From ab15d4362243cc9ea0a89e99bc184e48c589d113 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Fri, 19 Jan 2018 17:53:54 +0100
Subject: [PATCH] tests: check if udev do not touch VM's volumes

Based on shell version by @rustybird
---
 qubes/tests/integ/basic.py | 72 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 72 insertions(+)

diff --git a/qubes/tests/integ/basic.py b/qubes/tests/integ/basic.py
index ed8745fb..9bd06987 100644
--- a/qubes/tests/integ/basic.py
+++ b/qubes/tests/integ/basic.py
@@ -33,6 +33,7 @@ import unittest
 import collections
 
 import pkg_resources
+import shutil
 
 import qubes
 import qubes.firewall
@@ -212,6 +213,77 @@ class TC_00_Basic(qubes.tests.SystemTestCase):
             'second domain-shutdown event was not dispatched after domain '
             'shutdown')
 
+    def _check_udev_for_uuid(self, uuid_value):
+        udev_data_path = '/run/udev/data'
+        for udev_item in os.listdir(udev_data_path):
+            # check only block devices
+            if not udev_item.startswith('b'):
+                continue
+            with open(os.path.join(udev_data_path, udev_item)) as udev_file:
+                self.assertNotIn(uuid_value, udev_file.read(),
+                    'udev parsed filesystem UUID! ' + udev_item)
+
+    def assertVolumesExcludedFromUdev(self, vm):
+        try:
+            # first boot, mkfs private volume
+            self.loop.run_until_complete(vm.start())
+            # get private volume UUID
+            private_uuid, _ = self.loop.run_until_complete(
+                vm.run_for_stdio('blkid -o value /dev/xvdb', user='root'))
+            private_uuid = private_uuid.decode().splitlines()[0]
+
+            # now check if dom0 udev know about it - it shouldn't
+            self._check_udev_for_uuid(private_uuid)
+
+            # now restart the VM and check again
+            self.loop.run_until_complete(vm.shutdown(wait=True))
+            self.loop.run_until_complete(vm.start())
+
+            self._check_udev_for_uuid(private_uuid)
+        finally:
+            del vm
+
+    def test_202_udev_block_exclude_default(self):
+        '''Check if VM images are excluded from udev parsing -
+        default volume pool'''
+        vmname = self.make_vm_name('appvm')
+
+        self.vm = self.app.add_new_vm(qubes.vm.appvm.AppVM,
+            name=vmname, template=self.app.default_template,
+            label='red')
+        self.loop.run_until_complete(self.vm.create_on_disk())
+        self.assertVolumesExcludedFromUdev(self.vm)
+
+    def test_203_udev_block_exclude_varlibqubes(self):
+        '''Check if VM images are excluded from udev parsing -
+        varlibqubes pool'''
+        vmname = self.make_vm_name('appvm')
+
+        self.vm = self.app.add_new_vm(qubes.vm.appvm.AppVM,
+            name=vmname, template=self.app.default_template,
+            label='red')
+        self.loop.run_until_complete(self.vm.create_on_disk(
+            pool=self.app.pools['varlibqubes']))
+        self.assertVolumesExcludedFromUdev(self.vm)
+
+    def test_204_udev_block_exclude_custom_file(self):
+        '''Check if VM images are excluded from udev parsing -
+        custom file pool'''
+        vmname = self.make_vm_name('appvm')
+
+        pool_path = tempfile.mkdtemp(
+            prefix='qubes-pool-', dir='/var/tmp')
+        self.addCleanup(shutil.rmtree, pool_path)
+        pool = self.app.add_pool('test-filep', dir_path=pool_path,
+            driver='file')
+
+        self.vm = self.app.add_new_vm(qubes.vm.appvm.AppVM,
+            name=vmname, template=self.app.default_template,
+            label='red')
+        self.loop.run_until_complete(self.vm.create_on_disk(
+            pool=pool))
+        self.assertVolumesExcludedFromUdev(self.vm)
+
 
 class TC_01_Properties(qubes.tests.SystemTestCase):
     # pylint: disable=attribute-defined-outside-init