Resolve conflict between the fusefs(5) and mac_bsdextended(4) tests

mac_bsdextended(4), when enabled, causes ordinary operations to send many more VOP_GETATTRs to file system. The fusefs tests expectations aren't written with those in mind. Optionally expecting them would greatly obfuscate the fusefs tests. Worse, certain fusefs functionality (like attribute caching) would be impossible to test if the tests couldn't expect an exact number of GETATTR operations. This commit resolves that conflict by making two changes: 1. The fusefs tests will now check for mac_bsdextended, and skip if it's enabled. 2. The mac_bsdextended tests will now check whether the module is enabled, not merely loaded. If it's loaded but disabled, the tests will automatically enable it for the duration of the tests. With these changes, a CI system can achieve best coverage by loading both fusefs and mac_bsdextended at boot, and setting security.mac.bsdextended.enabled=0 PR: 244229 Reported by: lwhsu Reviewed by: cem MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D24577
2020-05-02 20:14:59 +00:00 · 2020-05-02 20:14:59 +00:00 · 8d0b137513
commit 8d0b137513
parent 902df288ad
2 changed files with 24 additions and 1 deletions
--- a/tests/sys/fs/fusefs/utils.cc
+++ b/tests/sys/fs/fusefs/utils.cc
@ -70,6 +70,10 @@ const uint32_t default_max_write = MIN(libfuse_max_write, MAXPHYS / 2);
 void check_environment()
 {
 	const char *devnode = "/dev/fuse";
+	const char *bsdextended_node = "security.mac.bsdextended.enabled";
+	int bsdextended_val = 0;
+	size_t bsdextended_size = sizeof(bsdextended_val);
+	int bsdextended_found;
 	const char *usermount_node = "vfs.usermount";
 	int usermount_val = 0;
 	size_t usermount_size = sizeof(usermount_val);
@ -83,9 +87,19 @@ void check_environment()
 			GTEST_SKIP() << strerror(errno);
 		}
 	}
+	// mac_bsdextended(4), when enabled, generates many more GETATTR
+	// operations. The fusefs tests' expectations don't account for those,
+	// and adding extra code to handle them obfuscates the real purpose of
+	// the tests.  Better just to skip the fusefs tests if mac_bsdextended
+	// is enabled.
+	bsdextended_found = sysctlbyname(bsdextended_node, &bsdextended_val,
+					 &bsdextended_size, NULL, 0);
+	if (bsdextended_found == 0 && bsdextended_val != 0)
+		GTEST_SKIP() <<
+		    "The fusefs tests are incompatible with mac_bsdextended.";
 	ASSERT_EQ(sysctlbyname(usermount_node, &usermount_val, &usermount_size,
 			       NULL, 0),
-		  0);;
+		  0);
 	if (geteuid() != 0 && !usermount_val)
 		GTEST_SKIP() << "current user is not allowed to mount";
 }
--- a/tests/sys/mac/bsdextended/matches_test.sh
+++ b/tests/sys/mac/bsdextended/matches_test.sh
@ -16,6 +16,12 @@ check_ko()
 	if ! sysctl -N security.mac.bsdextended >/dev/null 2>&1; then
 		atf_skip "mac_bsdextended(4) support isn't available"
 	fi
+	if [ $(sysctl -n security.mac.bsdextended.enabled) = "0" ]; then
+		# The kernel module is loaded but disabled.  Enable it for the
+		# duration of the test.
+		touch enabled_bsdextended
+		sysctl security.mac.bsdextended.enabled=1
+	fi
 }

 setup()
@ -69,6 +75,9 @@ cleanup()
 	if [ -f md_device ]; then
 		mdconfig -d -u $( cat md_device )
 	fi
+	if [ -f enabled_bsdextended ]; then
+		sysctl security.mac.bsdextended.enabled=0
+	fi
 }

 atf_test_case no_rules cleanup