tests: lxc-test-apparmor-mount: show a log on error

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

tests: lxc-test-apparmor-mount: show a log on error
d6523915 · Wolfgang Bumiller · 023d07ee · d6523915
Commit d6523915 authored Jul 23, 2018 by Wolfgang Bumiller
Show whitespace changes
Inline Side-by-side

Showing with 20 additions and 4 deletions

lxc-test-apparmor-mount src/tests/lxc-test-apparmor-mount +20 -4

No files found.
--- a/src/tests/lxc-test-apparmor-mount
+++ b/src/tests/lxc-test-apparmor-mount
@@ -45,6 +45,7 @@ DONE=0
 KNOWN_RELEASES="precise trusty xenial yakkety zesty"
 MOUNTSR=/sys/kernel/security/apparmor/features/mount
 dnam=`mktemp -d`
+logfile=`mktemp`
 cname=`basename $dnam`
 cleanup() {
 	run_cmd lxc-destroy -f -n $cname || true
@@ -56,12 +57,21 @@ cleanup() {
 	rm -Rf $HDIR /run/user/$(id -u $TUSER)
 	deluser $TUSER
 	if [ $DONE -eq 0 ]; then
+		echo 'Failed container log:' >&2
+		cat "$logfile" >&2
+		echo 'End log' >&2
+		rm -f "$logfile"
 		echo "FAIL"
 		exit 1
 	fi
+	rm -f "$logfile"
 	echo "PASS"
 }
+clear_log() {
+	truncate -s0 "$logfile"
+}
 trap cleanup exit
 # Only run on a normally configured ubuntu lxc system
@@ -74,6 +84,8 @@ if [ "$(id -u)" != "0" ]; then
 	exit 1
 fi
+chmod 0666 "$logfile"
 # This would be much simpler if we could run it as
 # root.  However, in order to not have the bind mount
 # of an empty directory over the securitfs 'mount' directory
@@ -160,7 +172,7 @@ fi
 run_cmd lxc-create -t download -n $cname -- -d ubuntu -r $release -a $ARCH
 echo "test default confined container"
-run_cmd lxc-start -n $cname -d
+run_cmd lxc-start -n $cname -d -lDEBUG -o "$logfile"
 run_cmd lxc-wait -n $cname -s RUNNING
 pid=`run_cmd lxc-info -p -H -n $cname`
 profile=`cat /proc/$pid/attr/current`
@@ -169,10 +181,11 @@ if [ "x$profile" != "x${default_profile}" ]; then
 	exit 1
 fi
 run_cmd lxc-stop -n $cname -k
+clear_log
 echo "test regular unconfined container"
 echo "lxc.apparmor.profile = unconfined" >> $HDIR/.local/share/lxc/$cname/config
-run_cmd lxc-start -n $cname -d
+run_cmd lxc-start -n $cname -d -lDEBUG -o "$logfile"
 run_cmd lxc-wait -n $cname -s RUNNING
 pid=`run_cmd lxc-info -p -H -n $cname`
 profile=`cat /proc/$pid/attr/current`
@@ -181,6 +194,7 @@ if [ "x$profile" != "xunconfined" ]; then
 	exit 1
 fi
 run_cmd lxc-stop -n $cname -k
+clear_log
 echo "masking $MOUNTSR"
 mount --bind $dnam $MOUNTSR
@@ -198,7 +212,7 @@ fi
 echo "test regular unconfined container"
 echo "lxc.apparmor.profile = unconfined" >> $HDIR/.local/share/lxc/$cname/config
-run_cmd lxc-start -n $cname -d
+run_cmd lxc-start -n $cname -d -lDEBUG -o "$logfile"
 run_cmd lxc-wait -n $cname -s RUNNING
 pid=`run_cmd lxc-info -p -H -n $cname`
 if [ "$pid" = "-1" ]; then
@@ -211,11 +225,12 @@ if [ "x$profile" != "xunconfined" ]; then
 	exit 1
 fi
 run_cmd lxc-stop -n $cname -k
+clear_log
 echo "testing override"
 sed -i '/apparmor.profile/d' $HDIR/.local/share/lxc/$cname/config
 echo "lxc.apparmor.allow_incomplete = 1" >> $HDIR/.local/share/lxc/$cname/config
-run_cmd lxc-start -n $cname -d
+run_cmd lxc-start -n $cname -d -lDEBUG -o "$logfile"
 run_cmd lxc-wait -n $cname -s RUNNING
 pid=`run_cmd lxc-info -p -H -n $cname`
 if [ "$pid" = "-1" ]; then
@@ -228,5 +243,6 @@ if [ "x$profile" != "x${default_profile}" ]; then
 	exit 1
 fi
 run_cmd lxc-stop -n $cname -k
+clear_log
 DONE=1