tests: replace panic with t.Fatal, upgrade to latest base image for vmtests and fix enforcer tests

contrib/tester-progs/direct-write-tester.c

@@ -1,6 +1,7 @@
 // SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
 // Copyright Authors of Tetragon
 
+#define _GNU_SOURCE
 #include <fcntl.h>
 #include <sys/syscall.h>
 #include <unistd.h>
@@ -10,7 +11,6 @@
 #include <stdio.h>
 
 #define BLOCKSIZE 4096
-#define O_DIRECT  00040000
 
 int main(int argc, char **argv)
 {

pkg/sensors/manager_test.go

@@ -46,7 +46,7 @@ func TestAddPolicy(t *testing.T) {
 	assert.NoError(t, err)
 	t.Cleanup(func() {
 		if err := mgr.StopSensorManager(ctx); err != nil {
-			panic("failed to stop sensor manager")
+			t.Fatal("failed to stop sensor manager")
 		}
 	})
 	policy.ObjectMeta.Name = "test-policy"
@@ -74,7 +74,7 @@ func TestAddPolicies(t *testing.T) {
 	assert.NoError(t, err)
 	t.Cleanup(func() {
 		if err := mgr.StopSensorManager(ctx); err != nil {
-			panic("failed to stop sensor manager")
+			t.Fatal("failed to stop sensor manager")
 		}
 	})
 	policy.ObjectMeta.Name = "test-policy"
@@ -105,7 +105,7 @@ func TestAddPolicySpecError(t *testing.T) {
 	assert.NoError(t, err)
 	t.Cleanup(func() {
 		if err := mgr.StopSensorManager(ctx); err != nil {
-			panic("failed to stop sensor manager")
+			t.Fatal("failed to stop sensor manager")
 		}
 	})
 	policy.ObjectMeta.Name = "test-policy"
@@ -137,7 +137,7 @@ func TestAddPolicyLoadError(t *testing.T) {
 	assert.NoError(t, err)
 	t.Cleanup(func() {
 		if err := mgr.StopSensorManager(ctx); err != nil {
-			panic("failed to stop sensor manager")
+			t.Fatal("failed to stop sensor manager")
 		}
 	})
 	policy.ObjectMeta.Name = "test-policy"
@@ -214,7 +214,7 @@ func TestPolicyStates(t *testing.T) {
 		require.NoError(t, err)
 		t.Cleanup(func() {
 			if err := mgr.StopSensorManager(ctx); err != nil {
-				panic("failed to stop sensor manager")
+				t.Fatal("failed to stop sensor manager")
 			}
 		})
 		policy.ObjectMeta.Name = "test-policy"
@@ -239,7 +239,7 @@ func TestPolicyStates(t *testing.T) {
 		require.NoError(t, err)
 		t.Cleanup(func() {
 			if err := mgr.StopSensorManager(ctx); err != nil {
-				panic("failed to stop sensor manager")
+				t.Fatal("failed to stop sensor manager")
 			}
 		})
 		policy.ObjectMeta.Name = "test-policy"
@@ -279,7 +279,7 @@ func TestPolicyLoadErrorOverride(t *testing.T) {
 	require.NoError(t, err)
 	t.Cleanup(func() {
 		if err := mgr.StopSensorManager(ctx); err != nil {
-			panic("failed to stop sensor manager")
+			t.Fatal("failed to stop sensor manager")
 		}
 	})
 	policy.ObjectMeta.Name = "test-policy"
@@ -318,7 +318,7 @@ func TestPolicyListingWhileLoadUnload(t *testing.T) {
 	require.NoError(t, err)
 	t.Cleanup(func() {
 		if err := mgr.StopSensorManager(ctx); err != nil {
-			panic("failed to stop sensor manager")
+			t.Fatal("failed to stop sensor manager")
 		}
 	})
 

pkg/sensors/tracing/enforcer_test.go

@@ -296,6 +296,22 @@ func testSecurity(t *testing.T, tracingPolicy, tempFile string) {
 	}
 }
 
+func enforcerSecurityTempFile(t *testing.T) string {
+	// We can't use t.TempDir as it writes into /tmp by default.
+	// The direct-write-tester.c program opens and writes using the O_DIRECT
+	// flag that is unsupported and return EINVAL on tmpfs, while it works on a
+	// disk based fs. Recently, the base image used by vmtests started to switch
+	// /tmp from the disk to tmpfs which made that test fail.
+	tempFile, err := os.CreateTemp("/var/tmp", "tetragon-testfile-*")
+	if err != nil {
+		t.Fatalf("failed to create temporary file for tester prog: %s", err)
+	}
+	t.Cleanup(func() {
+		os.Remove(tempFile.Name())
+	})
+	return tempFile.Name()
+}
+
 // Testing the ability to kill the process before it executes the syscall,
 // in this case direct pwrite syscall.
 // Standard Sigkill action kills executed from sys_pwrite probe kills the
@@ -325,7 +341,7 @@ func TestEnforcerSecuritySigKill(t *testing.T) {
 		t.Skip("Older kernels do not support matchArgs for more than one arguments")
 	}
 
-	tempFile := t.TempDir() + "/test"
+	tempFile := enforcerSecurityTempFile(t)
 
 	tracingPolicy := `
 apiVersion: cilium.io/v1alpha1
@@ -412,7 +428,7 @@ func TestEnforcerSecurityNotifyEnforcer(t *testing.T) {
 		t.Skip("Older kernels do not support matchArgs for more than one arguments")
 	}
 
-	tempFile := t.TempDir() + "/test"
+	tempFile := enforcerSecurityTempFile(t)
 
 	tracingPolicy := `
 apiVersion: cilium.io/v1alpha1

pkg/sensors/tracing/generickprobe_test.go

@@ -127,7 +127,7 @@ func Test_Kprobe_DisableEnablePolicy(t *testing.T) {
 	assert.NoError(t, err)
 	t.Cleanup(func() {
 		if err := mgr.StopSensorManager(ctx); err != nil {
-			panic("failed to stop sensor manager")
+			t.Fatal("failed to stop sensor manager")
 		}
 	})
 

pkg/sensors/tracing/kprobe_test.go

@@ -5845,14 +5845,14 @@ spec:
 	socket, err := net.Dial("udp", "127.0.0.1:9468")
 	if err != nil {
 		fmt.Printf("ERROR dialing socket\n")
-		panic(err)
+		t.Fatal(err)
 	}
 
 	for i := 0; i < 5; i++ {
 		_, err := socket.Write([]byte("data"))
 		if err != nil {
 			fmt.Printf("ERROR writing to socket\n")
-			panic(err)
+			t.Fatal(err)
 		}
 	}
 

tests/vmtests/fetch-data.sh

@@ -4,7 +4,7 @@ set -eu -o pipefail
 
 
 OCIORG=quay.io/lvh-images
-ROOTIMG=$OCIORG/root-images:20240415.162748@sha256:2637beacabbb48e2ee89a8f296a123142257ae10616308f81e7210ac85b92789
+ROOTIMG=$OCIORG/root-images:20240717.161638@sha256:62a9890111ab39749792fda4f59c8f736fa350ecaedb0667e3eecbbe790d82ed
 KERNIMG=$OCIORG/kernel-images
 CONTAINER_ENGINE=${CONTAINER_ENGINE:-docker}
 KERNEL_VERS="$@"