Feature #8889

Automatically test that Tor runs with Seccomp enabled

Added by intrigeri 2015-02-11 11:46:04 . Updated 2015-02-24 22:52:40 .

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Test suite
Target version:
Tails_1.3
Start date:
2015-02-11
Due date:
% Done:

100%

Feature Branch:
kytv:test/8889-tor-seccomp
Type of work:
Code
Blueprint:

Starter:
Affected tool:
Deliverable for:

Description

Unless the user has chosen advanced Tor configuration in the Greeter, thanks to Bug #8174 Tor should run in seccomp “filter” mode. That is, the Seccomp entry in /proc/$(pidof tor)/status should have the value “2”. We should test that automatically, in order to identify regressions in this area.

Reference: http://man7.org/linux/man-pages/man5/proc.5.html

Subtasks

Related issues

Blocked by Tails - Bug #8174: Build Tor with seccomp Resolved 2014-10-26

History

#1 Updated by intrigeri 2015-02-11 11:46:34

  • Description updated

#2 Updated by intrigeri 2015-02-11 11:46:54

  • blocked by Bug #8174: Build Tor with seccomp added

#3 Updated by kytv 2015-02-11 18:39:49

  • Status changed from Confirmed to In Progress
  • Assignee changed from kytv to anonym
  • % Done changed from 0 to 50
  • QA Check set to Ready for QA
  • Feature Branch set to kytv:test/8889-tor-seccomp

With an ISO built from the devel branch a few days ago:

call returned: [0, "", ""]
    And Tor is ready                                                     # features/step_definitions/common_steps.rb:297
calling as root: awk '/^Seccomp:/{print $2}' /proc/$(pidof tor)/status
call returned: [0, "0\n", ""]
    Then the running process "tor" is confined with Seccomp              # features/step_definitions/checks.rb:144
      tor not confined with Seccomp.
      <2> expected but was
      <0>. (MiniTest::Assertion)
      ./features/step_definitions/checks.rb:147:in `/^the running process "(.+)" is confined with Seccomp$/'
      features/checks.feature:51:in `Then the running process "tor" is confined with Seccomp'

With an ISO built from the devel branch today:

    And Tor is ready                                                     # features/step_definitions/common_steps.rb:297
calling as root: awk '/^Seccomp:/{print $2}' /proc/$(pidof tor)/status
call returned: [0, "2\n", ""]
    Then the running process "tor" is confined with Seccomp              # features/step_definitions/checks.rb:144

#4 Updated by intrigeri 2015-02-11 18:57:52

  • Assignee changed from anonym to kytv
  • QA Check changed from Ready for QA to Info Needed

Any reason to use execute instead of execute_successfully? Granted, the next assert will fail in some way if the command failed, but still, IMO it’s good to get into the habit of using the autodying wrapper instead of the laxist one.

#5 Updated by intrigeri 2015-02-11 19:03:43

  • QA Check changed from Info Needed to Dev Needed

Also, better parse text on the host system (in Ruby) than with shell+awk+etc. in the system under test.

#6 Updated by intrigeri 2015-02-11 19:08:58

  • Target version changed from Tails_1.3.2 to Tails_1.3

Looks like this will be ready in time for 1.3 :)

#7 Updated by kytv 2015-02-11 21:33:12

  • Assignee changed from kytv to anonym
  • Target version changed from Tails_1.3 to Tails_1.3.2
  • QA Check changed from Dev Needed to Ready for QA

Now using ruby instead of going out to a shell.

#8 Updated by kytv 2015-02-11 21:50:41

  • Target version changed from Tails_1.3.2 to Tails_1.3

#9 Updated by Tails 2015-02-11 21:53:50

  • Status changed from In Progress to Fix committed
  • % Done changed from 50 to 100

Applied in changeset commit:8bf84004f25cb8731fb76fff8f40b67beb1ef516.

#10 Updated by intrigeri 2015-02-11 21:55:35

  • Assignee deleted (anonym)
  • QA Check changed from Ready for QA to Pass

Merged, thanks!

#11 Updated by BitingBird 2015-02-24 22:52:40

  • Status changed from Fix committed to Resolved