Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clean up seccomp tests #4945

Merged
merged 5 commits into from
Dec 11, 2024
Merged

Clean up seccomp tests #4945

merged 5 commits into from
Dec 11, 2024
+405 −307

Conversation

pb8o
Copy link
Contributor

@pb8o pb8o commented Dec 5, 2024
edited
Loading

Changes

While looking at seccomp and associated tests, I noticed they were a bit verbose. Refactored to make them simpler.

Also reflect one seccompiler deprecation and move pylint config to a pyproject.toml.

Reason

...

License Acceptance

By submitting this pull request, I confirm that my contribution is made under
the terms of the Apache 2.0 license. For more information on following Developer
Certificate of Origin and signing off your commits, please check
CONTRIBUTING.md.

PR Checklist

  • I have read and understand CONTRIBUTING.md.
  • I have run tools/devtool checkstyle to verify that the PR passes the
    automated style checks.
  • I have described what is done in these changes, why they are needed, and
    how they are solving the problem in a clear and encompassing way.
  • I have updated any relevant documentation (both in code and in the docs)
    in the PR.
  • I have mentioned all user-facing changes in CHANGELOG.md.
  • If a specific issue led to this PR, this PR closes the issue.
  • When making API changes, I have followed the
    Runbook for Firecracker API changes.
  • I have tested all new and changed functionalities in unit tests and/or
    integration tests.
  • I have linked an issue to every new TODO.
  • This functionality cannot be added in rust-vmm.

@pb8o pb8o added Priority: Low Indicates that an issue or pull request should be resolved behind issues or pull requests labelled ` Status: Awaiting author Indicates that an issue or pull request requires author action python Pull requests that update Python code labels Dec 5, 2024
@pb8o pb8o self-assigned this Dec 5, 2024
@codecov Codecov
Copy link

codecov bot commented Dec 5, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 83.98%. Comparing base (c8fa501) to head (350e04c).
Report is 5 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #4945   +/-   ##
=======================================
  Coverage   83.98%   83.98%           
=======================================
  Files         251      251           
  Lines       27889    27889           
=======================================
  Hits        23422    23422           
  Misses       4467     4467
Flag Coverage Δ
5.10-c5n.metal 84.55% <ø> (ø)
5.10-m5n.metal 84.53% <ø> (ø)
5.10-m6a.metal 83.82% <ø> (?)
5.10-m6g.metal 80.68% <ø> (ø)
5.10-m6i.metal 84.52% <ø> (ø)
5.10-m7g.metal 80.68% <ø> (ø)
6.1-c5n.metal 84.55% <ø> (+<0.01%) ⬆️
6.1-m5n.metal 84.53% <ø> (ø)
6.1-m6a.metal 83.82% <ø> (-0.01%) ⬇️
6.1-m6g.metal 80.68% <ø> (+<0.01%) ⬆️
6.1-m6i.metal 84.52% <ø> (ø)
6.1-m7g.metal 80.67% <ø> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@pb8o pb8o added Status: Awaiting review Indicates that a pull request is ready to be reviewed and removed Status: Awaiting author Indicates that an issue or pull request requires author action labels Dec 5, 2024
kalyazin
kalyazin reviewed Dec 5, 2024
View reviewed changes
tests/pyproject.toml Outdated Show resolved Hide resolved
@pb8o pb8o force-pushed the test-seccomp branch 2 times, most recently from 078346a to 10613c8 Compare December 6, 2024 09:15
roypat
roypat previously approved these changes Dec 6, 2024
View reviewed changes
tests/integration_tests/security/test_custom_seccomp.py Show resolved Hide resolved
DEPRECATED.md Outdated Show resolved Hide resolved
@pb8o pb8o force-pushed the test-seccomp branch 2 times, most recently from ab52ac7 to a65d8ad Compare December 6, 2024 10:32
pb8o added 3 commits December 11, 2024 13:45
@pb8o
tests: move pylint config to pyproject.toml
69ee132 
It makes it easier to configure pylint

Signed-off-by: Pablo Barbáchano <[email protected]>
@pb8o
style: disable pylint too-few-public-methods
deeb487 
I think this lint is not useful, and makes writing small classes more
difficult than it needs to be.

Signed-off-by: Pablo Barbáchano <[email protected]>
@pb8o
tests: cleanup test_seccomp
9a492fa 
- convert inline JSON to dicts
- use pytest temporary files instead of tempfile
- create a seccompiler fixture to make running it easy

Signed-off-by: Pablo Barbáchano <[email protected]>
@pb8o pb8o added Priority: Medium Indicates than an issue or pull request should be resolved ahead of issues or pull requests labelled and removed Priority: Low Indicates that an issue or pull request should be resolved behind issues or pull requests labelled ` labels Dec 11, 2024
@pb8o
docs: reflect that seccompiler --basic filters are deprecated
5104188 
seccompiler --basic filters are deprecated

Signed-off-by: Pablo Barbáchano <[email protected]>
@pb8o pb8o force-pushed the test-seccomp branch 2 times, most recently from 9b15435 to 631fd04 Compare December 11, 2024 12:56
@pb8o
tests: add test to validate seccomp filters
350e04c 
Add a test to validate that a seccomp filter works as defined in the
JSON description.

To do this we use a simple C program that just loads a given seccomp
filter and calls a syscall also given in the arguments.

Signed-off-by: Pablo Barbáchano <[email protected]>
roypat
roypat approved these changes Dec 11, 2024
View reviewed changes
tests/host_tools/test_syscalls.c Show resolved Hide resolved
@pb8o pb8o merged commit 979cf1b into firecracker-microvm:main Dec 11, 2024
7 checks passed
@pb8o pb8o deleted the test-seccomp branch December 11, 2024 18:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@roypat roypat roypat approved these changes

@kalyazin kalyazin kalyazin approved these changes

@xmarcalx xmarcalx Awaiting requested review from xmarcalx xmarcalx is a code owner

@Manciukic Manciukic Awaiting requested review from Manciukic Manciukic is a code owner

Assignees

@pb8o pb8o

Labels
Priority: Medium Indicates than an issue or pull request should be resolved ahead of issues or pull requests labelled python Pull requests that update Python code Status: Awaiting review Indicates that a pull request is ready to be reviewed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pb8o @kalyazin @roypat