mirror of
https://github.com/xemu-project/xemu.git
synced 2024-11-23 19:49:43 +00:00
4aa2e497a9
- Improves documentation of SSH fingerprint checking - Fixes SHA256 fingerprints with non-blockdev usage - Blocks the clone3, setns, unshare & execveat syscalls with seccomp - Blocks process spawning via clone syscall, but allows threads, with seccomp - Takes over seccomp maintainer role - Expands firmware descriptor spec to allow flash without NVRAM -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAmIOOBkACgkQvobrtBUQ T9/ruhAAr8jkAH8FN5ftx2/L7q8SHpjPupue1CJ0Nl/ykmYhTGc+SqC3R2nZWOk2 Ws8hHVcDVT1lhrGxPtU7o+JPC1TebJTsloimJoKQY3qfdvZadJeR/4KsOUzi2ruu VZ6HiYvZc1c9T+NPf3QRhBo7yyascKWKWHDseUNIt/2DiefCox4QFUDDMG86HiQF KK30xWTvwJdcPxRlbfZbWRoqA0v4OoSDK6Ftp94FQSNBkExO85kstDq3xVaApf8H DE1QD7gf+dvz11wVuFhrf4d1EH032nU0p0kMxhABc4/kZXo5iWXohhzML3/MUEVT pe5/9pzUdWpfXQd/2r7x2PyPgySAG7lGbkgltowY52qnRPaNw9ukwkFCFAj8wiD8 FT2ghvkYD3zLfnZ3nuuzJVjf3pXgCc5VcfXaoffT72a7gpI1LTuEqPFwo04imV4l 21fYFx26mYTGCLH1CwVw8MQ2z/dg6uorT/NHdmRA/KrYJ1Elay2K7DV3Z5jOM5MI 0Ll5HkfsUut+1rioUjNgmlQ+96k/G0P0hVUoTUIcgl3U/GDx2+ypcrNTfmEcaCLV bOhsjtrcg/KAXsCSbvnfDe3bWf0txnscyqoilEzDahLvciWG3d6qlhczLy29LGb4 /w7iqnUcSygXc+a9/ckVo1h5fo0i9qb3W8Pw9klapvz6SGJ83g4= =PeCY -----END PGP SIGNATURE----- Merge remote-tracking branch 'remotes/berrange-gitlab/tags/misc-next-pull-request' into staging This misc series of changes: - Improves documentation of SSH fingerprint checking - Fixes SHA256 fingerprints with non-blockdev usage - Blocks the clone3, setns, unshare & execveat syscalls with seccomp - Blocks process spawning via clone syscall, but allows threads, with seccomp - Takes over seccomp maintainer role - Expands firmware descriptor spec to allow flash without NVRAM # gpg: Signature made Thu 17 Feb 2022 11:57:13 GMT # gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF # gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full] # gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full] # Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF * remotes/berrange-gitlab/tags/misc-next-pull-request: docs: expand firmware descriptor to allow flash without NVRAM MAINTAINERS: take over seccomp from Eduardo Otubo seccomp: block setns, unshare and execveat syscalls seccomp: block use of clone3 syscall seccomp: fix blocking of process spawning seccomp: add unit test for seccomp filtering seccomp: allow action to be customized per syscall block: print the server key type and fingerprint on failure block: support sha256 fingerprint with pre-blockdev options block: better document SSH host key fingerprint checking Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
191 lines
5.7 KiB
Meson
191 lines
5.7 KiB
Meson
|
|
testblock = declare_dependency(dependencies: [block], sources: 'iothread.c')
|
|
|
|
tests = {
|
|
'check-block-qdict': [],
|
|
'check-qdict': [],
|
|
'check-qnum': [],
|
|
'check-qstring': [],
|
|
'check-qlist': [],
|
|
'check-qnull': [],
|
|
'check-qobject': [],
|
|
'check-qjson': [],
|
|
'check-qlit': [],
|
|
'test-qobject-output-visitor': [testqapi],
|
|
'test-clone-visitor': [testqapi],
|
|
'test-qobject-input-visitor': [testqapi],
|
|
'test-forward-visitor': [testqapi],
|
|
'test-string-input-visitor': [testqapi],
|
|
'test-string-output-visitor': [testqapi],
|
|
'test-opts-visitor': [testqapi],
|
|
'test-visitor-serialization': [testqapi],
|
|
'test-bitmap': [],
|
|
# all code tested by test-x86-cpuid is inside topology.h
|
|
'test-x86-cpuid': [],
|
|
'test-cutils': [],
|
|
'test-div128': [],
|
|
'test-shift128': [],
|
|
'test-mul64': [],
|
|
# all code tested by test-int128 is inside int128.h
|
|
'test-int128': [],
|
|
'rcutorture': [],
|
|
'test-rcu-list': [],
|
|
'test-rcu-simpleq': [],
|
|
'test-rcu-tailq': [],
|
|
'test-rcu-slist': [],
|
|
'test-qdist': [],
|
|
'test-qht': [],
|
|
'test-bitops': [],
|
|
'test-bitcnt': [],
|
|
'test-qgraph': ['../qtest/libqos/qgraph.c'],
|
|
'check-qom-interface': [qom],
|
|
'check-qom-proplist': [qom],
|
|
'test-qemu-opts': [],
|
|
'test-keyval': [testqapi],
|
|
'test-logging': [],
|
|
'test-uuid': [],
|
|
'ptimer-test': ['ptimer-test-stubs.c', meson.project_source_root() / 'hw/core/ptimer.c'],
|
|
'test-qapi-util': [],
|
|
'test-smp-parse': [qom, meson.project_source_root() / 'hw/core/machine-smp.c'],
|
|
}
|
|
|
|
if have_system or have_tools
|
|
tests += {
|
|
'test-qmp-event': [testqapi],
|
|
}
|
|
|
|
if seccomp.found()
|
|
tests += {'test-seccomp': ['../../softmmu/qemu-seccomp.c', seccomp]}
|
|
endif
|
|
endif
|
|
|
|
if have_block
|
|
tests += {
|
|
'test-coroutine': [testblock],
|
|
'test-aio': [testblock],
|
|
'test-aio-multithread': [testblock],
|
|
'test-throttle': [testblock],
|
|
'test-thread-pool': [testblock],
|
|
'test-hbitmap': [testblock],
|
|
'test-bdrv-drain': [testblock],
|
|
'test-bdrv-graph-mod': [testblock],
|
|
'test-blockjob': [testblock],
|
|
'test-blockjob-txn': [testblock],
|
|
'test-block-backend': [testblock],
|
|
'test-block-iothread': [testblock],
|
|
'test-write-threshold': [testblock],
|
|
'test-crypto-hash': [crypto],
|
|
'test-crypto-hmac': [crypto],
|
|
'test-crypto-cipher': [crypto],
|
|
'test-crypto-secret': [crypto, keyutils],
|
|
'test-authz-simple': [authz],
|
|
'test-authz-list': [authz],
|
|
'test-authz-listfile': [authz],
|
|
'test-io-task': [testblock],
|
|
'test-io-channel-socket': ['socket-helpers.c', 'io-channel-helpers.c', io],
|
|
'test-io-channel-file': ['io-channel-helpers.c', io],
|
|
'test-io-channel-command': ['io-channel-helpers.c', io],
|
|
'test-io-channel-buffer': ['io-channel-helpers.c', io],
|
|
'test-crypto-ivgen': [io],
|
|
'test-crypto-afsplit': [io],
|
|
'test-crypto-block': [io],
|
|
}
|
|
if gnutls.found() and \
|
|
tasn1.found() and \
|
|
'CONFIG_POSIX' in config_host
|
|
tests += {
|
|
'test-crypto-tlscredsx509': ['crypto-tls-x509-helpers.c', 'pkix_asn1_tab.c',
|
|
tasn1, crypto, gnutls],
|
|
'test-crypto-tlssession': ['crypto-tls-x509-helpers.c', 'pkix_asn1_tab.c', 'crypto-tls-psk-helpers.c',
|
|
tasn1, crypto, gnutls],
|
|
'test-io-channel-tls': ['io-channel-helpers.c', 'crypto-tls-x509-helpers.c', 'pkix_asn1_tab.c',
|
|
tasn1, io, crypto, gnutls]}
|
|
endif
|
|
if pam.found()
|
|
tests += {'test-authz-pam': [authz]}
|
|
endif
|
|
if xts == 'private'
|
|
tests += {'test-crypto-xts': [crypto, io]}
|
|
endif
|
|
if 'CONFIG_POSIX' in config_host
|
|
tests += {'test-image-locking': [testblock]}
|
|
endif
|
|
if config_host_data.get('CONFIG_REPLICATION')
|
|
tests += {'test-replication': [testblock]}
|
|
endif
|
|
if nettle.found() or gcrypt.found()
|
|
tests += {'test-crypto-pbkdf': [io]}
|
|
endif
|
|
if config_host_data.get('CONFIG_EPOLL_CREATE1')
|
|
tests += {'test-fdmon-epoll': [testblock]}
|
|
endif
|
|
endif
|
|
|
|
if have_system
|
|
tests += {
|
|
'test-iov': [],
|
|
'test-qmp-cmds': [testqapi],
|
|
'test-xbzrle': [migration],
|
|
'test-timed-average': [],
|
|
'test-util-sockets': ['socket-helpers.c'],
|
|
'test-base64': [],
|
|
'test-bufferiszero': [],
|
|
'test-vmstate': [migration, io],
|
|
'test-yank': ['socket-helpers.c', qom, io, chardev]
|
|
}
|
|
if config_host_data.get('CONFIG_INOTIFY1')
|
|
tests += {'test-util-filemonitor': []}
|
|
endif
|
|
|
|
# Some tests: test-char, test-qdev-global-props, and test-qga,
|
|
# are not runnable under TSan due to a known issue.
|
|
# https://github.com/google/sanitizers/issues/1116
|
|
if 'CONFIG_TSAN' not in config_host
|
|
if 'CONFIG_POSIX' in config_host
|
|
tests += {
|
|
'test-char': ['socket-helpers.c', qom, io, chardev]
|
|
}
|
|
endif
|
|
|
|
tests += {
|
|
'test-qdev-global-props': [qom, hwcore, testqapi]
|
|
}
|
|
endif
|
|
endif
|
|
|
|
if have_ga and targetos == 'linux' and 'CONFIG_TSAN' not in config_host
|
|
tests += {'test-qga': ['../qtest/libqtest.c']}
|
|
test_deps += {'test-qga': qga}
|
|
endif
|
|
|
|
test_env = environment()
|
|
test_env.set('G_TEST_SRCDIR', meson.current_source_dir())
|
|
test_env.set('G_TEST_BUILDDIR', meson.current_build_dir())
|
|
|
|
slow_tests = {
|
|
'test-crypto-tlscredsx509': 45,
|
|
'test-crypto-tlssession': 45
|
|
}
|
|
|
|
foreach test_name, extra: tests
|
|
src = [test_name + '.c']
|
|
deps = [qemuutil]
|
|
if extra.length() > 0
|
|
# use a sourceset to quickly separate sources and deps
|
|
test_ss = ss.source_set()
|
|
test_ss.add(extra)
|
|
src += test_ss.all_sources()
|
|
deps += test_ss.all_dependencies()
|
|
endif
|
|
exe = executable(test_name, src, genh, dependencies: deps)
|
|
|
|
test(test_name, exe,
|
|
depends: test_deps.get(test_name, []),
|
|
env: test_env,
|
|
args: ['--tap', '-k'],
|
|
protocol: 'tap',
|
|
timeout: slow_tests.get(test_name, 30),
|
|
priority: slow_tests.get(test_name, 30),
|
|
suite: ['unit'])
|
|
endforeach
|