From 029685c35047c18db999de57ef23bee6e2892b7d Mon Sep 17 00:00:00 2001
From: Albert Esteve <aesteve@redhat.com>
Date: Mon, 25 Nov 2024 16:17:23 +0100
Subject: [PATCH] tests/ffi: add test checking /sys is read-only

Test to ensure that /sys is read-only inside the
QM container.

Signed-off-by: Albert Esteve <aesteve@redhat.com>
---
 tests/ffi/sys_read_only/PURPOSE   | 12 ++++++++++++
 tests/ffi/sys_read_only/README.md |  7 +++++++
 tests/ffi/sys_read_only/main.fmf  | 19 +++++++++++++++++++
 tests/ffi/sys_read_only/test.sh   | 18 ++++++++++++++++++
 4 files changed, 56 insertions(+)
 create mode 100644 tests/ffi/sys_read_only/PURPOSE
 create mode 100644 tests/ffi/sys_read_only/README.md
 create mode 100644 tests/ffi/sys_read_only/main.fmf
 create mode 100644 tests/ffi/sys_read_only/test.sh

diff --git a/tests/ffi/sys_read_only/PURPOSE b/tests/ffi/sys_read_only/PURPOSE
new file mode 100644
index 00000000..2b7c5522
--- /dev/null
+++ b/tests/ffi/sys_read_only/PURPOSE
@@ -0,0 +1,12 @@
+Title:
+    Verifies that /sys is read-only in QM partition.
+
+Description:
+    This test executes `test -r /sys && test ! -w /sys` in QM partition, no other input.
+        podman exec qm "test -r /sys && test ! -w /sys"
+
+Expected result:
+    out: [ INFO  ] PASS: check_sys_read_only: As expected, /sys is read-only in QM partition.
+
+Jira:
+    VROOM-24445
diff --git a/tests/ffi/sys_read_only/README.md b/tests/ffi/sys_read_only/README.md
new file mode 100644
index 00000000..27454a07
--- /dev/null
+++ b/tests/ffi/sys_read_only/README.md
@@ -0,0 +1,7 @@
+# FFI - sys_read_only
+
+This test is intended to confirm that /sys is read-only in QM partition.
+
+## This Test Set includes these tests
+
+1. Confirm that /sys is read-only in QM partition.
diff --git a/tests/ffi/sys_read_only/main.fmf b/tests/ffi/sys_read_only/main.fmf
new file mode 100644
index 00000000..870e8aa4
--- /dev/null
+++ b/tests/ffi/sys_read_only/main.fmf
@@ -0,0 +1,19 @@
+summary: Test that /sys is read-only in QM partition.
+description: |
+    This tests confirms that /sys folder is present and read-only in the QM
+    partition. The test executes `test -r /sys && test ! -w /sys` in QM
+    partition, no other input.
+
+    Test inputs:
+        None
+
+    Expected results:
+        out: [ INFO  ] PASS: check_sys_read_only: As expected, /sys is read-only in QM partition.
+
+    Results location:
+        output.txt
+contact: Albert Esteve <aesteve@redhat.com>
+test: /bin/bash ./test.sh
+duration: 10m
+tag: ffi
+framework: shell
diff --git a/tests/ffi/sys_read_only/test.sh b/tests/ffi/sys_read_only/test.sh
new file mode 100644
index 00000000..fe392009
--- /dev/null
+++ b/tests/ffi/sys_read_only/test.sh
@@ -0,0 +1,18 @@
+#!/bin/bash -euvx
+
+# shellcheck disable=SC1091
+. ../../e2e/lib/utils
+
+check_sys_read_only(){
+    # Check /sys is read-only in QM partition
+    if podman exec qm /bin/sh -c 'test -r /sys && test ! -w /sys'; then
+        info_message "PASS: check_sys_read_only: As expected, /sys is read-only in QM partition."
+        exit 0
+    else
+        info_message "Found a non-read-only /sys folder in QM partition: $(podman exec -t qm ls -ld /sys)"
+        info_message "FAIL: check_sys_read_only: Check for /sys in QM partition failed, it should be read-only."
+        exit 1
+    fi
+}
+
+check_sys_read_only