name # The fixture pattern causes a pylint false positive for that rule. cloner_bin_path = os.path.join(test_session_root_path, 'newpid_cloner') _gcc_compile('host_tools/newpid_cloner.c', cloner_bin_path) test_vsock_bin_path = os.path.join(test_session_root_path, 'test_vsock') _gcc_compile("host_tools/test_vsock.c", test_vsock_bin_path) seccomp_build_path = os.path.join(test_session_root_path, build_tools.CARGO_RELEASE_REL_PATH) extra_args = '--release --target {}-unknown-linux-musl' extra_args = extra_args.format(platform.machine()) build_tools.cargo_build(seccomp_build_path, extra_args=extra_args, src_dir='integration_tests/security/demo_seccomp') release_binaries_path = os.path.join(test_session_root_path, build_tools.CARGO_RELEASE_REL_PATH, build_tools.RELEASE_BINARIES_REL_PATH) demo_basic_jailer = os.path.normpath( os.path.join(release_binaries_path, 'demo_basic_jailer')) demo_advanced_jailer = os.path.normpath( os.path.join(release_binaries_path, 'demo_advanced_jailer')) demo_harmless = os.path.normpath( os.path.join(release_binaries_path, 'demo_harmless')) demo_malicious = os.path.normpath( os.path.join(release_binaries_path, 'demo_malicious')) yield { 'cloner': cloner_bin_path, 'test_vsock': test_vsock_bin_path, 'demo_basic_jailer': demo_basic_jailer, 'demo_advanced_jailer': demo_advanced_jailer, 'demo_harmless': demo_harmless, 'demo_malicious': demo_malicious }
def bin_seccomp_paths(test_fc_session_root_path): """Build jailers and jailed binaries to test seccomp. They currently consist of: * a jailer that receives filter generated using seccompiler-bin; * a jailed binary that follows the seccomp rules; * a jailed binary that breaks the seccomp rules. """ # pylint: disable=redefined-outer-name # The fixture pattern causes a pylint false positive for that rule. seccomp_build_path = os.path.join( test_fc_session_root_path, build_tools.CARGO_RELEASE_REL_PATH ) extra_args = "--release --target {}-unknown-linux-musl" extra_args = extra_args.format(platform.machine()) build_tools.cargo_build( seccomp_build_path, extra_args=extra_args, src_dir="integration_tests/security/demo_seccomp", ) release_binaries_path = os.path.join( test_fc_session_root_path, build_tools.CARGO_RELEASE_REL_PATH, build_tools.RELEASE_BINARIES_REL_PATH, ) demo_jailer = os.path.normpath(os.path.join(release_binaries_path, "demo_jailer")) demo_harmless = os.path.normpath( os.path.join(release_binaries_path, "demo_harmless") ) demo_malicious = os.path.normpath( os.path.join(release_binaries_path, "demo_malicious") ) demo_panic = os.path.normpath(os.path.join(release_binaries_path, "demo_panic")) yield { "demo_jailer": demo_jailer, "demo_harmless": demo_harmless, "demo_malicious": demo_malicious, "demo_panic": demo_panic, }
def test_build(test_session_root_path, features, target): """ Test different builds. This will generate build tests using the cartesian product of all features and build targets (musl/gnu). """ extra_env = '' extra_args = "--target {} --release ".format(target) if "musl" in target: extra_env += "TARGET_CC=musl-gcc" rel_path = host.CARGO_RELEASE_REL_PATH if features: rel_path += "-{}".format(features) extra_args += "--features {} ".format(features) build_path = os.path.join(test_session_root_path, rel_path) host.cargo_build(build_path, extra_args=extra_args, extra_env=extra_env)
def aux_bin_paths(test_session_root_path): """Build external tools. They currently consist of: * a binary that can properly use the `clone()` syscall; * a very simple vsock client/server application; * a jailer with a simple syscall whitelist; * a jailer with a (syscall, arguments) advanced whitelist; * a jailed binary that follows the seccomp rules; * a jailed binary that breaks the seccomp rules. """ # pylint: disable=redefined-outer-name # The fixture pattern causes a pylint false positive for that rule. cloner_bin_path = os.path.join(test_session_root_path, 'newpid_cloner') _gcc_compile( 'host_tools/newpid_cloner.c', cloner_bin_path ) test_vsock_bin_path = os.path.join(test_session_root_path, 'test_vsock') _gcc_compile( "host_tools/test_vsock.c", test_vsock_bin_path ) seccomp_build_path = os.path.join( test_session_root_path, build_tools.CARGO_RELEASE_REL_PATH ) build_tools.cargo_build(seccomp_build_path, extra_args='--release', src_dir='integration_tests/security/demo_seccomp') release_binaries_path = os.path.join( test_session_root_path, build_tools.CARGO_RELEASE_REL_PATH, build_tools.RELEASE_BINARIES_REL_PATH ) demo_basic_jailer = os.path.normpath( os.path.join( release_binaries_path, 'demo_basic_jailer' ) ) demo_advanced_jailer = os.path.normpath( os.path.join( release_binaries_path, 'demo_advanced_jailer' ) ) demo_harmless = os.path.normpath( os.path.join( release_binaries_path, 'demo_harmless' ) ) demo_malicious = os.path.normpath( os.path.join( release_binaries_path, 'demo_malicious' ) ) yield { 'cloner': cloner_bin_path, 'test_vsock': test_vsock_bin_path, 'demo_basic_jailer': demo_basic_jailer, 'demo_advanced_jailer': demo_advanced_jailer, 'demo_harmless': demo_harmless, 'demo_malicious': demo_malicious }
def test_build_debug(test_session_root_path): """Test if a debug-mode build works.""" build_path = os.path.join(test_session_root_path, CARGO_DEBUG_REL_PATH) host.cargo_build(build_path)
def test_build_release(test_session_root_path): """Test if a release-mode build works.""" build_path = os.path.join(test_session_root_path, host.CARGO_RELEASE_REL_PATH) host.cargo_build(build_path, '--release')
def test_build_release_with_features(test_session_root_path): """Test if a release-mode build works for supported features.""" build_path = os.path.join(test_session_root_path, CARGO_RELEASE_REL_PATH_FEATURES) host.cargo_build(build_path, '--features "{}"'.format('vsock'), '--release')
def test_arm_build_release(test_session_root_path): """Test cross compilation for arm in release mode.""" build_path = os.path.join(test_session_root_path, 'arm-build') host.cargo_build(build_path, '--target aarch64-unknown-linux-musl --release')