diff --git a/Makefile b/Makefile index 9081406a..ecde2871 100644 --- a/Makefile +++ b/Makefile @@ -1,17 +1,17 @@ SUBDIRS = policy tests +.PHONY: all check-syntax clean test + all: @set -e; for i in $(SUBDIRS); do $(MAKE) -C $$i all ; done test: - make -C policy load - make -C tests test - make -C policy unload + $(MAKE) -C policy load + $(MAKE) -C tests test + $(MAKE) -C policy unload check-syntax: @./tools/check-syntax clean: @set -e; for i in $(SUBDIRS); do $(MAKE) -C $$i clean ; done - - diff --git a/defconfig b/defconfig index b2d4a905..d4100c08 100644 --- a/defconfig +++ b/defconfig @@ -10,6 +10,7 @@ CONFIG_SECURITY_SELINUX=y # For testing of labeled IPSEC, NetLabel, and SECMARK functionality. # Not strictly required for basic SELinux operation. CONFIG_SECURITY_NETWORK_XFRM=y +CONFIG_XFRM_USER=y CONFIG_NETLABEL=y CONFIG_IP_NF_SECURITY=m CONFIG_INET_XFRM_MODE_TRANSPORT=m @@ -19,6 +20,9 @@ CONFIG_INET6_AH=m CONFIG_CRYPTO_SHA1=m # used for testing, could be updated if desired CONFIG_NETWORK_SECMARK=y CONFIG_NF_CONNTRACK_SECMARK=y +CONFIG_NETFILTER=y +CONFIG_NETFILTER_NETLINK=m +CONFIG_NETFILTER_NETLINK_LOG=m CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m CONFIG_NETFILTER_XT_TARGET_SECMARK=m CONFIG_NETFILTER_XT_MATCH_STATE=m diff --git a/doc/tests/Makefile b/doc/tests/Makefile index ead6af26..6b85905f 100644 --- a/doc/tests/Makefile +++ b/doc/tests/Makefile @@ -10,7 +10,7 @@ TEX := $(patsubst %.sgml, %.tex, $(TOP)) LOG := $(patsubst %.sgml, %.log, $(TOP)) OUT := $(patsubst %.sgml, %.out, $(TOP)) -all: $(PS) $(PDF) $(HMTL) +all: $(PS) $(PDF) $(HTML) $(PS): $(ALL) custom.dsl jw -f docbook -d custom.dsl -b ps $(TOP) diff --git a/doc/tests/socket.sgml b/doc/tests/socket.sgml index ca203acf..d1293ad7 100644 --- a/doc/tests/socket.sgml +++ b/doc/tests/socket.sgml @@ -242,7 +242,7 @@ The socket scripts test the following hooks: -Secure Socket Sytem Call Tests +Secure Socket System Call Tests The tests in the socket_secure and unix_secure subdirectories create a single server diff --git a/policy/Makefile b/policy/Makefile index 46e51f34..2896aeec 100644 --- a/policy/Makefile +++ b/policy/Makefile @@ -180,6 +180,8 @@ ifeq ($(shell [ $(POL_VERS) -ge 34 -a $(MAX_KERNEL_POLICY) -ge 34 ] && echo true TARGETS += test_ioctl_cond_xperms.te endif +.PHONY: all build clean expand_check load unload + all: build expand_check: diff --git a/policy/test_capable_file.te b/policy/test_capable_file.te index 23772799..2ee5d8f3 100644 --- a/policy/test_capable_file.te +++ b/policy/test_capable_file.te @@ -29,7 +29,7 @@ type test_nofcap_t; typeattribute test_nofcap_t capabledomain; testsuite_domain_type(test_nofcap_t) -# Allow these domains to create a temporay file. +# Allow these domains to create a temporary file. allow capabledomain test_file_t:file { setattr rw_file_perms }; allow capabledomain test_file_t:chr_file { create }; allow capabledomain test_file_t:dir { setattr rw_dir_perms }; diff --git a/policy/test_capable_net.te b/policy/test_capable_net.te index a01ba8f8..8ec47829 100644 --- a/policy/test_capable_net.te +++ b/policy/test_capable_net.te @@ -1,7 +1,7 @@ ################################# # # Policy for testing network related capabilities. The test_capable_file.te -# policy is a prequisite for this file. +# policy is a prerequisite for this file. # # Type for process that is allowed certain capabilities diff --git a/policy/test_capable_sys.te b/policy/test_capable_sys.te index 70717f15..05d6da54 100644 --- a/policy/test_capable_sys.te +++ b/policy/test_capable_sys.te @@ -1,7 +1,7 @@ ################################# # # Policy for testing system related capabilities. The test_capable_file.te -# policy is a prequisite for this file. +# policy is a prerequisite for this file. # # Type for process that is allowed certain capabilities diff --git a/policy/test_mqueue.te b/policy/test_mqueue.te index b938a6b2..0d6df7aa 100644 --- a/policy/test_mqueue.te +++ b/policy/test_mqueue.te @@ -18,7 +18,7 @@ testsuite_domain_type(test_mqreadop_t) domain_obj_id_change_exemption(test_mqreadop_t) typeattribute test_mqreadop_t mqopdomain; -# Domain for process that is allowed to wirte to write posix mqueues +# Domain for process that is allowed to write the write posix mqueues type test_mqwriteop_t; testsuite_domain_type(test_mqwriteop_t) domain_obj_id_change_exemption(test_mqwriteop_t) diff --git a/tests/Makefile b/tests/Makefile index 35bb3587..6af7651f 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -6,7 +6,7 @@ INCLUDEDIR ?= $(PREFIX)/include SELINUXFS ?= /sys/fs/selinux FILESYSTEMS ?= ext4 xfs jfs vfat -export CFLAGS+=-g -O0 -Wall -D_GNU_SOURCE +export CFLAGS+=-g -O0 -Werror -Wall -Wextra -Wno-unused-parameter -D_GNU_SOURCE DISTRO=$(shell ./os_detect) SELINUXFS := $(shell cat /proc/mounts | grep selinuxfs | cut -f 2 -d ' ') diff --git a/tests/binder/Makefile b/tests/binder/Makefile index b89d4dbb..5c3a5895 100644 --- a/tests/binder/Makefile +++ b/tests/binder/Makefile @@ -3,7 +3,7 @@ INCLUDEDIR ?= /usr/include TARGETS = check_binder client manager service_provider LDLIBS += -lselinux -lrt -DEPS = binder_common.c binder_common.h +DEPS = binder_common.c ifeq ($(shell test -e $(INCLUDEDIR)/linux/android/binderfs.h && echo true),true) CFLAGS += -DHAVE_BINDERFS @@ -11,7 +11,7 @@ TARGETS += check_binderfs endif ifneq (,$(findstring -DHAVE_BPF,$(CFLAGS))) - DEPS += ../bpf/bpf_common.c ../bpf/bpf_common.h + DEPS += ../bpf/bpf_common.c LDLIBS += -lbpf endif diff --git a/tests/binder/client.c b/tests/binder/client.c index 49655637..220d37a5 100644 --- a/tests/binder/client.c +++ b/tests/binder/client.c @@ -231,7 +231,7 @@ static void extract_handle_and_acquire(int fd, static int binder_parse(int fd, binder_uintptr_t ptr, binder_size_t size) { binder_uintptr_t end = ptr + size; - uint32_t cmd; + uint32_t cmd = BR_DEAD_REPLY; while (ptr < end) { cmd = *(uint32_t *)ptr; diff --git a/tests/binder/manager.c b/tests/binder/manager.c index 8e5f446b..f7f17237 100644 --- a/tests/binder/manager.c +++ b/tests/binder/manager.c @@ -156,7 +156,7 @@ static void reply_with_handle(int fd, struct binder_transaction_data *txn_in) static int binder_parse(int fd, binder_uintptr_t ptr, binder_size_t size) { binder_uintptr_t end = ptr + size; - uint32_t cmd; + uint32_t cmd = BR_DEAD_REPLY; while (ptr < end) { cmd = *(uint32_t *)ptr; diff --git a/tests/binder/service_provider.c b/tests/binder/service_provider.c index f47365cc..1e6b490c 100644 --- a/tests/binder/service_provider.c +++ b/tests/binder/service_provider.c @@ -76,14 +76,16 @@ static void request_service_provider_fd(int fd, break; #if HAVE_BPF case BPF_MAP_FD: - obj.fd = create_bpf_map(); - if (obj.fd < 0) + result = create_bpf_map(); + if (result < 0) exit(70); + obj.fd = result; break; case BPF_PROG_FD: - obj.fd = create_bpf_prog(); - if (obj.fd < 0) + result = create_bpf_prog(); + if (result < 0) exit(71); + obj.fd = result; break; #else case BPF_MAP_FD: @@ -122,7 +124,7 @@ static void request_service_provider_fd(int fd, static int binder_parse(int fd, binder_uintptr_t ptr, binder_size_t size) { binder_uintptr_t end = ptr + size; - uint32_t cmd; + uint32_t cmd = BR_DEAD_REPLY; while (ptr < end) { cmd = *(uint32_t *)ptr; @@ -286,7 +288,7 @@ int main(int argc, char **argv) if (fd_type == BPF_TEST) exit(0); - /* If BPF enabed, then need to set limits */ + /* If BPF enabled, then need to set limits */ if (fd_type == BPF_MAP_FD || fd_type == BPF_PROG_FD) bpf_setrlimit(); #else diff --git a/tests/bounds/test b/tests/bounds/test index dd411152..3bf1b6a5 100755 --- a/tests/bounds/test +++ b/tests/bounds/test @@ -76,8 +76,8 @@ $result = system( ); ok($result); -# It ensure the child domain shall be bounded to the parent. -# So, we expect all the alloed actiona are intersection with test_bounds_parent_t +# It ensures the child domain shall be bounded to the parent. +# So, we expect all the allowed actions are intersections with test_bounds_parent_t $result = system( "runcon -t test_bounds_child_t -- dd if=$basedir/bounds_file_red of=/dev/null count=1 2>&1 > /dev/null" diff --git a/tests/bpf/Makefile b/tests/bpf/Makefile index 1ae8ce91..6b26ff99 100644 --- a/tests/bpf/Makefile +++ b/tests/bpf/Makefile @@ -1,5 +1,5 @@ TARGETS = bpf_test -DEPS = bpf_common.c bpf_common.h +DEPS = bpf_common.c LDLIBS += -lselinux -lbpf # export so that BPF_ENABLED entries get built correctly on local build diff --git a/tests/bpf/bpf_test.c b/tests/bpf/bpf_test.c index 3c6a29c8..f43440a1 100644 --- a/tests/bpf/bpf_test.c +++ b/tests/bpf/bpf_test.c @@ -20,7 +20,7 @@ int main(int argc, char *argv[]) enum { MAP_FD = 1, PROG_FD - } bpf_fd_type; + } bpf_fd_type = -1; while ((opt = getopt(argc, argv, "mpv")) != -1) { switch (opt) { diff --git a/tests/cap_userns/userns_child_exec.c b/tests/cap_userns/userns_child_exec.c index cdbf1205..e65e6155 100644 --- a/tests/cap_userns/userns_child_exec.c +++ b/tests/cap_userns/userns_child_exec.c @@ -89,8 +89,8 @@ usage(char *pname) static void update_map(char *mapping, char *map_file) { - int fd, j; - size_t map_len; /* Length of 'mapping' */ + int fd; + size_t j, map_len; /* Length of 'mapping' */ /* Replace commas in mapping string with newlines */ @@ -106,7 +106,7 @@ update_map(char *mapping, char *map_file) exit(EXIT_FAILURE); } - if (write(fd, mapping, map_len) != map_len) { + if (write(fd, mapping, map_len) != (ssize_t)map_len) { fprintf(stderr, "ERROR: write %s: %s\n", map_file, strerror(errno)); exit(EXIT_FAILURE); diff --git a/tests/capable_net/test b/tests/capable_net/test index 8ef9eccf..dc0b57a9 100755 --- a/tests/capable_net/test +++ b/tests/capable_net/test @@ -1,6 +1,6 @@ #!/usr/bin/perl # -# This test performs checks for network-related capabilties. +# This test performs checks for network-related capabilities. # use Test; diff --git a/tests/capable_sys/test b/tests/capable_sys/test index 34ed8c81..6fb57a1b 100755 --- a/tests/capable_sys/test +++ b/tests/capable_sys/test @@ -1,6 +1,6 @@ #!/usr/bin/perl # -# This test performs checks for system-related capabilties. +# This test performs checks for system-related capabilities. # use Test; @@ -10,7 +10,7 @@ BEGIN { $basedir =~ s|(.*)/[^/]*|$1|; $fs = `stat -f --print %T $basedir`; - $test_fibmap = ( $fs ne "btrfs" and $fs ne "nfs" ); + $test_fibmap = ( $fs ne "btrfs" and $fs ne "nfs" and $fs ne "overlayfs" ); $test_count = 7; if ($test_fibmap) { diff --git a/tests/execshare/parent.c b/tests/execshare/parent.c index db2e1278..a0e815b0 100644 --- a/tests/execshare/parent.c +++ b/tests/execshare/parent.c @@ -43,7 +43,7 @@ int main(int argc, char **argv) perror("malloc"); exit(-1); } - clone_stack = page + pagesize; + clone_stack = (unsigned char *)page + pagesize; rc = getcon(&context_tmp); if (rc < 0) { diff --git a/tests/extended_socket_class/test b/tests/extended_socket_class/test index 1e6299f0..f85243a8 100755 --- a/tests/extended_socket_class/test +++ b/tests/extended_socket_class/test @@ -3,10 +3,11 @@ use Test; BEGIN { - $test_count = 6; + $test_count = 4; $test_bluetooth = 0; $test_sctp = 0; $test_smc = 0; + $test_alg = 0; # check if SCTP is enabled if ( system("modprobe sctp 2>/dev/null && checksctp 2>/dev/null") eq 0 ) { @@ -26,6 +27,12 @@ BEGIN { $test_smc = 1; } + # check if ALG is supported + if ( system("modprobe af_alg 2>/dev/null") eq 0 ) { + $test_count += 2; + $test_alg = 1; + } + plan tests => $test_count; } @@ -127,17 +134,20 @@ if ($test_bluetooth) { ok($result); } -# Verify that test_alg_socket_t can create a Crypto API socket. -$result = system( +if ($test_alg) { + + # Verify that test_alg_socket_t can create a Crypto API socket. + $result = system( "runcon -t test_alg_socket_t -- $basedir/sockcreate alg seqpacket default 2>&1" -); -ok( $result, 0 ); + ); + ok( $result, 0 ); -# Verify that test_no_alg_socket_t cannot create a Crypto API socket. -$result = system( + # Verify that test_no_alg_socket_t cannot create a Crypto API socket. + $result = system( "runcon -t test_no_alg_socket_t -- $basedir/sockcreate alg seqpacket default 2>&1" -); -ok($result); + ); + ok($result); +} if ($test_smc) { diff --git a/tests/fdreceive/Makefile b/tests/fdreceive/Makefile index d9f8927c..4b1fb8ce 100644 --- a/tests/fdreceive/Makefile +++ b/tests/fdreceive/Makefile @@ -1,7 +1,7 @@ TARGETS = client server ifneq (,$(findstring -DHAVE_BPF,$(CFLAGS))) - DEPS = ../bpf/bpf_common.c ../bpf/bpf_common.h + DEPS = ../bpf/bpf_common.c LDLIBS += -lbpf endif diff --git a/tests/fdreceive/server.c b/tests/fdreceive/server.c index ff915321..bbe1c631 100644 --- a/tests/fdreceive/server.c +++ b/tests/fdreceive/server.c @@ -9,7 +9,7 @@ #include char my_path[1024]; -#define CLEANUP_AND_EXIT do { unlink(my_path); exit(1); } while (0) +#define CLEANUP_AND_EXIT do { unlink(my_path); _exit(1); } while (0) void handler(int sig) { @@ -43,7 +43,6 @@ int main(int argc, char **argv) } sun.sun_family = AF_UNIX; - sunlen = sizeof(struct sockaddr_un); strcpy(sun.sun_path, argv[2]); sunlen = strlen(sun.sun_path) + 1 + sizeof(short); strcpy(my_path, sun.sun_path); diff --git a/tests/file/test b/tests/file/test index fa28b7cc..64dc8135 100755 --- a/tests/file/test +++ b/tests/file/test @@ -148,7 +148,7 @@ ok($result); system "chcon -t nofileop_rw_file_t $basedir/temp_file2 2>&1 > /dev/null"; # -# Check the fcntl for the bad domain. This uses the read-only accessable file. +# Check the fcntl for the bad domain. This uses the read-only accessible file. # $result = system "runcon -t test_nofileop_t -- $basedir/test_nofcntl $basedir/temp_file3 2>&1"; diff --git a/tests/file/test_nofcntl.c b/tests/file/test_nofcntl.c index 3554dec9..40976c5b 100644 --- a/tests/file/test_nofcntl.c +++ b/tests/file/test_nofcntl.c @@ -29,7 +29,7 @@ int main(int argc, char **argv) exit(2); } - /* The next two acesses should fail, so if that happens, we return success. */ + /* The next two accesses should fail, so if that happens, we return success. */ rc = fcntl(fd, F_SETFL, 0); if( rc != -1 ) { diff --git a/tests/file/test_sigiotask.c b/tests/file/test_sigiotask.c index 97d343b7..5a5efc59 100644 --- a/tests/file/test_sigiotask.c +++ b/tests/file/test_sigiotask.c @@ -18,7 +18,7 @@ /* * Test the sigio operations by creating a child and registering that process * for SIGIO signals for the terminal. The main process forces a SIGIO - * on the terminal by sending a charcter to that device. + * on the terminal by sending a character to that device. */ int main(int argc, char **argv) { diff --git a/tests/filesystem/Filesystem.pm b/tests/filesystem/Filesystem.pm index f169464d..ab5db31e 100644 --- a/tests/filesystem/Filesystem.pm +++ b/tests/filesystem/Filesystem.pm @@ -15,7 +15,7 @@ sub check_config { $watch = 0; $result = `$base/../kvercmp $kvercur $kverminstream`; - if ( $result > 0 && -e $fanotify_fs ) { + if ( $result > 0 && -e $fanotify_fs && -d "/proc/sys/fs/fanotify/" ) { $watch = 1; $tst_count += 11; } diff --git a/tests/filesystem/fs_relabel.c b/tests/filesystem/fs_relabel.c index 4daf70c9..229fcb5f 100644 --- a/tests/filesystem/fs_relabel.c +++ b/tests/filesystem/fs_relabel.c @@ -27,7 +27,7 @@ int main(int argc, char **argv) { int opt, result, save_err; const char *newcon; - char *context, *fs_con = NULL, *base_dir, *type; + char *context, *fs_con = NULL, *base_dir = NULL, *type = NULL; char fs_mount[PATH_MAX]; bool verbose = false; context_t con_t; diff --git a/tests/filesystem/grim_reaper.c b/tests/filesystem/grim_reaper.c index 340546ad..167441dc 100644 --- a/tests/filesystem/grim_reaper.c +++ b/tests/filesystem/grim_reaper.c @@ -26,7 +26,7 @@ int main(int argc, char *argv[]) size_t len; ssize_t num; int opt, index = 0, i, result = 0; - char *mount_info[2], *buf = NULL, *item, *tgt; + char *mount_info[2], *buf = NULL, *item, *tgt = NULL; bool verbose = false; while ((opt = getopt(argc, argv, "t:v")) != -1) { diff --git a/tests/filesystem/test b/tests/filesystem/test index a7d8b24b..c12fed2e 100755 --- a/tests/filesystem/test +++ b/tests/filesystem/test @@ -176,6 +176,9 @@ ok( $result >> 8 eq 13 ); system("rm -rf $basedir/mntpoint 2>/dev/null"); +# Preload module +system("modprobe loop 2>/dev/null"); + ############### Test Basic Mount/Unmount ########################## mk_mntpoint_1($private_path); diff --git a/tests/inet_socket/bind.c b/tests/inet_socket/bind.c index 389ca20b..51dae027 100644 --- a/tests/inet_socket/bind.c +++ b/tests/inet_socket/bind.c @@ -12,6 +12,7 @@ #define IPPROTO_MPTCP 262 #endif +__attribute__((noreturn)) void usage(char *progname) { fprintf(stderr, "usage: %s protocol port\n", progname); diff --git a/tests/inet_socket/connect.c b/tests/inet_socket/connect.c index e2d02da4..c4defa6d 100644 --- a/tests/inet_socket/connect.c +++ b/tests/inet_socket/connect.c @@ -15,6 +15,7 @@ #define IPPROTO_MPTCP 262 #endif +__attribute__((noreturn)) void usage(char *progname) { fprintf(stderr, "usage: %s protocol port\n", progname); diff --git a/tests/inet_socket/test b/tests/inet_socket/test index 08c7b1de..71bc7dda 100755 --- a/tests/inet_socket/test +++ b/tests/inet_socket/test @@ -9,6 +9,9 @@ BEGIN { $proto = basename($basedir); if ( $proto eq "tcp" or $proto eq "mptcp" ) { + if ( $proto eq "mptcp" && system("modprobe mptcp 2>/dev/null") ne 0 ) { + plan skip_all => "protocol mptcp not supported"; + } $is_stream = 1; $fail_value1 = 5; $fail_value2 = 5; @@ -21,7 +24,7 @@ BEGIN { $test_count = 11; } else { - plan skip => "unknown protocol name \'$proto\'"; + plan skip_all => "unknown protocol name \'$proto\'"; } $test_ipsec = 0; diff --git a/tests/inherit/parent.c b/tests/inherit/parent.c index d37bcfe0..c218b42c 100644 --- a/tests/inherit/parent.c +++ b/tests/inherit/parent.c @@ -66,7 +66,7 @@ int main(int argc, char **argv) fprintf(stderr, "%s: out of memory\n", argv[0]); exit(-1); } - childargv[1] = malloc(6); + childargv[1] = malloc(11); if (!childargv[1]) { fprintf(stderr, "%s: out of memory\n", argv[0]); exit(-1); diff --git a/tests/ioctl/test b/tests/ioctl/test index 84e9d35c..4e2955cb 100755 --- a/tests/ioctl/test +++ b/tests/ioctl/test @@ -37,14 +37,14 @@ $result = system "touch $basedir/temp_file 2>&1"; $result = system "chcon -t test_ioctl_file_t $basedir/temp_file 2>&1"; # -# Attempt to perform the ioctls on the temproary file as the good domain +# Attempt to perform the ioctls on the temporary file as the good domain # $result = system "runcon -t test_ioctl_t -- $basedir/test_ioctl $basedir/temp_file 2>&1"; ok( $result, 0 ); # -# Attempt to perform the ioctls on the temproary file as the bad domain +# Attempt to perform the ioctls on the temporary file as the bad domain # The test program, test_noioctl.c, determines success/failure for the # individual calls, so we expect success always from that program. # diff --git a/tests/ioctl/test_ioctl.c b/tests/ioctl/test_ioctl.c index 9bf732dc..a68c4e06 100644 --- a/tests/ioctl/test_ioctl.c +++ b/tests/ioctl/test_ioctl.c @@ -27,11 +27,21 @@ int main(int argc, char **argv) exit(1); } - /* This one should hit the FILE__GETATTR or FILE__IOCTL test */ + /* + * This one should hit the FILE__GETATTR or FILE__IOCTL test. + * FIGETBSZ is not available on overlayfs, + * and FS_IOC_GETFLAGS is not available on NFS. + */ rc = ioctl(fd, FIGETBSZ, &val); if( rc < 0 ) { - perror("test_ioctl:FIGETBSZ"); - exit(1); + if(errno == EINVAL) { + rc = ioctl(fd, FS_IOC_GETFLAGS, &val); + } + + if( rc < 0 ) { + perror("test_ioctl:FIGETBSZ/FS_IOC_GETFLAGS"); + exit(1); + } } /* This one should hit the FILE__IOCTL test */ diff --git a/tests/ioctl/test_noioctl.c b/tests/ioctl/test_noioctl.c index 319d90fa..f8cac636 100644 --- a/tests/ioctl/test_noioctl.c +++ b/tests/ioctl/test_noioctl.c @@ -18,7 +18,7 @@ * argument. This version of the program expects some of the ioctl() * calls to fail, so if one does succeed, we exit with a bad return code. * This program expects the domain it is running as to have only read - * acess to the given file. + * access to the given file. */ int main(int argc, char **argv) { @@ -43,10 +43,17 @@ int main(int argc, char **argv) exit(1); } - /* This one should hit the FILE__IOCTL or FILE__GETATTR test and fail. */ + /* + * This one should hit the FILE__GETATTR or FILE__IOCTL test. + * FIGETBSZ is not available on overlayfs, + * and FS_IOC_GETFLAGS is not available on NFS. + */ rc = ioctl(fd, FIGETBSZ, &val); + if( rc == -1 && errno == EINVAL ) { + rc = ioctl(fd, FS_IOC_GETFLAGS, &val); + } if( rc == 0 ) { - printf("test_noioctl:FIGETBSZ"); + printf("test_ioctl:FIGETBSZ/FS_IOC_GETFLAGS"); exit(1); } diff --git a/tests/key_socket/key_sock.c b/tests/key_socket/key_sock.c index 29beb0ea..3333fa01 100644 --- a/tests/key_socket/key_sock.c +++ b/tests/key_socket/key_sock.c @@ -111,7 +111,7 @@ int main(int argc, char *argv[]) r_msg.sadb_msg_type != w_msg.sadb_msg_type || r_msg.sadb_msg_satype != w_msg.sadb_msg_satype || r_msg.sadb_msg_seq != w_msg.sadb_msg_seq || - r_msg.sadb_msg_pid != getpid()) { + (pid_t)r_msg.sadb_msg_pid != getpid()) { fprintf(stderr, "Failed to read correct sadb_msg data:\n"); fprintf(stderr, "\tSent - ver: %d type: %d sa_type: %d seq: %d pid: %d\n", w_msg.sadb_msg_version, w_msg.sadb_msg_type, diff --git a/tests/keys/Makefile b/tests/keys/Makefile index d9f36ff9..d3793db6 100644 --- a/tests/keys/Makefile +++ b/tests/keys/Makefile @@ -1,8 +1,6 @@ TARGETS = keyctl keyctl_relabel keyring_service request_keys LDLIBS += -lselinux -lkeyutils -$(TARGETS): keys_common.h - all: $(TARGETS) clean: diff --git a/tests/kvercmp b/tests/kvercmp index 3742f16d..4b1e3459 100755 --- a/tests/kvercmp +++ b/tests/kvercmp @@ -1,15 +1,17 @@ -#!/bin/bash +#!/bin/sh -function kvercmp() +set -eu + +kvercmp() { - ver1=`echo $1 | sed 's/-/./'` - ver2=`echo $2 | sed 's/-/./'` + ver1=$(echo "$1" | sed 's/-/./') + ver2=$(echo "$2" | sed 's/-/./') ret=0 i=1 - while [ 1 ]; do - digit1=`echo $ver1 | cut -d . -f $i` - digit2=`echo $ver2 | cut -d . -f $i` + while true; do + digit1=$(echo "$ver1" | cut -d . -f $i) + digit2=$(echo "$ver2" | cut -d . -f $i) if [ -z "$digit1" ]; then if [ -z "$digit2" ]; then diff --git a/tests/loop.pl b/tests/loop.pl index f5bf6ba5..2c97b771 100644 --- a/tests/loop.pl +++ b/tests/loop.pl @@ -1,12 +1,15 @@ #!/usr/bin/perl -$count = shift || 1; +use strict; +use warnings; + +my $count = shift || 1; print "Running all tests $count times\n"; -for ( $i = 0 ; $i < $count ; $i++ ) { +for ( my $i = 0 ; $i < $count ; $i++ ) { print "$i: "; - $foo = `./runtests.pl`; + my $foo = `./runtests.pl`; if ( $foo =~ m|All tests successful.\n| ) { print $'; } diff --git a/tests/module_load/init_load.c b/tests/module_load/init_load.c index 0422c194..821c4bd0 100644 --- a/tests/module_load/init_load.c +++ b/tests/module_load/init_load.c @@ -52,7 +52,7 @@ int main(int argc, char *argv[]) } fd = open(file_name, O_RDONLY); - if (!fd) { + if (fd < 0) { fprintf(stderr, "Failed to open %s: %s\n", file_name, strerror(errno)); exit(-1); diff --git a/tests/mqueue/mqmgr.c b/tests/mqueue/mqmgr.c index 5a08ce53..d03bf856 100644 --- a/tests/mqueue/mqmgr.c +++ b/tests/mqueue/mqmgr.c @@ -10,7 +10,7 @@ #include /* - * Managed the creation and distruction of a posix mqueue. + * Managed the creation and destruction of a posix mqueue. * The first argument is the name of the mqueue to be managed * (including starting '/'). The second argument is the * operation. '1' to create, '0' to remove. diff --git a/tests/mqueue/test b/tests/mqueue/test index 8334b9ba..0cb9c22c 100755 --- a/tests/mqueue/test +++ b/tests/mqueue/test @@ -8,7 +8,7 @@ use Test::More; BEGIN { # check if kernel supports posix mqueues file system is mounted if ( system("mount | grep -q mqueue") ) { - plan skip_all => "mqueue fileystem not supported/mounted"; + plan skip_all => "mqueue filesystem not supported/mounted"; } else { plan tests => 13; diff --git a/tests/nfsruntests.pl b/tests/nfsruntests.pl index c3f06266..fa4e23a1 100755 --- a/tests/nfsruntests.pl +++ b/tests/nfsruntests.pl @@ -1,5 +1,9 @@ #!/usr/bin/perl + +use strict; +use warnings; + use Test::Harness; -@test = "$ARGV[0]"; +my @test = "$ARGV[0]"; runtests(@test); diff --git a/tests/nnp_nosuid/execnnp.c b/tests/nnp_nosuid/execnnp.c index 78b5ab55..b4e49284 100644 --- a/tests/nnp_nosuid/execnnp.c +++ b/tests/nnp_nosuid/execnnp.c @@ -67,7 +67,7 @@ int main(int argc, char **argv) } pid = wait(&status); - if (WIFEXITED(status)) { + if (pid >= 0 && WIFEXITED(status)) { if (WEXITSTATUS(status) && nobounded) { printf("%s: Kernels < v3.18 do not support bounded transitions under NNP.\n", argv[0]); diff --git a/tests/notify/test b/tests/notify/test index 77db8c29..be28ad11 100755 --- a/tests/notify/test +++ b/tests/notify/test @@ -1,11 +1,25 @@ #!/usr/bin/perl use Test; -BEGIN { plan tests => 18 } # number of tests to run -# help the test script locate itself -$basedir = $0; -$basedir =~ s|(.*)/[^/]*|$1|; +BEGIN { + # help the test script locate itself + $basedir = $0; + $basedir =~ s|(.*)/[^/]*|$1|; + + $fanotify_support = 1; + + $result = system("runcon -t test_watch_t $basedir/test_fanotify -c 2>&1"); + + # check if CONFIG_FANOTIFY is enabled - ENOSYS + if ( $result >> 8 eq 38 ) { + $fanotify_support = 0; + plan tests => 4; + } + else { + plan tests => 18; + } +} # Get rid of a testfile and dir from last run if it's there (just in case) system("rm -f $basedir/watch_me"); @@ -27,45 +41,53 @@ $exit_val = system("runcon -t test_watch_t $basedir/test_inotify $basedir/watch_me 2>&1"); ok( $exit_val, 0 ); -# Should be able to set non-permissions based fanotify watch -$exit_val = system( - "runcon -t test_watch_t $basedir/test_fanotify $basedir/watch_me 2>&1"); -ok( $exit_val, 0 ); +if ($fanotify_support) { -# Should NOT be able to set permission based fanotify watch -$exit_val = system( - "runcon -t test_watch_t $basedir/test_fanotify -p $basedir/watch_me 2>&1"); -ok($exit_val); # this should fail + # Should be able to set non-permissions based fanotify watch + $exit_val = system( + "runcon -t test_watch_t $basedir/test_fanotify $basedir/watch_me 2>&1"); + ok( $exit_val, 0 ); -# Should NOT be able to set read based fanotify watch -$exit_val = system( - "runcon -t test_watch_t $basedir/test_fanotify -r $basedir/watch_me 2>&1"); -ok($exit_val); # this should fail + # Should NOT be able to set permission based fanotify watch + $exit_val = system( +"runcon -t test_watch_t $basedir/test_fanotify -p $basedir/watch_me 2>&1" + ); + ok($exit_val); # this should fail + + # Should NOT be able to set read based fanotify watch + $exit_val = system( +"runcon -t test_watch_t $basedir/test_fanotify -r $basedir/watch_me 2>&1" + ); + ok($exit_val); # this should fail +} # Should NOT be able to set read based inotify watch $exit_val = system( "runcon -t test_watch_t $basedir/test_inotify -r $basedir/watch_me 2>&1"); -ok($exit_val); # this should fail +ok($exit_val); # this should fail -## TEST PERM WATCH -# Should be able to set permission based fanotify watch -$exit_val = system( +if ($fanotify_support) { + + ## TEST PERM WATCH + # Should be able to set permission based fanotify watch + $exit_val = system( "runcon -t test_perm_watch_t $basedir/test_fanotify -p $basedir/watch_me 2>&1" -); -ok( $exit_val, 0 ); + ); + ok( $exit_val, 0 ); -# Should NOT be able to set watch of accesses -$exit_val = system( + # Should NOT be able to set watch of accesses + $exit_val = system( "runcon -t test_perm_watch_t $basedir/test_fanotify -r $basedir/watch_me 2>&1" -); -ok($exit_val); # this should fail + ); + ok($exit_val); # this should fail -## TEST READ NO PERM WATCH PERMSISSIONS -# Should NOT be able to set read and perm watch -$exit_val = system( + ## TEST READ NO PERM WATCH PERMSISSIONS + # Should NOT be able to set read and perm watch + $exit_val = system( "runcon -t test_read_watch_t $basedir/test_fanotify -p -r $basedir/watch_me 2>&1" -); -ok($exit_val); # should fail + ); + ok($exit_val); # should fail +} # Should be able to set read inotify watch $exit_val = system( @@ -73,12 +95,15 @@ $exit_val = system( ); ok( $exit_val, 0 ); -## TEST READ WITH PERM WATCH PERMSISSIONS -# Should be able to set read and perm watch -$exit_val = system( +if ($fanotify_support) { + + ## TEST READ WITH PERM WATCH PERMSISSIONS + # Should be able to set read and perm watch + $exit_val = system( "runcon -t test_perm_read_watch_t $basedir/test_fanotify -p -r $basedir/watch_me 2>&1" -); -ok( $exit_val, 0 ); + ); + ok( $exit_val, 0 ); +} ## TEST NO WATCH PERMSISSIONS # Should NOT be able to set inotify watch @@ -86,45 +111,52 @@ $exit_val = system( "runcon -t test_no_watch_t $basedir/test_inotify $basedir/watch_me 2>&1"); ok($exit_val); # this should fail -# Should NOT be able to set any fanotify watch -$exit_val = system( - "runcon -t test_no_watch_t $basedir/test_fanotify $basedir/watch_me 2>&1"); -ok($exit_val); # this should fail - -## TEST READ ONLY -# Should NOT be able to get read-write descriptor -$exit_val = system( - "runcon -t test_rdonly_t $basedir/test_fanotify -l $basedir/watch_me 2>&1"); -ok($exit_val); # this should fail - -# Should be able to get read-write descriptor -$exit_val = system( - "runcon -t test_watch_t $basedir/test_fanotify -l $basedir/watch_me 2>&1"); -ok( $exit_val, 0 ); - -## TEST MOUNT WATCHES -# Should NOT be able to set a watch on a mount point -$exit_val = system( - "runcon -t test_watch_t $basedir/test_fanotify -m $basedir/watch_dir 2>&1"); -ok($exit_val); # this should fail - -# Should be able to set a watch on mount point -$exit_val = system( +if ($fanotify_support) { + + # Should NOT be able to set any fanotify watch + $exit_val = system( +"runcon -t test_no_watch_t $basedir/test_fanotify $basedir/watch_me 2>&1" + ); + ok($exit_val); # this should fail + + ## TEST READ ONLY + # Should NOT be able to get read-write descriptor + $exit_val = system( +"runcon -t test_rdonly_t $basedir/test_fanotify -l $basedir/watch_me 2>&1" + ); + ok($exit_val); # this should fail + + # Should be able to get read-write descriptor + $exit_val = system( +"runcon -t test_watch_t $basedir/test_fanotify -l $basedir/watch_me 2>&1" + ); + ok( $exit_val, 0 ); + + ## TEST MOUNT WATCHES + # Should NOT be able to set a watch on a mount point + $exit_val = system( +"runcon -t test_watch_t $basedir/test_fanotify -m $basedir/watch_dir 2>&1" + ); + ok($exit_val); # this should fail + + # Should be able to set a watch on mount point + $exit_val = system( "runcon -t test_mount_watch_t $basedir/test_fanotify -m $basedir/watch_dir 2>&1" -); -ok( $exit_val, 0 ); + ); + ok( $exit_val, 0 ); -# Should NOT be able to set a perm watch on a mount -$exit_val = system( + # Should NOT be able to set a perm watch on a mount + $exit_val = system( "runcon -t test_mount_watch_t $basedir/test_fanotify -m -p $basedir/watch_dir 2>&1" -); -ok($exit_val); # this should fail + ); + ok($exit_val); # this should fail -# Should be able to set a perm watch on a mount object -$exit_val = system( + # Should be able to set a perm watch on a mount object + $exit_val = system( "runcon -t test_mount_perm_t $basedir/test_fanotify -p -m $basedir/watch_dir 2>&1" -); -ok( $exit_val, 0 ); + ); + ok( $exit_val, 0 ); +} # Clean up test file system("rm -f $basedir/watch_me"); diff --git a/tests/notify/test_fanotify.c b/tests/notify/test_fanotify.c index bc3b4c33..c771a8de 100644 --- a/tests/notify/test_fanotify.c +++ b/tests/notify/test_fanotify.c @@ -5,6 +5,7 @@ #include +#include #include #include #include @@ -12,7 +13,7 @@ void printUsage() { - fprintf(stderr, "Usage: test_fanotify [-p] [-r] [-l] [-m] file_name\n"); + fprintf(stderr, "Usage: test_fanotify [-p] [-r] [-l] [-m] [-c] file_name\n"); exit(1); } @@ -26,13 +27,14 @@ int main(int argc, char *argv[]) int mask = FAN_OPEN; // default mask int flags = FAN_MARK_ADD; int listening = 0; + int check = 0; // the -p flag will test for watch_with_perm // the mask used at mark will contain FAN_OPEN_PERM // // the -r flag will test for watching accesses to files for reads // the mask will contain FAN_ACCESS - while ((arg = getopt(argc, argv, "prlm")) != -1) { + while ((arg = getopt(argc, argv, "prlmc")) != -1) { switch (arg) { case 'p': mask |= FAN_OPEN_PERM; @@ -46,6 +48,9 @@ int main(int argc, char *argv[]) case 'm': flags |= FAN_MARK_MOUNT; break; + case 'c': + check = 1; + break; default: printUsage(); } @@ -53,6 +58,11 @@ int main(int argc, char *argv[]) // get file descriptor for new fanotify event queue fd = fanotify_init(FAN_CLASS_CONTENT, O_RDWR); + if (check) { + if (fd < 0 && errno == ENOSYS) + exit(ENOSYS); + exit(0); + } if (fd < 0) { perror("fanotify_init:bad file descriptor"); exit(1); @@ -76,6 +86,10 @@ int main(int argc, char *argv[]) FILE *f; f = fopen(argv[optind], "r"); // open file for reading + if (!f) { + perror("test_fanotify:bad listen file"); + exit(1); + } fgetc(f); // read char from file fclose(f); @@ -90,9 +104,9 @@ int main(int argc, char *argv[]) if (fds.revents & POLLIN) { struct fanotify_event_metadata buff[200]; - size_t len = read(fd, (void *)&buff, sizeof(buff)); + ssize_t len = read(fd, (void *)&buff, sizeof(buff)); if (len == -1) { - perror("test_fanotify:can't open file"); + perror("test_fanotify:can't read file"); exit(1); } else { listening = 0; diff --git a/tests/os_detect b/tests/os_detect index cddcb857..6b723f6a 100755 --- a/tests/os_detect +++ b/tests/os_detect @@ -1,8 +1,10 @@ -#!/bin/bash +#!/bin/sh -if [[ -r /etc/redhat-release ]]; then - ver=$(cat /etc/redhat-release | sed -ne '/^Red Hat Enterprise Linux/p') - if [[ -n $ver ]]; then +set -eu + +if [ -r /etc/redhat-release ]; then + ver=$(sed -ne '/^Red Hat Enterprise Linux/p' /etc/redhat-release) + if [ -n "$ver" ]; then echo "$ver" | \ sed -e 's/Red Hat Enterprise Linux[ \ta-zA-Z]*\([0-9]\+\).*/RHEL\1/' fi diff --git a/tests/overlay/setup-overlay b/tests/overlay/setup-overlay index 3f334996..c08a3ddc 100755 --- a/tests/overlay/setup-overlay +++ b/tests/overlay/setup-overlay @@ -29,7 +29,7 @@ setup () { # (test_overlay_mounter_t, test_overlay_client_t) chcon -R -t test_overlay_files_ro_t $BASEDIR/lower - # Label noaccessfile and noaccessdir, with types not accessable to either the + # Label noaccessfile and noaccessdir, with types not accessible to either the # mounter or the client types chcon -t test_overlay_files_noaccess_t $BASEDIR/lower/noaccessfile $BASEDIR/lower/noaccessdir $BASEDIR/lower/null_noaccess chcon -t test_overlay_mounter_files_t $BASEDIR/lower/mounterfile $BASEDIR/lower/mounterdir $BASEDIR/lower/null_mounter diff --git a/tests/overlay/test b/tests/overlay/test index c8367dd9..744fc9c2 100755 --- a/tests/overlay/test +++ b/tests/overlay/test @@ -9,14 +9,15 @@ BEGIN { chop($seuser); $seuser =~ s|^(\w+):.*$|$1|; - $isnfs = `stat -f --print %T $basedir`; + $fs = `stat -f --print %T $basedir`; # check if kernel supports overlayfs and SELinux labeling if ( system("grep -q security_inode_copy_up /proc/kallsyms") ) { plan skip_all => "overlayfs not supported with SELinux in this kernel"; } - elsif ( $isnfs eq "nfs" ) { - plan skip_all => "overlayfs upperdir not supported on NFS"; + elsif ( $fs eq "nfs" or $fs eq "overlayfs" ) { + plan skip_all => + "overlayfs upperdir not supported on NFS and OverlayFS"; } else { plan tests => 119; diff --git a/tests/pol_detect b/tests/pol_detect index ba25b943..8c079978 100755 --- a/tests/pol_detect +++ b/tests/pol_detect @@ -1,4 +1,6 @@ -#!/bin/bash +#!/bin/sh + +set -eu if [ $# -ne 1 ]; then echo "Usage $0 " @@ -8,10 +10,10 @@ fi # This is heuristic but seems unlikely to be wrong, # the kernel initial sid should always be SystemHigh # and SystemHigh is normally s15 -level=$(cat $1/initial_contexts/kernel | tr '\0' '\n' | cut -d: -f4) +level=$(cat "$1/initial_contexts/kernel" | tr '\0' '\n' | cut -d: -f4) -if [ -z $level ]; then echo "NON-MLS" -elif [ $level = 's0' ]; then echo "MCS" -elif [ $level = 's15' ]; then echo "MLS" +if [ -z "$level" ]; then echo "NON-MLS" +elif [ "$level" = 's0' ]; then echo "MCS" +elif [ "$level" = 's15' ]; then echo "MLS" else echo "UNKNOWN" fi diff --git a/tests/prlimit/parent.c b/tests/prlimit/parent.c index 649aecf4..70daefb5 100644 --- a/tests/prlimit/parent.c +++ b/tests/prlimit/parent.c @@ -138,12 +138,14 @@ int main(int argc, char **argv) newrlimp = &newrlim; if (soft) { newrlim.rlim_max = oldrlim.rlim_max; + newrlim.rlim_cur = oldrlim.rlim_cur; if (newrlim.rlim_cur == RLIM_INFINITY) newrlim.rlim_cur = 1024; else newrlim.rlim_cur = oldrlim.rlim_cur / 2; } else { newrlim.rlim_cur = oldrlim.rlim_cur; + newrlim.rlim_max = oldrlim.rlim_max; if (newrlim.rlim_max == RLIM_INFINITY) newrlim.rlim_max = 1024; else diff --git a/tests/runtests.pl b/tests/runtests.pl index a2ed7ea2..7654a822 100755 --- a/tests/runtests.pl +++ b/tests/runtests.pl @@ -1,20 +1,24 @@ #!/usr/bin/perl +use strict; +use warnings; + use Test::Harness; -@dirs = split( / /, $ENV{SUBDIRS} ); +my @dirs = split( / /, $ENV{SUBDIRS} ); +my @scripts = (); for (@dirs) { push @scripts, "$_/test"; } -$output = `id`; +my $output = `id`; $output =~ /uid=\d+\((\w+)\).*context=(\w+):(\w+):(\w+)/ || die("Can't determine user's id\n"); -$unixuser = $1; -$user = $2; -$role = $3; -$type = $4; +my $unixuser = $1; +my $user = $2; +my $role = $3; +my $type = $4; print "Running as user $unixuser with context $2:$3:$4\n\n"; diff --git a/tests/sctp/sctp_common.c b/tests/sctp/sctp_common.c index d10225c6..527cda33 100644 --- a/tests/sctp/sctp_common.c +++ b/tests/sctp/sctp_common.c @@ -105,9 +105,9 @@ void print_addr_info(struct sockaddr *sin, char *text) char *get_ip_option(int fd, bool ipv4, socklen_t *opt_len) { - int result, i; + int result; unsigned char ip_options[1024]; - socklen_t len = sizeof(ip_options); + socklen_t i, len = sizeof(ip_options); char *ip_optbuf; if (ipv4) diff --git a/tests/task_setscheduler/test b/tests/task_setscheduler/test index c2fe8c65..3730ff7e 100755 --- a/tests/task_setscheduler/test +++ b/tests/task_setscheduler/test @@ -23,7 +23,7 @@ close($f); $cgroup_cpu = "/sys/fs/cgroup/cpu/tasks"; if ( -w $cgroup_cpu ) { - # We can only set the scheduler policy fo SCHED_{RR,FIFO} in the root + # We can only set the scheduler policy to SCHED_{RR,FIFO} in the root # cgroup so move our target process to the root cgroup. open( my $fd, ">>", $cgroup_cpu ); print $fd $pid; diff --git a/tests/tun_tap/Makefile b/tests/tun_tap/Makefile index 11f5b03d..f4b69d5a 100644 --- a/tests/tun_tap/Makefile +++ b/tests/tun_tap/Makefile @@ -1,5 +1,5 @@ TARGETS = tun_tap tun_relabel -DEPS = tun_common.c tun_common.h +DEPS = tun_common.c LDLIBS += -lselinux all: $(TARGETS) diff --git a/tests/tun_tap/test b/tests/tun_tap/test index 3daf2eba..87956c5f 100755 --- a/tests/tun_tap/test +++ b/tests/tun_tap/test @@ -16,7 +16,15 @@ BEGIN { $v = " "; } - plan tests => 14; + $result = system("runcon -t test_tun_tap_t $basedir/tun_tap $v -c 2>&1"); + + # check for TUN/TAP support - ENOENT + if ( $result >> 8 eq 2 ) { + plan skip_all => "No TUN/TAP support"; + } + else { + plan tests => 14; + } } ############ Test tun_socket TUN ############# diff --git a/tests/tun_tap/tun_common.c b/tests/tun_tap/tun_common.c index 9a3c5de6..86e41df4 100644 --- a/tests/tun_tap/tun_common.c +++ b/tests/tun_tap/tun_common.c @@ -5,7 +5,7 @@ int open_dev(int *fd, char *test_str, bool verbose) char *tun_dev = "/dev/net/tun"; *fd = open(tun_dev, O_RDWR); - if (fd < 0) { + if (*fd < 0) { fprintf(stderr, "Failed to open device: %s\n", strerror(errno)); return errno; diff --git a/tests/tun_tap/tun_tap.c b/tests/tun_tap/tun_tap.c index a3db6c91..c1b85909 100644 --- a/tests/tun_tap/tun_tap.c +++ b/tests/tun_tap/tun_tap.c @@ -5,6 +5,7 @@ static void print_usage(char *progname) fprintf(stderr, "usage: %s [-p] [-s ] [-v]\n" "Where:\n\t" + "-c Check if TUN/TAP features are available.\n\t" "-p Test TAP driver, default is TUN driver.\n\t" "-s If -v, then show TUN/TAP Features.\n\t" "-v Print information.\n", progname); @@ -16,14 +17,17 @@ int main(int argc, char *argv[]) char *context, *test_str; int opt, result, fd, bit, count, test; unsigned int features, f_switch; - bool verbose = false, show = false; + bool verbose = false, show = false, check = false; struct ifreq ifr; test = IFF_TUN; test_str = "TUN"; - while ((opt = getopt(argc, argv, "psv")) != -1) { + while ((opt = getopt(argc, argv, "cpsv")) != -1) { switch (opt) { + case 'c': + check = true; + break; case 'p': test = IFF_TAP; test_str = "TAP"; @@ -52,7 +56,7 @@ int main(int argc, char *argv[]) /* Start TUN/TAP */ result = open_dev(&fd, test_str, verbose); - if (result != 0) + if (check || result != 0) exit(result); if (verbose && show) { diff --git a/tests/unix_socket/client.c b/tests/unix_socket/client.c index 093c319f..eaf83ee0 100644 --- a/tests/unix_socket/client.c +++ b/tests/unix_socket/client.c @@ -11,6 +11,7 @@ #include #include +__attribute__((noreturn)) void usage(char *progname) { fprintf(stderr, diff --git a/tests/unix_socket/server.c b/tests/unix_socket/server.c index bd85e4c5..1ec9db58 100644 --- a/tests/unix_socket/server.c +++ b/tests/unix_socket/server.c @@ -16,6 +16,7 @@ #define SCM_SECURITY 0x03 #endif +__attribute__((noreturn)) void usage(char *progname) { fprintf(stderr, diff --git a/tests/unix_socket/socketpair.c b/tests/unix_socket/socketpair.c index d547d100..a9ac8737 100644 --- a/tests/unix_socket/socketpair.c +++ b/tests/unix_socket/socketpair.c @@ -17,6 +17,7 @@ #define SCM_SECURITY 0x03 #endif +__attribute__((noreturn)) void print_usage(char *progname) { fprintf(stderr, diff --git a/tests/userfaultfd/userfaultfd.c b/tests/userfaultfd/userfaultfd.c index b788f725..2d58b085 100644 --- a/tests/userfaultfd/userfaultfd.c +++ b/tests/userfaultfd/userfaultfd.c @@ -177,7 +177,7 @@ int main (int argc, char *argv[]) return -1; } - /* Acces to the registered memory range should invoke the 'missing' + /* Access to the registered memory range should invoke the 'missing' * userfaultfd page fault, which should get handled by the thread * created above. */ diff --git a/tools/check-syntax b/tools/check-syntax index 2775eb46..89d74c31 100755 --- a/tools/check-syntax +++ b/tools/check-syntax @@ -111,7 +111,7 @@ function style_fix() { [[ -z "$1" ]] && return [[ -z "$2" || ! -w "$2" ]] && return - tmp="$(mktemp --tmpdir=$(dirname "$2"))" + tmp="$(mktemp --tmpdir="$(dirname "$2")")" case "$1" in c|C) tool_c_style "$2" > "$tmp"