|
2 | 2 | # Licensed under the MIT license. |
3 | 3 | from __future__ import annotations |
4 | 4 |
|
5 | | -import time |
6 | 5 | from typing import cast |
7 | 6 |
|
8 | 7 | from assertpy import assert_that |
@@ -173,87 +172,3 @@ def verify_libbpf_tools_binaries_executable(self, node: Node) -> None: |
173 | 172 | assert_that(len(failed_tools)).described_as( |
174 | 173 | f"No libbpf tools should fail to execute. Failed tools: {failed_tools}" |
175 | 174 | ).is_equal_to(0) |
176 | | - |
177 | | - @TestCaseMetadata( |
178 | | - description=""" |
179 | | - This test case verifies that execsnoop can actually trace exec() |
180 | | - syscalls by running a simple command and capturing the trace. |
181 | | -
|
182 | | - Steps: |
183 | | - 1. Ensure libbpf-tools package is installed. |
184 | | - 2. Start execsnoop in background. |
185 | | - 3. Execute a test command (e.g., /bin/ls). |
186 | | - 4. Stop execsnoop. |
187 | | - 5. Verify the test command was traced in the output. |
188 | | -
|
189 | | - """, |
190 | | - priority=3, |
191 | | - ) |
192 | | - def verify_execsnoop_traces_execution(self, node: Node) -> None: |
193 | | - # Ensure package is installed by calling the availability test |
194 | | - self.verify_libbpf_tools_package_available(node) |
195 | | - |
196 | | - # Check if execsnoop exists (try both bpf-execsnoop and execsnoop) |
197 | | - tool_found, tool_name = self._find_tool(node, "execsnoop") |
198 | | - if not tool_found: |
199 | | - raise SkippedException("execsnoop tool not found") |
200 | | - |
201 | | - # Run execsnoop for a short duration and capture output |
202 | | - # We'll run a simple command that should show up in the trace |
203 | | - test_command = "/bin/echo 'test_libbpf_trace'" |
204 | | - output_file = "/tmp/execsnoop_output.txt" |
205 | | - |
206 | | - try: |
207 | | - # Start execsnoop in background, run for 10 seconds to ensure we capture |
208 | | - # events. This is longer than our wait times to avoid race conditions |
209 | | - execsnoop_cmd = f"timeout 10 {tool_name} > {output_file} 2>&1 &" |
210 | | - start_result = node.execute(execsnoop_cmd, sudo=True, shell=True) |
211 | | - |
212 | | - node.log.debug( |
213 | | - f"Started {tool_name} in background. " |
214 | | - f"Exit code: {start_result.exit_code}" |
215 | | - ) |
216 | | - |
217 | | - # Wait a moment for execsnoop to initialize |
218 | | - time.sleep(3) |
219 | | - |
220 | | - # Check if execsnoop is actually running |
221 | | - ps_result = node.execute(f"pgrep -f '{tool_name}'", sudo=True) |
222 | | - if ps_result.exit_code != 0: |
223 | | - # Tool didn't start or already crashed, check the output file |
224 | | - error_output = node.execute(f"cat {output_file}", sudo=True) |
225 | | - raise SkippedException( |
226 | | - f"{tool_name} failed to start or crashed during initialization. " |
227 | | - f"Error output: {error_output.stdout}" |
228 | | - ) |
229 | | - |
230 | | - # Execute our test command multiple times to ensure we catch it |
231 | | - for _ in range(3): |
232 | | - node.execute(test_command) |
233 | | - time.sleep(0.5) |
234 | | - |
235 | | - # Wait for trace to be captured |
236 | | - time.sleep(2) |
237 | | - |
238 | | - # Read the output (execsnoop should still be running) |
239 | | - result = node.execute(f"cat {output_file}", sudo=True) |
240 | | - |
241 | | - node.log.debug(f"execsnoop output file size: {len(result.stdout)} bytes") |
242 | | - |
243 | | - # Verify our test command appears in the trace |
244 | | - # execsnoop output typically shows command names |
245 | | - assert_that(result.stdout).described_as( |
246 | | - "execsnoop output should contain trace of executed commands" |
247 | | - ).is_not_empty() |
248 | | - |
249 | | - # We should see 'echo' in the output since we ran /bin/echo |
250 | | - assert_that(result.stdout.lower()).described_as( |
251 | | - f"execsnoop should trace the echo command. Output: {result.stdout}" |
252 | | - ).contains("echo") |
253 | | - |
254 | | - finally: |
255 | | - # Ensure cleanup happens even if test fails |
256 | | - # Kill any remaining execsnoop processes |
257 | | - node.execute(f"pkill -f '{tool_name}'", sudo=True) |
258 | | - # Remove temporary output file |
259 | | - node.execute(f"rm -f {output_file}", sudo=True) |
0 commit comments