diff --git a/contrib/tester-progs/direct-write-tester.c b/contrib/tester-progs/direct-write-tester.c index 5a2cf50d034..7b8c5388e97 100644 --- a/contrib/tester-progs/direct-write-tester.c +++ b/contrib/tester-progs/direct-write-tester.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) // Copyright Authors of Tetragon +#define _GNU_SOURCE #include #include #include @@ -10,7 +11,6 @@ #include #define BLOCKSIZE 4096 -#define O_DIRECT 00040000 int main(int argc, char **argv) { diff --git a/pkg/sensors/manager_test.go b/pkg/sensors/manager_test.go index ba1a63fde27..646716ba798 100644 --- a/pkg/sensors/manager_test.go +++ b/pkg/sensors/manager_test.go @@ -46,7 +46,7 @@ func TestAddPolicy(t *testing.T) { assert.NoError(t, err) t.Cleanup(func() { if err := mgr.StopSensorManager(ctx); err != nil { - panic("failed to stop sensor manager") + t.Fatal("failed to stop sensor manager") } }) policy.ObjectMeta.Name = "test-policy" @@ -74,7 +74,7 @@ func TestAddPolicies(t *testing.T) { assert.NoError(t, err) t.Cleanup(func() { if err := mgr.StopSensorManager(ctx); err != nil { - panic("failed to stop sensor manager") + t.Fatal("failed to stop sensor manager") } }) policy.ObjectMeta.Name = "test-policy" @@ -105,7 +105,7 @@ func TestAddPolicySpecError(t *testing.T) { assert.NoError(t, err) t.Cleanup(func() { if err := mgr.StopSensorManager(ctx); err != nil { - panic("failed to stop sensor manager") + t.Fatal("failed to stop sensor manager") } }) policy.ObjectMeta.Name = "test-policy" @@ -137,7 +137,7 @@ func TestAddPolicyLoadError(t *testing.T) { assert.NoError(t, err) t.Cleanup(func() { if err := mgr.StopSensorManager(ctx); err != nil { - panic("failed to stop sensor manager") + t.Fatal("failed to stop sensor manager") } }) policy.ObjectMeta.Name = "test-policy" @@ -214,7 +214,7 @@ func TestPolicyStates(t *testing.T) { require.NoError(t, err) t.Cleanup(func() { if err := mgr.StopSensorManager(ctx); err != nil { - panic("failed to stop sensor manager") + t.Fatal("failed to stop sensor manager") } }) policy.ObjectMeta.Name = "test-policy" @@ -239,7 +239,7 @@ func TestPolicyStates(t *testing.T) { require.NoError(t, err) t.Cleanup(func() { if err := mgr.StopSensorManager(ctx); err != nil { - panic("failed to stop sensor manager") + t.Fatal("failed to stop sensor manager") } }) policy.ObjectMeta.Name = "test-policy" @@ -279,7 +279,7 @@ func TestPolicyLoadErrorOverride(t *testing.T) { require.NoError(t, err) t.Cleanup(func() { if err := mgr.StopSensorManager(ctx); err != nil { - panic("failed to stop sensor manager") + t.Fatal("failed to stop sensor manager") } }) policy.ObjectMeta.Name = "test-policy" @@ -318,7 +318,7 @@ func TestPolicyListingWhileLoadUnload(t *testing.T) { require.NoError(t, err) t.Cleanup(func() { if err := mgr.StopSensorManager(ctx); err != nil { - panic("failed to stop sensor manager") + t.Fatal("failed to stop sensor manager") } }) diff --git a/pkg/sensors/tracing/enforcer_test.go b/pkg/sensors/tracing/enforcer_test.go index 58002e3466d..bc16ad8bdd2 100644 --- a/pkg/sensors/tracing/enforcer_test.go +++ b/pkg/sensors/tracing/enforcer_test.go @@ -296,6 +296,22 @@ func testSecurity(t *testing.T, tracingPolicy, tempFile string) { } } +func enforcerSecurityTempFile(t *testing.T) string { + // We can't use t.TempDir as it writes into /tmp by default. + // The direct-write-tester.c program opens and writes using the O_DIRECT + // flag that is unsupported and return EINVAL on tmpfs, while it works on a + // disk based fs. Recently, the base image used by vmtests started to switch + // /tmp from the disk to tmpfs which made that test fail. + tempFile, err := os.CreateTemp("/var/tmp", "tetragon-testfile-*") + if err != nil { + t.Fatalf("failed to create temporary file for tester prog: %s", err) + } + t.Cleanup(func() { + os.Remove(tempFile.Name()) + }) + return tempFile.Name() +} + // Testing the ability to kill the process before it executes the syscall, // in this case direct pwrite syscall. // Standard Sigkill action kills executed from sys_pwrite probe kills the @@ -325,7 +341,7 @@ func TestEnforcerSecuritySigKill(t *testing.T) { t.Skip("Older kernels do not support matchArgs for more than one arguments") } - tempFile := t.TempDir() + "/test" + tempFile := enforcerSecurityTempFile(t) tracingPolicy := ` apiVersion: cilium.io/v1alpha1 @@ -412,7 +428,7 @@ func TestEnforcerSecurityNotifyEnforcer(t *testing.T) { t.Skip("Older kernels do not support matchArgs for more than one arguments") } - tempFile := t.TempDir() + "/test" + tempFile := enforcerSecurityTempFile(t) tracingPolicy := ` apiVersion: cilium.io/v1alpha1 diff --git a/pkg/sensors/tracing/generickprobe_test.go b/pkg/sensors/tracing/generickprobe_test.go index 2da2b610f1f..f65a302186b 100644 --- a/pkg/sensors/tracing/generickprobe_test.go +++ b/pkg/sensors/tracing/generickprobe_test.go @@ -127,7 +127,7 @@ func Test_Kprobe_DisableEnablePolicy(t *testing.T) { assert.NoError(t, err) t.Cleanup(func() { if err := mgr.StopSensorManager(ctx); err != nil { - panic("failed to stop sensor manager") + t.Fatal("failed to stop sensor manager") } }) diff --git a/pkg/sensors/tracing/kprobe_test.go b/pkg/sensors/tracing/kprobe_test.go index 3a0c007cbf3..5ecc0d2902b 100644 --- a/pkg/sensors/tracing/kprobe_test.go +++ b/pkg/sensors/tracing/kprobe_test.go @@ -5844,15 +5844,13 @@ spec: // Generate 5 datagrams socket, err := net.Dial("udp", "127.0.0.1:9468") if err != nil { - fmt.Printf("ERROR dialing socket\n") - panic(err) + t.Fatalf("failed dialing socket: %s", err) } for i := 0; i < 5; i++ { _, err := socket.Write([]byte("data")) if err != nil { - fmt.Printf("ERROR writing to socket\n") - panic(err) + t.Fatalf("failed writing to socket: %s", err) } } diff --git a/tests/vmtests/fetch-data.sh b/tests/vmtests/fetch-data.sh index 6a9ae147d4b..0232784a25a 100755 --- a/tests/vmtests/fetch-data.sh +++ b/tests/vmtests/fetch-data.sh @@ -4,7 +4,7 @@ set -eu -o pipefail OCIORG=quay.io/lvh-images -ROOTIMG=$OCIORG/root-images:20240415.162748@sha256:2637beacabbb48e2ee89a8f296a123142257ae10616308f81e7210ac85b92789 +ROOTIMG=$OCIORG/root-images:20240717.161638@sha256:62a9890111ab39749792fda4f59c8f736fa350ecaedb0667e3eecbbe790d82ed KERNIMG=$OCIORG/kernel-images CONTAINER_ENGINE=${CONTAINER_ENGINE:-docker} KERNEL_VERS="$@"