diff options
Diffstat (limited to 'tools/xm-test/tests')
45 files changed, 745 insertions, 159 deletions
diff --git a/tools/xm-test/tests/Makefile.am b/tools/xm-test/tests/Makefile.am index c01cdd244d..0ba9076a1d 100644 --- a/tools/xm-test/tests/Makefile.am +++ b/tools/xm-test/tests/Makefile.am @@ -19,6 +19,7 @@ SUBDIRS = \ pause \ reboot \ sched-credit \ + security-acm \ sedf \ shutdown \ sysrq \ diff --git a/tools/xm-test/tests/block-create/01_block_attach_device_pos.py b/tools/xm-test/tests/block-create/01_block_attach_device_pos.py index 13e6a5efb8..5bbf1232b3 100644 --- a/tools/xm-test/tests/block-create/01_block_attach_device_pos.py +++ b/tools/xm-test/tests/block-create/01_block_attach_device_pos.py @@ -32,12 +32,12 @@ except ConsoleError, e: FAIL(str(e)) -block_attach(domain, "phy:ram1", "sdb1") +block_attach(domain, "phy:ram1", "xvda1") -try: - run = console.runCmd("cat /proc/partitions") +try: + run = console.runCmd("cat /proc/partitions") except ConsoleError, e: - FAIL(str(e)) + FAIL(str(e)) # Close the console domain.closeConsole() @@ -45,5 +45,5 @@ domain.closeConsole() # Stop the domain (nice shutdown) domain.stop() -if not re.search("sdb1",run["output"]): +if not re.search("xvda1",run["output"]): FAIL("Device is not actually connected to the domU") diff --git a/tools/xm-test/tests/block-create/02_block_attach_file_device_pos.py b/tools/xm-test/tests/block-create/02_block_attach_file_device_pos.py index b4e7c6974a..e70f58398b 100644 --- a/tools/xm-test/tests/block-create/02_block_attach_file_device_pos.py +++ b/tools/xm-test/tests/block-create/02_block_attach_file_device_pos.py @@ -32,10 +32,10 @@ except ConsoleError, e: FAIL(str(e)) -block_attach(domain, "file:/dev/ram1", "sdb2") +block_attach(domain, "file:/dev/ram1", "xvda1") try: - run = console.runCmd("cat /proc/partitions") + run = console.runCmd("cat /proc/partitions") except ConsoleError, e: FAIL(str(e)) @@ -45,5 +45,5 @@ domain.closeConsole() # Stop the domain (nice shutdown) domain.stop() -if not re.search("sdb2",run["output"]): - FAIL("Device is not actually connected to the domU") +if not re.search("xvda1",run["output"]): + FAIL("Device is not actually connected to the domU") diff --git a/tools/xm-test/tests/block-create/04_block_attach_device_repeatedly_pos.py b/tools/xm-test/tests/block-create/04_block_attach_device_repeatedly_pos.py index 6d9eb513fe..2e258840c4 100644 --- a/tools/xm-test/tests/block-create/04_block_attach_device_repeatedly_pos.py +++ b/tools/xm-test/tests/block-create/04_block_attach_device_repeatedly_pos.py @@ -30,14 +30,14 @@ except ConsoleError, e: FAIL(str(e)) for i in range(10): - status, output = traceCommand("xm block-attach %s phy:ram1 sdb1 w" % domain.getName()) - if i == 0 and status != 0: - FAIL("xm block attach returned invalid %i != 0" % status) - if i > 0 and status == 0: - FAIL("xm block-attach (repeat) returned invalid %i > 0" % status) - run = console.runCmd("cat /proc/partitions") - if not re.search("sdb1", run['output']): - FAIL("Device is not actually attached to domU") + status, output = traceCommand("xm block-attach %s phy:ram1 xvda1 w" % domain.getName()) + if i == 0 and status != 0: + FAIL("xm block attach returned invalid %i != 0" % status) + if i > 0 and status == 0: + FAIL("xm block-attach (repeat) returned invalid %i > 0" % status) + run = console.runCmd("cat /proc/partitions") + if not re.search("xvda1", run['output']): + FAIL("Device is not actually attached to domU") # Close the console domain.closeConsole() diff --git a/tools/xm-test/tests/block-create/05_block_attach_and_dettach_device_repeatedly_pos.py b/tools/xm-test/tests/block-create/05_block_attach_and_dettach_device_repeatedly_pos.py index db406fecd4..325e160937 100644 --- a/tools/xm-test/tests/block-create/05_block_attach_and_dettach_device_repeatedly_pos.py +++ b/tools/xm-test/tests/block-create/05_block_attach_and_dettach_device_repeatedly_pos.py @@ -32,15 +32,15 @@ except ConsoleError, e: for i in range(10): - block_attach(domain, "phy:ram1", "sdb1") - run = console.runCmd("cat /proc/partitions") - if not re.search("sdb1", run["output"]): - FAIL("Failed to attach block device: /proc/partitions does not show that!") - - block_detach(domain, "sdb1") - run = console.runCmd("cat /proc/partitions") - if re.search("sdb1", run["output"]): - FAIL("Failed to dettach block device: /proc/partitions still showing that!") + block_attach(domain, "phy:ram1", "xvda1") + run = console.runCmd("cat /proc/partitions") + if not re.search("xvda1", run["output"]): + FAIL("Failed to attach block device: /proc/partitions does not show that!") + + block_detach(domain, "xvda1") + run = console.runCmd("cat /proc/partitions") + if re.search("xvda1", run["output"]): + FAIL("Failed to dettach block device: /proc/partitions still showing that!") # Close the console domain.closeConsole() diff --git a/tools/xm-test/tests/block-create/06_block_attach_baddomain_neg.py b/tools/xm-test/tests/block-create/06_block_attach_baddomain_neg.py index edfeba1643..958b13e1ea 100644 --- a/tools/xm-test/tests/block-create/06_block_attach_baddomain_neg.py +++ b/tools/xm-test/tests/block-create/06_block_attach_baddomain_neg.py @@ -8,13 +8,11 @@ from XmTestLib import * if ENABLE_HVM_SUPPORT: SKIP("Block-attach not supported for HVM domains") -status, output = traceCommand("xm block-attach NOT-EXIST phy:ram1 sdb1 w") +status, output = traceCommand("xm block-attach NOT-EXIST phy:ram1 xvda1 w") eyecatcher = "Error" where = output.find(eyecatcher) if status == 0: - FAIL("xm block-attach returned bad status, expected non 0, status is: %i" % status ) + FAIL("xm block-attach returned bad status, expected non 0, status is: %i" % status ) elif where == -1: - FAIL("xm block-attach returned bad output, expected Error, output is: %s" % output ) - - + FAIL("xm block-attach returned bad output, expected Error, output is: %s" % output ) diff --git a/tools/xm-test/tests/block-create/07_block_attach_baddevice_neg.py b/tools/xm-test/tests/block-create/07_block_attach_baddevice_neg.py index f2043d7dd3..3e9f0f2514 100644 --- a/tools/xm-test/tests/block-create/07_block_attach_baddevice_neg.py +++ b/tools/xm-test/tests/block-create/07_block_attach_baddevice_neg.py @@ -30,18 +30,18 @@ except ConsoleError, e: FAIL(str(e)) -status, output = traceCommand("xm block-attach %s phy:NOT-EXIST sdb1 w" % domain.getName()) +status, output = traceCommand("xm block-attach %s phy:NOT-EXIST xvda1 w" % domain.getName()) eyecatcher = "Error" where = output.find(eyecatcher) if status == 0: - FAIL("xm block-attach returned bad status, expected non 0, status is: %i" % status ) + FAIL("xm block-attach returned bad status, expected non 0, status is: %i" % status ) elif where == -1: - FAIL("xm block-attach returned bad output, expected Error, output is: %s" % output ) + FAIL("xm block-attach returned bad output, expected Error, output is: %s" % output ) try: - run = console.runCmd("cat /proc/partitions") + run = console.runCmd("cat /proc/partitions") except ConsoleError, e: - FAIL(str(e)) + FAIL(str(e)) # Close the console domain.closeConsole() @@ -49,5 +49,5 @@ domain.closeConsole() # Stop the domain (nice shutdown) domain.stop() -if re.search("sdb1",run["output"]): - FAIL("Non existent Device was connected to the domU") +if re.search("xvda1",run["output"]): + FAIL("Non existent Device was connected to the domU") diff --git a/tools/xm-test/tests/block-create/08_block_attach_bad_filedevice_neg.py b/tools/xm-test/tests/block-create/08_block_attach_bad_filedevice_neg.py index b1c776d71a..802e101147 100644 --- a/tools/xm-test/tests/block-create/08_block_attach_bad_filedevice_neg.py +++ b/tools/xm-test/tests/block-create/08_block_attach_bad_filedevice_neg.py @@ -29,18 +29,18 @@ except ConsoleError, e: saveLog(console.getHistory()) FAIL(str(e)) -status, output = traceCommand("xm block-attach %s file:/dev/NOT-EXIST sdb1 w" % domain.getName()) +status, output = traceCommand("xm block-attach %s file:/dev/NOT-EXIST xvda1 w" % domain.getName()) eyecatcher = "Error" where = output.find(eyecatcher) if status == 0: - FAIL("xm block-attach returned bad status, expected non 0, status is: %i" % status ) + FAIL("xm block-attach returned bad status, expected non 0, status is: %i" % status ) elif where == -1: - FAIL("xm block-attach returned bad output, expected Error, output is: %s" % output ) - + FAIL("xm block-attach returned bad output, expected Error, output is: %s" % output ) + try: - run = console.runCmd("cat /proc/partitions") + run = console.runCmd("cat /proc/partitions") except ConsoleError, e: - FAIL(str(e)) + FAIL(str(e)) # Close the console domain.closeConsole() @@ -48,5 +48,5 @@ domain.closeConsole() # Stop the domain (nice shutdown) domain.stop() -if re.search("sdb1",run["output"]): - FAIL("Non existent Device was connected to the domU") +if re.search("xvda1",run["output"]): + FAIL("Non existent Device was connected to the domU") diff --git a/tools/xm-test/tests/block-create/09_block_attach_and_dettach_device_check_data_pos.py b/tools/xm-test/tests/block-create/09_block_attach_and_dettach_device_check_data_pos.py index b997379a25..b97b70c499 100644 --- a/tools/xm-test/tests/block-create/09_block_attach_and_dettach_device_check_data_pos.py +++ b/tools/xm-test/tests/block-create/09_block_attach_and_dettach_device_check_data_pos.py @@ -12,7 +12,7 @@ if ENABLE_HVM_SUPPORT: SKIP("Block-attach not supported for HVM domains") # Create a domain (default XmTestDomain, with our ramdisk) -domain = XmTestDomain() +domain = XmTestDomain(extraConfig={"extra":"rw"}) try: console = domain.start() @@ -35,27 +35,27 @@ if s != 0: FAIL("mke2fs returned %i != 0" % s) for i in range(10): - block_attach(domain, "phy:ram1", "hda1") - run = console.runCmd("cat /proc/partitions") - if not re.search("hda1", run["output"]): - FAIL("Failed to attach block device: /proc/partitions does not show that!") - - console.runCmd("mkdir -p /mnt/hda1; mount /dev/hda1 /mnt/hda1") - - if i: - run = console.runCmd("cat /mnt/hda1/myfile | grep %s" % (i-1)) - if run['return']: - FAIL("File created was lost or not updated!") - - console.runCmd("echo \"%s\" > /mnt/hda1/myfile" % i) - run = console.runCmd("cat /mnt/hda1/myfile") - print run['output'] - console.runCmd("umount /mnt/hda1") - - block_detach(domain, "hda1") - run = console.runCmd("cat /proc/partitions") - if re.search("hda1", run["output"]): - FAIL("Failed to dettach block device: /proc/partitions still showing that!") + block_attach(domain, "phy:ram1", "xvda1") + run = console.runCmd("cat /proc/partitions") + if not re.search("xvda1", run["output"]): + FAIL("Failed to attach block device: /proc/partitions does not show that!") + + console.runCmd("mkdir -p /mnt/xvda1; mount /dev/xvda1 /mnt/xvda1") + + if i: + run = console.runCmd("cat /mnt/xvda1/myfile | grep %s" % (i-1)) + if run['return']: + FAIL("File created was lost or not updated!") + + console.runCmd("echo \"%s\" > /mnt/xvda1/myfile" % i) + run = console.runCmd("cat /mnt/xvda1/myfile") + print run['output'] + console.runCmd("umount /mnt/xvda1") + + block_detach(domain, "xvda1") + run = console.runCmd("cat /proc/partitions") + if re.search("xvda1", run["output"]): + FAIL("Failed to dettach block device: /proc/partitions still showing that!") # Close the console domain.closeConsole() diff --git a/tools/xm-test/tests/block-create/10_block_attach_dettach_multiple_devices.py b/tools/xm-test/tests/block-create/10_block_attach_dettach_multiple_devices.py index 833f75c21a..3ac6078388 100644 --- a/tools/xm-test/tests/block-create/10_block_attach_dettach_multiple_devices.py +++ b/tools/xm-test/tests/block-create/10_block_attach_dettach_multiple_devices.py @@ -15,7 +15,7 @@ from XmTestLib.block_utils import * def availableRamdisks(): i = 0 while os.access("/dev/ram%d" % i, os.F_OK ): - i += 1 + i += 1 return i @@ -36,7 +36,7 @@ def detach(devname): return -2, "Failed to detach block device: /proc/partitions still showing that!" return 0, None - + if ENABLE_HVM_SUPPORT: SKIP("Block-attach not supported for HVM domains") @@ -69,22 +69,22 @@ while i < ramdisks or devices: op = random.randint(0,1) # 1 = attach, 0 = detach if (not devices or op) and i < ramdisks: i += 1 - devname = "/dev/hda%d" % i - phy = "/dev/ram%d" % i - print "Attaching %s to %s" % (devname, phy) - status, msg = attach( phy, devname ) - if status: - FAIL(msg) - else: - devices.append(devname) + devname = "/dev/xvda%d" % i + phy = "/dev/ram%d" % i + print "Attaching %s to %s" % (devname, phy) + status, msg = attach( phy, devname ) + if status: + FAIL(msg) + else: + devices.append(devname) elif devices: devname = random.choice(devices) - devices.remove(devname) - print "Detaching %s" % devname - status, msg = detach(devname) - if status: - FAIL(msg) + devices.remove(devname) + print "Detaching %s" % devname + status, msg = detach(devname) + if status: + FAIL(msg) # Close the console domain.closeConsole() diff --git a/tools/xm-test/tests/block-create/11_block_attach_shared_dom0.py b/tools/xm-test/tests/block-create/11_block_attach_shared_dom0.py index 43f55e234c..1b8a289394 100644 --- a/tools/xm-test/tests/block-create/11_block_attach_shared_dom0.py +++ b/tools/xm-test/tests/block-create/11_block_attach_shared_dom0.py @@ -24,7 +24,7 @@ if s != 0: # Now try to start a DomU with write access to /dev/ram0 -config = {"disk":"phy:/dev/ram0,hda1,w"} +config = {"disk":"phy:/dev/ram0,xvda1,w"} domain = XmTestDomain(extraConfig=config); diff --git a/tools/xm-test/tests/block-create/12_block_attach_shared_domU.py b/tools/xm-test/tests/block-create/12_block_attach_shared_domU.py index 362e5039e8..79c9571f8c 100644 --- a/tools/xm-test/tests/block-create/12_block_attach_shared_domU.py +++ b/tools/xm-test/tests/block-create/12_block_attach_shared_domU.py @@ -8,7 +8,7 @@ from XmTestLib import * if ENABLE_HVM_SUPPORT: SKIP("Block-attach not supported for HVM domains") -config = {"disk":"phy:/dev/ram0,hda1,w"} +config = {"disk":"phy:/dev/ram0,xvda1,w"} dom1 = XmTestDomain(extraConfig=config) dom2 = XmTestDomain(dom1.getName() + "-2", diff --git a/tools/xm-test/tests/block-destroy/01_block-destroy_btblock_pos.py b/tools/xm-test/tests/block-destroy/01_block-destroy_btblock_pos.py index 835dfa9b1d..1d056841cc 100644 --- a/tools/xm-test/tests/block-destroy/01_block-destroy_btblock_pos.py +++ b/tools/xm-test/tests/block-destroy/01_block-destroy_btblock_pos.py @@ -9,7 +9,7 @@ from XmTestLib.block_utils import block_detach if ENABLE_HVM_SUPPORT: SKIP("Block-detach not supported for HVM domains") -config = {"disk":"phy:/dev/ram0,hda1,w"} +config = {"disk":"phy:/dev/ram0,xvda1,w"} domain = XmTestDomain(extraConfig=config) try: @@ -21,7 +21,7 @@ except DomainError, e: try: console.setHistorySaveCmds(value=True) - run = console.runCmd("cat /proc/partitions | grep hda1") + run = console.runCmd("cat /proc/partitions | grep xvda1") run2 = console.runCmd("cat /proc/partitions") except ConsoleError, e: FAIL(str(e)) @@ -29,10 +29,10 @@ except ConsoleError, e: if run["return"] != 0: FAIL("block device isn't attached; can't detach!") -block_detach(domain, "hda1") +block_detach(domain, "xvda1") try: - run = console.runCmd("cat /proc/partitions | grep hda1") + run = console.runCmd("cat /proc/partitions | grep xvda1") except ConsoleError, e: saveLog(console.getHistory()) FAIL(str(e)) diff --git a/tools/xm-test/tests/block-destroy/02_block-destroy_rtblock_pos.py b/tools/xm-test/tests/block-destroy/02_block-destroy_rtblock_pos.py index 47ff9a6fe5..cf6329228a 100644 --- a/tools/xm-test/tests/block-destroy/02_block-destroy_rtblock_pos.py +++ b/tools/xm-test/tests/block-destroy/02_block-destroy_rtblock_pos.py @@ -18,9 +18,9 @@ except DomainError, e: print e.extra FAIL("Unable to create domain") -block_attach(domain, "phy:/dev/ram0", "hda1") +block_attach(domain, "phy:/dev/ram0", "xvda1") try: - run = console.runCmd("cat /proc/partitions | grep hda1") + run = console.runCmd("cat /proc/partitions | grep xvda1") except ConsoleError, e: saveLog(console.getHistory()) FAIL(str(e)) @@ -28,9 +28,9 @@ except ConsoleError, e: if run["return"] != 0: FAIL("Failed to verify that block dev is attached") -block_detach(domain, "hda1") +block_detach(domain, "xvda1") try: - run = console.runCmd("cat /proc/partitions | grep hda1") + run = console.runCmd("cat /proc/partitions | grep xvda1") except ConsoleError, e: saveLog(console.getHistory()) FAIL(str(e)) diff --git a/tools/xm-test/tests/block-destroy/04_block-destroy_nonattached_neg.py b/tools/xm-test/tests/block-destroy/04_block-destroy_nonattached_neg.py index eea2027771..d7df7ac317 100644 --- a/tools/xm-test/tests/block-destroy/04_block-destroy_nonattached_neg.py +++ b/tools/xm-test/tests/block-destroy/04_block-destroy_nonattached_neg.py @@ -19,7 +19,7 @@ except DomainError, e: print e.extra FAIL("Unable to create domain") -status, output = traceCommand("xm block-detach %s sda1" % domain.getId()) +status, output = traceCommand("xm block-detach %s xvda1" % domain.getId()) eyecatcher1 = "Error:" eyecatcher2 = "Traceback" diff --git a/tools/xm-test/tests/block-destroy/05_block-destroy_byname_pos.py b/tools/xm-test/tests/block-destroy/05_block-destroy_byname_pos.py index d77e587c33..7e3d9904da 100644 --- a/tools/xm-test/tests/block-destroy/05_block-destroy_byname_pos.py +++ b/tools/xm-test/tests/block-destroy/05_block-destroy_byname_pos.py @@ -9,7 +9,7 @@ from XmTestLib.block_utils import block_detach if ENABLE_HVM_SUPPORT: SKIP("Block-detach not supported for HVM domains") -config = {"disk":"phy:/dev/ram0,hda1,w"} +config = {"disk":"phy:/dev/ram0,xvda1,w"} domain = XmTestDomain(extraConfig=config) try: @@ -20,7 +20,7 @@ except DomainError, e: FAIL("Unable to create domain") try: - run = console.runCmd("cat /proc/partitions | grep hda1") + run = console.runCmd("cat /proc/partitions | grep xvda1") run2 = console.runCmd("cat /proc/partitions") except ConsoleError, e: FAIL(str(e)) @@ -28,10 +28,10 @@ except ConsoleError, e: if run["return"] != 0: FAIL("block device isn't attached; can't detach!") -block_detach(domain, "hda1") +block_detach(domain, "xvda1") try: - run = console.runCmd("cat /proc/partitions | grep hda1") + run = console.runCmd("cat /proc/partitions | grep xvda1") except ConsoleError, e: saveLog(console.getHistory()) FAIL(str(e)) diff --git a/tools/xm-test/tests/block-destroy/06_block-destroy_check_list_pos.py b/tools/xm-test/tests/block-destroy/06_block-destroy_check_list_pos.py index 38d60a92c1..292db063d6 100644 --- a/tools/xm-test/tests/block-destroy/06_block-destroy_check_list_pos.py +++ b/tools/xm-test/tests/block-destroy/06_block-destroy_check_list_pos.py @@ -12,7 +12,7 @@ def checkXmLongList(domain): s, o = traceCommand("xm list --long %s" % domain.getName()) if s != 0: FAIL("xm list --long <dom> failed") - if re.search("hda1", o): + if re.search("xvda1", o): return True else: return False @@ -27,12 +27,12 @@ try: except DomainError,e: FAIL(str(e)) -block_attach(domain, "phy:/dev/ram0", "hda1") +block_attach(domain, "phy:/dev/ram0", "xvda1") if not checkXmLongList(domain): - FAIL("xm long list does not show that hda1 was attached") + FAIL("xm long list does not show that xvda1 was attached") -block_detach(domain, "hda1") +block_detach(domain, "xvda1") if checkXmLongList(domain): - FAIL("xm long list does not show that hda1 was removed") + FAIL("xm long list does not show that xvda1 was removed") diff --git a/tools/xm-test/tests/block-integrity/01_block_device_read_verify.py b/tools/xm-test/tests/block-integrity/01_block_device_read_verify.py index b4f03da628..28531f1559 100644 --- a/tools/xm-test/tests/block-integrity/01_block_device_read_verify.py +++ b/tools/xm-test/tests/block-integrity/01_block_device_read_verify.py @@ -33,10 +33,10 @@ s, o = traceCommand("md5sum /dev/ram1") dom0_md5sum_match = re.search(r"^[\dA-Fa-f]{32}", o, re.M) -block_attach(domain, "phy:ram1", "hda1") +block_attach(domain, "phy:ram1", "xvda1") try: - run = console.runCmd("md5sum /dev/hda1") + run = console.runCmd("md5sum /dev/xvda1") except ConsoleError, e: FAIL(str(e)) diff --git a/tools/xm-test/tests/block-integrity/02_block_device_write_verify.py b/tools/xm-test/tests/block-integrity/02_block_device_write_verify.py index f8fa19aa8b..ed791a008a 100644 --- a/tools/xm-test/tests/block-integrity/02_block_device_write_verify.py +++ b/tools/xm-test/tests/block-integrity/02_block_device_write_verify.py @@ -28,12 +28,12 @@ except DomainError, e: console.setHistorySaveCmds(value=True) -block_attach(domain, "phy:ram1", "hda1") +block_attach(domain, "phy:ram1", "xvda1") console.setTimeout(120) try: - run = console.runCmd("dd if=/dev/urandom bs=512 count=`cat /sys/block/hda1/size` | tee /dev/hda1 | md5sum") + run = console.runCmd("dd if=/dev/urandom bs=512 count=`cat /sys/block/xvda1/size` | tee /dev/xvda1 | md5sum") except ConsoleError, e: FAIL(str(e)) diff --git a/tools/xm-test/tests/block-list/01_block-list_pos.py b/tools/xm-test/tests/block-list/01_block-list_pos.py index 05df76c189..2b19208d97 100644 --- a/tools/xm-test/tests/block-list/01_block-list_pos.py +++ b/tools/xm-test/tests/block-list/01_block-list_pos.py @@ -11,7 +11,7 @@ from XmTestLib import * if ENABLE_HVM_SUPPORT: SKIP("Block-list not supported for HVM domains") -config = {"disk":"phy:/dev/ram0,hda1,w"} +config = {"disk":"phy:/dev/ram0,xvda1,w"} domain = XmTestDomain(extraConfig=config) try: @@ -22,7 +22,7 @@ except DomainError, e: FAIL("Unable to create domain") status, output = traceCommand("xm block-list %s" % domain.getId()) -eyecatcher = "769" +eyecatcher = "51713" where = output.find(eyecatcher) if status != 0: FAIL("xm block-list returned bad status, expected 0, status is %i" % status) @@ -31,7 +31,7 @@ elif where < 0: #Verify the block device on DomainU try: - run = console.runCmd("cat /proc/partitions | grep hda1") + run = console.runCmd("cat /proc/partitions | grep xvda1") except ConsoleError, e: saveLog(console.getHistory()) FAIL(str(e)) diff --git a/tools/xm-test/tests/block-list/02_block-list_attachbd_pos.py b/tools/xm-test/tests/block-list/02_block-list_attachbd_pos.py index 256b44d951..8ad0df3a0c 100644 --- a/tools/xm-test/tests/block-list/02_block-list_attachbd_pos.py +++ b/tools/xm-test/tests/block-list/02_block-list_attachbd_pos.py @@ -22,11 +22,11 @@ except DomainError, e: FAIL("Unable to create domain") #Attach one virtual block device to domainU -block_attach(domain, "phy:/dev/ram0", "hda1") +block_attach(domain, "phy:/dev/ram0", "xvda1") #Verify block-list on Domain0 status, output = traceCommand("xm block-list %s" % domain.getId()) -eyecatcher = "769" +eyecatcher = "51713" where = output.find(eyecatcher) if status != 0: FAIL("xm block-list returned bad status, expected 0, status is %i" % status) @@ -35,7 +35,7 @@ elif where < 0 : #Verify attached block device on DomainU try: - run = console.runCmd("cat /proc/partitions | grep hda1") + run = console.runCmd("cat /proc/partitions | grep xvda1") except ConsoleError, e: saveLog(console.getHistory()) FAIL(str(e)) diff --git a/tools/xm-test/tests/block-list/03_block-list_anotherbd_pos.py b/tools/xm-test/tests/block-list/03_block-list_anotherbd_pos.py index 1556b065ef..b128ec1bba 100644 --- a/tools/xm-test/tests/block-list/03_block-list_anotherbd_pos.py +++ b/tools/xm-test/tests/block-list/03_block-list_anotherbd_pos.py @@ -11,7 +11,7 @@ from XmTestLib import * if ENABLE_HVM_SUPPORT: SKIP("Block-list not supported for HVM domains") -config = {"disk":"phy:/dev/ram0,hda1,w"} +config = {"disk":"phy:/dev/ram0,xvda1,w"} domain = XmTestDomain(extraConfig=config) try: @@ -26,14 +26,14 @@ if status != 0: FAIL("Fail to list block device") #Add another virtual block device to the domain -status, output = traceCommand("xm block-attach %s phy:/dev/ram1 hda2 w" % domain.getId()) +status, output = traceCommand("xm block-attach %s phy:/dev/ram1 xvda2 w" % domain.getId()) if status != 0: FAIL("Fail to attach block device") #Verify block-list on Domain0 status, output = traceCommand("xm block-list %s" % domain.getId()) -eyecatcher1 = "769" -eyecatcher2 = "770" +eyecatcher1 = "51713" +eyecatcher2 = "51714" where1 = output.find(eyecatcher1) where2 = output.find(eyecatcher2) if status != 0: @@ -43,7 +43,7 @@ elif (where1 < 0) and (where2 < 0): #Verify attached block device on DomainU try: - run = console.runCmd("cat /proc/partitions | grep hda1;cat /proc/partitions | grep hda2") + run = console.runCmd("cat /proc/partitions | grep xvda1;cat /proc/partitions | grep xvda2") except ConsoleError, e: saveLog(console.getHistory()) FAIL(str(e)) diff --git a/tools/xm-test/tests/block-list/06_block-list_checkremove_pos.py b/tools/xm-test/tests/block-list/06_block-list_checkremove_pos.py index db2c54104d..8d3bf08c42 100644 --- a/tools/xm-test/tests/block-list/06_block-list_checkremove_pos.py +++ b/tools/xm-test/tests/block-list/06_block-list_checkremove_pos.py @@ -22,39 +22,39 @@ if s != 0: if o: FAIL("block-list without devices reported something!") -block_attach(domain, "phy:/dev/ram0", "hda1") +block_attach(domain, "phy:/dev/ram0", "xvda1") s, o = traceCommand("xm block-list %s" % domain.getName()) if s != 0: FAIL("block-list failed") -if o.find("769") == -1: +if o.find("51713") == -1: FAIL("block-list didn't show the block device I just attached!") -block_attach(domain, "phy:/dev/ram1", "hda2") +block_attach(domain, "phy:/dev/ram1", "xvda2") s, o = traceCommand("xm block-list %s" % domain.getName()) if s != 0: FAIL("block-list failed") -if o.find("770") == -1: +if o.find("51714") == -1: FAIL("block-list didn't show the other block device I just attached!") -block_detach(domain, "hda1") +block_detach(domain, "xvda1") s, o = traceCommand("xm block-list %s" % domain.getName()) if s != 0: FAIL("block-list failed after detaching a device") -if o.find("769") != -1: - FAIL("hda1 still shown in block-list after detach!") -if o.find("770") == -1: - FAIL("hda2 not shown after detach of hda1!") +if o.find("51713") != -1: + FAIL("xvda1 still shown in block-list after detach!") +if o.find("51714") == -1: + FAIL("xvda2 not shown after detach of xvda1!") -block_detach(domain, "hda2") +block_detach(domain, "xvda2") s, o = traceCommand("xm block-list %s" % domain.getName()) if s != 0: FAIL("block-list failed after detaching another device") -if o.find("770") != -1: - FAIL("hda2 still shown in block-list after detach!") +if o.find("51714") != -1: + FAIL("xvda2 still shown in block-list after detach!") if o: FAIL("block-list still shows something after all devices detached!") diff --git a/tools/xm-test/tests/create/07_create_mem64_pos.py b/tools/xm-test/tests/create/07_create_mem64_pos.py index ae2f84adb1..1a27d55722 100644 --- a/tools/xm-test/tests/create/07_create_mem64_pos.py +++ b/tools/xm-test/tests/create/07_create_mem64_pos.py @@ -42,7 +42,7 @@ if eyecatcher1 != "True": FAIL("Failed to verify that a 64MB domain started") eyecatcher2 = getDomMem(domain_mem64.getName()) -if eyecatcher2 != 64: +if eyecatcher2 not in range(62, 65): FAIL("Started domain with 64MB, but it got %i MB" % eyecatcher2) #stop the domain (nice shutdown) diff --git a/tools/xm-test/tests/create/08_create_mem128_pos.py b/tools/xm-test/tests/create/08_create_mem128_pos.py index 0d50006b36..85d35173c7 100644 --- a/tools/xm-test/tests/create/08_create_mem128_pos.py +++ b/tools/xm-test/tests/create/08_create_mem128_pos.py @@ -42,7 +42,7 @@ if eyecatcher1 != "True": FAIL("Failed to verify that a 128MB domain started") eyecatcher2 = getDomMem(domain_mem128.getName()) -if eyecatcher2 != 128: +if eyecatcher2 not in range(126, 129): FAIL("Started domain with 128MB, but it got %i MB" % eyecatcher2) #stop the domain (nice shutdown) diff --git a/tools/xm-test/tests/create/09_create_mem256_pos.py b/tools/xm-test/tests/create/09_create_mem256_pos.py index c926d62de8..28db3dade2 100644 --- a/tools/xm-test/tests/create/09_create_mem256_pos.py +++ b/tools/xm-test/tests/create/09_create_mem256_pos.py @@ -42,7 +42,7 @@ if eyecatcher1 != "True": FAIL("Failed to verify that a 256MB domain started") eyecatcher2 = getDomMem(domain_mem256.getName()) -if eyecatcher2 != 256: +if eyecatcher2 not in range(254, 257): FAIL("Started domain with 256MB, but it got %i MB" % eyecatcher2) #stop the domain (nice shutdown) diff --git a/tools/xm-test/tests/create/11_create_concurrent_pos.py b/tools/xm-test/tests/create/11_create_concurrent_pos.py index ad5f297719..fd8f4dd3bf 100644 --- a/tools/xm-test/tests/create/11_create_concurrent_pos.py +++ b/tools/xm-test/tests/create/11_create_concurrent_pos.py @@ -16,7 +16,7 @@ else: MAX_DOMS = 50 MIN_DOMS = 5 -MEM_PER_DOM = 24 +MEM_PER_DOM = minSafeMem() domains = [] console = [] diff --git a/tools/xm-test/tests/create/12_create_concurrent_stress_pos.py b/tools/xm-test/tests/create/12_create_concurrent_stress_pos.py index 06b125083f..5235491d88 100644 --- a/tools/xm-test/tests/create/12_create_concurrent_stress_pos.py +++ b/tools/xm-test/tests/create/12_create_concurrent_stress_pos.py @@ -8,11 +8,18 @@ from XmTestLib import * import time DOMS=5 -MEM=32 +MEM=minSafeMem() DUR=60 domains = [] +free_mem = int(getInfo("free_memory")) +NUM_DOMS = int(free_mem / MEM) + +if NUM_DOMS < DOMS: + SKIP("Need %i MB of RAM to start %i@%iMB domains! (%i MB avail)" % + (DOMS * MEM, DOMS, MEM, free_mem)) + for i in range(0,DOMS): dom = XmTestDomain(extraConfig={"memory" : MEM}) diff --git a/tools/xm-test/tests/create/14_create_blockroot_pos.py b/tools/xm-test/tests/create/14_create_blockroot_pos.py index 58eeb2b9b3..79dd622b5a 100644 --- a/tools/xm-test/tests/create/14_create_blockroot_pos.py +++ b/tools/xm-test/tests/create/14_create_blockroot_pos.py @@ -18,17 +18,12 @@ rdpath = getRdPath() # print "Using %s" % output if ENABLE_HVM_SUPPORT: - domain = XmTestDomain(name="14_create_blockroot") + config = None else: - config = {"memory" : "64", - "root" : "/dev/hda1", - "name" : "14_create_blockroot", - "kernel" : getDefaultKernel(), + config = {"root" : "/dev/hda1", "disk" : "file:%s/initrd.img,hda1,w" % rdpath } - domConfig = XenConfig() - domConfig.setOpts(config) - domain = XenDomain(name=domConfig.getOpt("name"), config=domConfig) +domain = XmTestDomain(name="14_create_blockroot", extraConfig=config) try: console = domain.start() diff --git a/tools/xm-test/tests/create/15_create_smallmem_pos.py b/tools/xm-test/tests/create/15_create_smallmem_pos.py index faca03336b..d7797c6bd2 100644 --- a/tools/xm-test/tests/create/15_create_smallmem_pos.py +++ b/tools/xm-test/tests/create/15_create_smallmem_pos.py @@ -5,8 +5,8 @@ from XmTestLib import * -# 32MBs is the default lower limit for creating domains, it should work -MEM = 32 +# Create a domain with the minimum memory allocation +MEM = minSafeMem() domain = XmTestDomain(extraConfig={"memory": MEM, "extra" :"mem=%iM" % MEM}) diff --git a/tools/xm-test/tests/create/16_create_smallmem_neg.py b/tools/xm-test/tests/create/16_create_smallmem_neg.py index 9990add78c..6a3f417fe9 100644 --- a/tools/xm-test/tests/create/16_create_smallmem_neg.py +++ b/tools/xm-test/tests/create/16_create_smallmem_neg.py @@ -3,6 +3,7 @@ # Copyright (C) International Business Machines Corp., 2005 # Author: Dan Smith <danms@us.ibm.com> +import re from XmTestLib import * # This is under the default lower limit of 32 and we expect this test @@ -16,13 +17,14 @@ try: console = domain.start() console.runCmd("ls") except DomainError, e: - FAIL("Unable to start a domain with %i MB" % MEM) + if not re.search('^Error: Domain memory must be at least \d+ KB', e.extra): + # PPC gracefully fails like this, rather than crashing. + FAIL("Unable to start a domain with %i MB" % MEM) except ConsoleError, e: if e.reason == RUNAWAY: print "Domain with %i MB has runaway console as expected" % MEM - else: - print "Starting a domain with %i MB failed as expected" % MEM else: FAIL("Starting a console with %i MB passed, expected test to fail" % MEM) +print "Starting a domain with %i MB failed as expected" % MEM domain.destroy() diff --git a/tools/xm-test/tests/network-attach/04_network_attach_baddomain_neg.py b/tools/xm-test/tests/network-attach/04_network_attach_baddomain_neg.py index 838d66c32a..f69adb6e82 100644 --- a/tools/xm-test/tests/network-attach/04_network_attach_baddomain_neg.py +++ b/tools/xm-test/tests/network-attach/04_network_attach_baddomain_neg.py @@ -10,8 +10,6 @@ status, output = traceCommand("xm network-attach NOT-EXIST") eyecatcher = "Error" where = output.find(eyecatcher) if status == 0: - FAIL("xm block-attach returned bad status, expected non 0, status is: %i" % status ) + FAIL("xm network-attach returned bad status, expected non 0, status is: %i" % status ) elif where == -1: - FAIL("xm block-attach returned bad output, expected Error, output is: %s" % output ) - - + FAIL("xm network-attach returned bad output, expected Error, output is: %s" % output ) diff --git a/tools/xm-test/tests/security-acm/01_security-acm_basic.py b/tools/xm-test/tests/security-acm/01_security-acm_basic.py new file mode 100644 index 0000000000..6459bb9fd8 --- /dev/null +++ b/tools/xm-test/tests/security-acm/01_security-acm_basic.py @@ -0,0 +1,121 @@ +#!/usr/bin/python + +# Copyright (C) International Business Machines Corp., 2006 +# Author: Stefan Berger <stefanb@us.ibm.com> +# +# A couple of simple tests that test ACM security extensions +# for the xm tool. The following xm subcommands are tested: +# +# - makepolicy +# - labels +# - rmlabel +# - addlabel +# - getlabel +# - resources + +from XmTestLib import * +from xen.util import security +import commands +import os +import re + +testpolicy = "xm-test" +testlabel = "blue" +vmconfigfile = "/tmp/xm-test.conf" +testresource = "phy:ram0" + +if not isACMEnabled(): + SKIP("Not running this test since ACM not enabled.") + +status, output = traceCommand("xm makepolicy %s" % (testpolicy)) +if status != 0 or output != "": + FAIL("'xm makepolicy' failed with status %d and output\n%s" % + (status,output)); + +status, output = traceCommand("xm labels %s" % (testpolicy)) +if status != 0: + FAIL("'xm labels' failed with status %d.\n" % status) + +#Need to get a vm config file - just have it written to a file +domain = XmTestDomain() +domain.config.write(vmconfigfile) + +#Whatever label it might have - remove it +status, output = traceCommand("xm rmlabel dom %s" % + (vmconfigfile)) + +status, output = traceCommand("xm addlabel %s dom %s %s" % + (testlabel, vmconfigfile, testpolicy)) +if status != 0: + FAIL("'xm addlabel' failed with status %d.\n" % status) + +status, output = traceCommand("xm getlabel dom %s" % + (vmconfigfile)) + +if status != 0: + FAIL("'xm getlabel' failed with status %d, output:\n%s" % + (status, output)) +if output != "policy=%s,label=%s" % (testpolicy,testlabel): + FAIL("Received unexpected output from 'xm getlabel': \n%s" % + (output)) + + +status, output = traceCommand("xm rmlabel dom %s" % + (vmconfigfile)) + +if status != 0: + FAIL("'xm rmlabel' failed with status %d, output: \n%s" % + (status,output)) +if output != "": + FAIL("Received unexpected output from 'xm rmlabel': \n%s" % + (output)) + +status, output = traceCommand("xm getlabel dom %s" % + (vmconfigfile)) + +if output != "Error: 'Domain not labeled'": + FAIL("Received unexpected output from 'xm getlabel': \n%s" % + (output)) + +#Whatever label the resource might have, remove it +status, output = traceCommand("xm rmlabel res %s" % + (testresource)) + +status, output = traceCommand("xm addlabel %s res %s %s" % + (testlabel, testresource, testpolicy)) +if status != 0: + FAIL("'xm addlabel' on resource failed with status %d.\n" % status) + +status, output = traceCommand("xm getlabel res %s" % (testresource)) + +if status != 0: + FAIL("'xm getlabel' on resource failed with status %d, output:\n%s" % + (status, output)) +if output != "policy=%s,label=%s" % (testpolicy,testlabel): + FAIL("Received unexpected output from 'xm getlabel': \n%s" % + (output)) + +status, output = traceCommand("xm resources") + +if status != 0: + FAIL("'xm resources' did not run properly") +if not re.search(security.unify_resname(testresource), output): + FAIL("'xm resources' did not show the tested resource '%s'." % + testresource) + +status, output = traceCommand("xm rmlabel res %s" % + (testresource)) + +if status != 0: + FAIL("'xm rmlabel' on resource failed with status %d, output: \n%s" % + (status,output)) +if output != "": + FAIL("Received unexpected output from 'xm rmlabel': \n%s" % + (output)) + +status, output = traceCommand("xm getlabel res %s" % + (testresource)) + +if output != "Error: 'Resource not labeled'": + FAIL("Received unexpected output from 'xm getlabel': \n%s" % + (output)) diff --git a/tools/xm-test/tests/security-acm/02_security-acm_dom_start.py b/tools/xm-test/tests/security-acm/02_security-acm_dom_start.py new file mode 100644 index 0000000000..4aac09d2fc --- /dev/null +++ b/tools/xm-test/tests/security-acm/02_security-acm_dom_start.py @@ -0,0 +1,64 @@ +#!/usr/bin/python + +# Copyright (C) International Business Machines Corp., 2006 +# Author: Stefan Berger <stefanb@us.ibm.com> +# +# Simple test that starts two labeled domains; both domains should start +# +# The following xm subcommands are tested: +# - dumppolicy +# - labels + +from XmTestLib import * +from acm_utils import * +import commands +import os + +testlabel1 = "green" +testlabel2 = "red" + +status, output = traceCommand("xm labels") + +labels = ["SystemManagement", "blue", "red", "green"] +for l in labels: + if not re.search(l, output): + FAIL("Label '%s' not found in current policy!", l) + +status, output = traceCommand("xm dumppolicy") +if status != 0: + FAIL("'xm dumppolicy' returned an error code.") +lines = ["ssidref 0: 00 00 00 00", + "ssidref 1: 01 00 00 00", + "ssidref 2: 00 01 00 00", + "ssidref 3: 00 00 01 00", + "ssidref 4: 00 00 00 01"] +for l in lines: + if not re.search(l, output): + FAIL("Could not find '%s' in output of 'xm dumppolicy'" % l) + +config = {"access_control":"policy=%s,label=%s" % (testpolicy,testlabel1)} +verbose = True +domain1 = XmTestDomain(name="domain-%s" % testlabel1, + extraConfig=config) + +try: + domain1.start(noConsole=True) +except DomainError, e: + if verbose: + print e.extra + FAIL("Unable to start 1st labeled test domain.") + +config = {"access_control":"policy=%s,label=%s" % (testpolicy,testlabel2)} + +domain2 = XmTestDomain(name="domain-%s" % testlabel2, + extraConfig=config) + +try: + domain2.start(noConsole=True) +except DomainError, e: + if verbose: + print e.extra + FAIL("Unable to start 2nd labeled test domain.") + +domain2.destroy() +domain1.destroy() diff --git a/tools/xm-test/tests/security-acm/03_security-acm_dom_conflict.py b/tools/xm-test/tests/security-acm/03_security-acm_dom_conflict.py new file mode 100644 index 0000000000..4aef380de5 --- /dev/null +++ b/tools/xm-test/tests/security-acm/03_security-acm_dom_conflict.py @@ -0,0 +1,60 @@ +#!/usr/bin/python + +# Copyright (C) International Business Machines Corp., 2006 +# Author: Stefan Berger <stefanb@us.ibm.com> +# +# A test that exercises the conflict set of the chinese wall policy. +# Start a first domain and then a second one. The second one is +# expected NOT to be starteable. + +from XmTestLib import * +from acm_utils import * +import commands +import os + +testlabel1 = "blue" +testlabel2 = "red" + +config = {"access_control":"policy=%s,label=%s" % (testpolicy,testlabel1)} + +domain1 = XmTestDomain(name="domain-%s" % testlabel1, + extraConfig=config) + +try: + domain1.start(noConsole=True) +except DomainError, e: + if verbose: + print e.extra + FAIL("Unable to start 1st labeled test domain") + +# Verify with xm dry-run +status, output = traceCommand("xm dry-run /tmp/xm-test.conf | " + "grep -v \"Dry Run\"") +if status != 0: + FAIL("'xm dry-run' failed") +if not re.search("PERMITTED", output): + FAIL("'xm dry-run' did not succeed.") + +config = {"access_control":"policy=%s,label=%s" % (testpolicy,testlabel2)} + +domain2 = XmTestDomain(name="domain-%s" % testlabel2, + extraConfig=config) + +try: + domain2.start(noConsole=True) + # Should never get here! + FAIL("Could start a domain in a conflict set - " + "this should not be possible") +except DomainError, e: + #This is exactly what we want in this case + status = 0 + +# Verify with xm dry-run +status, output = traceCommand("xm dry-run /tmp/xm-test.conf | " + "grep -v \"Dry Run\"") +if status != 0: + FAIL("'xm dry-run' failed.") +if not re.search("PERMITTED", output): + FAIL("'xm dry-run' did not show that operation was permitted.") + +domain1.destroy() diff --git a/tools/xm-test/tests/security-acm/04_security-acm_dom_res.py b/tools/xm-test/tests/security-acm/04_security-acm_dom_res.py new file mode 100644 index 0000000000..367016339f --- /dev/null +++ b/tools/xm-test/tests/security-acm/04_security-acm_dom_res.py @@ -0,0 +1,69 @@ +#!/usr/bin/python + +# Copyright (C) International Business Machines Corp., 2006 +# Author: Stefan Berger <stefanb@us.ibm.com> +# +# Simple test that starts two labeled domains using labeled resources each +# + +from XmTestLib import * +from acm_utils import * +import commands +import os + +testlabel1 = "green" +resource1 = "phy:ram0" +testlabel2 = "red" +resource2 = "phy:/dev/ram1" + +config = {"access_control":"policy=%s,label=%s" % (testpolicy,testlabel1), + "disk" :"%s,hda1,w" % (resource1)} +domain1 = XmTestDomain(name="domain-%s" % testlabel1, + extraConfig=config) + +# Explicity label the resource +ACMLabelResource(resource1, testlabel1) + +try: + domain1.start(noConsole=True) +except DomainError, e: + if verbose: + print e.extra + FAIL("Unable to start 1st labeled test domain.") + +# Verify with xm dry-run +status, output = traceCommand("xm dry-run /tmp/xm-test.conf | " + "grep -v \"Dry Run\"") + +if status != 0: + FAIL("'xm dry-run' failed") +if not re.search("%s: PERMITTED" % resource1, output): + FAIL("'xm dry-run' did not succeed.") + +config = {"access_control":"policy=%s,label=%s" % (testpolicy,testlabel2), + "disk" :"%s,hda1,w" % (resource2)} + +domain2 = XmTestDomain(name="domain-%s" % testlabel2, + extraConfig=config) + +# Explicity label the resource +ACMLabelResource(resource2, testlabel2) + +try: + domain2.start(noConsole=True) +except DomainError, e: + if verbose: + print e.extra + FAIL("Unable to start 2nd labeled test domain.") + +# Verify with xm dry-run +status, output = traceCommand("xm dry-run /tmp/xm-test.conf | " + "grep -v \"Dry Run\"") + +if status != 0: + FAIL("'xm dry-run' failed") +if not re.search("%s: PERMITTED" % resource2, output): + FAIL("'xm dry-run' did not succeed.") + +domain2.destroy() +domain1.destroy() diff --git a/tools/xm-test/tests/security-acm/05_security-acm_dom_res_conf.py b/tools/xm-test/tests/security-acm/05_security-acm_dom_res_conf.py new file mode 100644 index 0000000000..89c6b5974c --- /dev/null +++ b/tools/xm-test/tests/security-acm/05_security-acm_dom_res_conf.py @@ -0,0 +1,38 @@ +#!/usr/bin/python + +# Copyright (C) International Business Machines Corp., 2006 +# Author: Stefan Berger <stefanb@us.ibm.com> +# +# A test that tries to start a domain using a resource that it is +# not supposed to be able to use due to its labeling + +from XmTestLib import * +from acm_utils import * +import commands +import os + +testlabel1 = "blue" +resource1 = "phy:ram0" + +config = {"access_control":"policy=%s,label=%s" % (testpolicy,testlabel1), + "disk" :"%s,hda1,w" % (resource1)} + +domain1 = XmTestDomain(name="domain-%s" % testlabel1, + extraConfig=config) + +ACMLabelResource(resource1,"red") + +try: + domain1.start(noConsole=True) + # Should never get here + FAIL("Could start domain with resource that it is not supposed to access.") +except DomainError, e: + #That's exactly what we want to have in this case + dummy = 0 + +# Verify via dry-run +status, output = traceCommand("xm dry-run /tmp/xm-test.conf | " + "grep -v \"Dry Run\"") +if not re.search("%s: DENIED" %resource1, output): + FAIL("'xm dry-run' did not show expected result that operation was NOT " + "permitted: \n%s" % output) diff --git a/tools/xm-test/tests/security-acm/06_security-acm_dom_block_attach.py b/tools/xm-test/tests/security-acm/06_security-acm_dom_block_attach.py new file mode 100644 index 0000000000..f3908f7820 --- /dev/null +++ b/tools/xm-test/tests/security-acm/06_security-acm_dom_block_attach.py @@ -0,0 +1,82 @@ +#!/usr/bin/python + +# Copyright (C) International Business Machines Corp., 2005 +# Author: Stefan Berger <stefanb@us.ibm.com> +# Based on block-create/01_block_attach_device_pos.py +# +# Create a domain and attach 2 resources to it. The first resource +# should be attacheable, the 2nd one should not be due to the label it has. + +import re +from XmTestLib import * +from XmTestLib import block_utils +from acm_utils import * + +testlabel1 = "blue" +resource1 = "phy:ram1" +resourcelabel1 = "blue" +resource2 = "phy:/dev/ram0" +resourcelabel2 = "red" + +if ENABLE_HVM_SUPPORT: + SKIP("Block-attach not supported for HVM domains") + +# Create a domain (default XmTestDomain, with our ramdisk) +config = {"access_control":"policy=%s,label=%s" % (testpolicy,testlabel1)} + +domain = XmTestDomain(extraConfig=config) + +try: + console = domain.start() +except DomainError, e: + FAIL(str(e)) + +# Attach a console to it +try: + console.setHistorySaveCmds(value=True) + # Run 'ls' + run = console.runCmd("ls") +except ConsoleError, e: + saveLog(console.getHistory()) + FAIL(str(e)) + + +# Explicitly label the 1st resource +ACMLabelResource(resource1, resourcelabel1) +block_utils.block_attach(domain, resource1, "sdb1") + +try: + run1 = console.runCmd("cat /proc/partitions") +except ConsoleError, e: + FAIL(str(e)) + +#Explicitly label the 2nd resource +ACMLabelResource(resource2, resourcelabel2) +#Cannot call block_attach here since we legally may fail the command +status, output = traceCommand("xm block-attach %s %s %s w" % + (domain.getName(), resource2, "sdb2" )) + +for i in range(10): + if block_utils.get_state(domain, "sdb2") == 4: + break + time.sleep(1) + +try: + run2 = console.runCmd("cat /proc/partitions") +except ConsoleError, e: + FAIL(str(e)) + +# Close the console +domain.closeConsole() + +# Stop the domain (nice shutdown) +domain.stop() + +if not re.search("sdb1",run1["output"]): + FAIL("Labeled device 'sdb1' is not actually connected to the domU") + +if not re.search("sdb1",run2["output"]): + FAIL("Labeled device 'sdb1' has disappeared?!") + +if re.search("sdb2",run2["output"]): + FAIL("Labeled device 'sdb2' is connected to the domU but should not be") diff --git a/tools/xm-test/tests/security-acm/Makefile.am b/tools/xm-test/tests/security-acm/Makefile.am new file mode 100644 index 0000000000..7b691712f2 --- /dev/null +++ b/tools/xm-test/tests/security-acm/Makefile.am @@ -0,0 +1,28 @@ +SUBDIRS = + +TESTS = 01_security-acm_basic.test \ + 02_security-acm_dom_start.test \ + 03_security-acm_dom_conflict.test \ + 04_security-acm_dom_res.test \ + 05_security-acm_dom_res_conf.test \ + 06_security-acm_dom_block_attach.test + +XFAIL_TESTS = + +EXTRA_DIST = $(TESTS) $(XFAIL_TESTS) acm_utils.py +TESTS_ENVIRONMENT=@TENV@ + +%.test: %.py + cp $< $@ + chmod +x $@ + @if [ -d /etc/xen/acm-security/policies ]; then \ + cp -f xm-test-security_policy.xml \ + /etc/xen/acm-security/policies; \ + fi; + +clean-local: am_config_clean-local + +am_config_clean-local: + rm -f *test + rm -f *log + rm -f *~ diff --git a/tools/xm-test/tests/security-acm/acm_utils.py b/tools/xm-test/tests/security-acm/acm_utils.py new file mode 100644 index 0000000000..29608a38a4 --- /dev/null +++ b/tools/xm-test/tests/security-acm/acm_utils.py @@ -0,0 +1,15 @@ +#!/usr/bin/python + +# Copyright (C) International Business Machines Corp., 2006 +# Author: Stefan Berger <stefanb@us.ibm.com> + +from XmTestLib import * +from XmTestLib.acm import * + +testpolicy = "xm-test" +vmconfigfile = "/tmp/xm-test.conf" + +if not isACMEnabled(): + SKIP("Not running this test since ACM not enabled.") + +ACMLoadPolicy(testpolicy) diff --git a/tools/xm-test/tests/security-acm/xm-test-security_policy.xml b/tools/xm-test/tests/security-acm/xm-test-security_policy.xml new file mode 100644 index 0000000000..b1736dbdf2 --- /dev/null +++ b/tools/xm-test/tests/security-acm/xm-test-security_policy.xml @@ -0,0 +1,110 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- Auto-generated by ezPolicy --> +<SecurityPolicyDefinition xmlns="http://www.ibm.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.ibm.com ../../security_policy.xsd "> + <PolicyHeader> + <PolicyName>xm-test</PolicyName> + <Date>Fri Sep 29 14:44:38 2006</Date> + </PolicyHeader> + + <SimpleTypeEnforcement> + <SimpleTypeEnforcementTypes> + <Type>SystemManagement</Type> + <Type>green</Type> + <Type>red</Type> + <Type>blue</Type> + </SimpleTypeEnforcementTypes> + </SimpleTypeEnforcement> + + <ChineseWall priority="PrimaryPolicyComponent"> + <ChineseWallTypes> + <Type>SystemManagement</Type> + <Type>green</Type> + <Type>red</Type> + <Type>blue</Type> + </ChineseWallTypes> + + <ConflictSets> + <Conflict name="RER"> + <Type>blue</Type> + <Type>red</Type> + </Conflict> + </ConflictSets> + </ChineseWall> + + <SecurityLabelTemplate> + <SubjectLabels bootstrap="SystemManagement"> + <VirtualMachineLabel> + <Name>SystemManagement</Name> + <SimpleTypeEnforcementTypes> + <Type>SystemManagement</Type> + <Type>green</Type> + <Type>red</Type> + <Type>blue</Type> + </SimpleTypeEnforcementTypes> + <ChineseWallTypes> + <Type>SystemManagement</Type> + </ChineseWallTypes> + </VirtualMachineLabel> + + <VirtualMachineLabel> + <Name>green</Name> + <SimpleTypeEnforcementTypes> + <Type>green</Type> + </SimpleTypeEnforcementTypes> + <ChineseWallTypes> + <Type>green</Type> + </ChineseWallTypes> + </VirtualMachineLabel> + + <VirtualMachineLabel> + <Name>red</Name> + <SimpleTypeEnforcementTypes> + <Type>red</Type> + </SimpleTypeEnforcementTypes> + <ChineseWallTypes> + <Type>red</Type> + </ChineseWallTypes> + </VirtualMachineLabel> + + <VirtualMachineLabel> + <Name>blue</Name> + <SimpleTypeEnforcementTypes> + <Type>blue</Type> + </SimpleTypeEnforcementTypes> + <ChineseWallTypes> + <Type>blue</Type> + </ChineseWallTypes> + </VirtualMachineLabel> + </SubjectLabels> + + <ObjectLabels> + <ResourceLabel> + <Name>SystemManagement</Name> + <SimpleTypeEnforcementTypes> + <Type>SystemManagement</Type> + </SimpleTypeEnforcementTypes> + </ResourceLabel> + + <ResourceLabel> + <Name>green</Name> + <SimpleTypeEnforcementTypes> + <Type>green</Type> + </SimpleTypeEnforcementTypes> + </ResourceLabel> + + <ResourceLabel> + <Name>red</Name> + <SimpleTypeEnforcementTypes> + <Type>red</Type> + </SimpleTypeEnforcementTypes> + </ResourceLabel> + + <ResourceLabel> + <Name>blue</Name> + <SimpleTypeEnforcementTypes> + <Type>blue</Type> + </SimpleTypeEnforcementTypes> + </ResourceLabel> + </ObjectLabels> + </SecurityLabelTemplate> +</SecurityPolicyDefinition> diff --git a/tools/xm-test/tests/vtpm/06_vtpm-susp_res_pcrs.py b/tools/xm-test/tests/vtpm/06_vtpm-susp_res_pcrs.py index 9ac1ef5a9c..42661b83d8 100644 --- a/tools/xm-test/tests/vtpm/06_vtpm-susp_res_pcrs.py +++ b/tools/xm-test/tests/vtpm/06_vtpm-susp_res_pcrs.py @@ -42,7 +42,7 @@ except ConsoleError, e: FAIL("Error while creating /dev/tpm0") try: - run = console.runCmd("echo -ne \"\\x00\\xc1\\x00\\x00\\x00\\x22\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x01\\x02\\x03\\x04\\x05\\x06\\x07\\x08\\x09\\x0a\\x0b\\x0c\\x0d\\x0e\\0xf\\x10\\x11\\x12\\x13\\x14\" > /dev/tpm0") + run = console.runCmd("echo -ne \"\\x00\\xc1\\x00\\x00\\x00\\x22\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x01\\x02\\x03\\x04\\x05\\x06\\x07\\x08\\x09\\x0a\\x0b\\x0c\\x0d\\x0e\\0xf\\x10\\x11\\x12\\x13\\x14\" > seq; cat seq > /dev/tpm0") except ConsoleError, e: saveLog(console.getHistory()) vtpm_cleanup(domName) diff --git a/tools/xm-test/tests/vtpm/07_vtpm-mig_pcrs.py b/tools/xm-test/tests/vtpm/07_vtpm-mig_pcrs.py index f8c437c9f9..f86e050519 100644 --- a/tools/xm-test/tests/vtpm/07_vtpm-mig_pcrs.py +++ b/tools/xm-test/tests/vtpm/07_vtpm-mig_pcrs.py @@ -43,7 +43,7 @@ except ConsoleError, e: FAIL("Error while creating /dev/tpm0") try: - run = console.runCmd("echo -ne \"\\x00\\xc1\\x00\\x00\\x00\\x22\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x01\\x02\\x03\\x04\\x05\\x06\\x07\\x08\\x09\\x0a\\x0b\\x0c\\x0d\\x0e\\0xf\\x10\\x11\\x12\\x13\\x14\" > /dev/tpm0") + run = console.runCmd("echo -ne \"\\x00\\xc1\\x00\\x00\\x00\\x22\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x01\\x02\\x03\\x04\\x05\\x06\\x07\\x08\\x09\\x0a\\x0b\\x0c\\x0d\\x0e\\0xf\\x10\\x11\\x12\\x13\\x14\" > seq; cat seq > /dev/tpm0") except ConsoleError, e: saveLog(console.getHistory()) vtpm_cleanup(domName) diff --git a/tools/xm-test/tests/vtpm/08_vtpm-mig_pcrs.py b/tools/xm-test/tests/vtpm/08_vtpm-mig_pcrs.py index 5872e5a7d4..f1b460c0e2 100644 --- a/tools/xm-test/tests/vtpm/08_vtpm-mig_pcrs.py +++ b/tools/xm-test/tests/vtpm/08_vtpm-mig_pcrs.py @@ -43,7 +43,7 @@ except ConsoleError, e: FAIL("Error while creating /dev/tpm0") try: - run = console.runCmd("echo -ne \"\\x00\\xc1\\x00\\x00\\x00\\x22\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x01\\x02\\x03\\x04\\x05\\x06\\x07\\x08\\x09\\x0a\\x0b\\x0c\\x0d\\x0e\\0xf\\x10\\x11\\x12\\x13\\x14\" > /dev/tpm0") + run = console.runCmd("echo -ne \"\\x00\\xc1\\x00\\x00\\x00\\x22\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x01\\x02\\x03\\x04\\x05\\x06\\x07\\x08\\x09\\x0a\\x0b\\x0c\\x0d\\x0e\\0xf\\x10\\x11\\x12\\x13\\x14\" > seq; cat seq > /dev/tpm0") except ConsoleError, e: saveLog(console.getHistory()) vtpm_cleanup(domName) diff --git a/tools/xm-test/tests/vtpm/vtpm_utils.py b/tools/xm-test/tests/vtpm/vtpm_utils.py index 01a60f90c6..0af46574c9 100644 --- a/tools/xm-test/tests/vtpm/vtpm_utils.py +++ b/tools/xm-test/tests/vtpm/vtpm_utils.py @@ -8,12 +8,10 @@ from XmTestLib import * if ENABLE_HVM_SUPPORT: SKIP("vtpm tests not supported for HVM domains") -if not os.path.exists("/dev/tpm0"): - SKIP("This machine has no hardware TPM; cannot run this test") - status, output = traceCommand("ps aux | grep vtpm_manager | grep -v grep") if output == "": - FAIL("virtual TPM manager must be started to run this test") + SKIP("virtual TPM manager must be started to run this test; might " + "need /dev/tpm0") def vtpm_cleanup(domName): traceCommand("/etc/xen/scripts/vtpm-delete %s" % domName) |