test: Run sysfs vulnerabilities test on host

As we run spectre-meltdown-checker.sh on host, we also run the sysfs vulenrabilities test on host. Signed-off-by: Takahiro Itazuri <[email protected]>
firecracker-microvm · Sep 19, 2023 · aaca3ee · aaca3ee
1 parent 1d3afa4
commit aaca3ee
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/tests/integration_tests/security/test_vulnerabilities.py b/tests/integration_tests/security/test_vulnerabilities.py
@@ -280,6 +280,21 @@ def get_vuln_files_exception_dict(template):
     return exception_dict
 
 
+@pytest.mark.no_block_pr
+def test_vulnerabilities_on_host(spectre_meltdown_checker):
+    """
+    Test vulnerabilities files on host.
+    """
+    vuln_dir = "/sys/devices/system/cpu/vulnerabilities"
+
+    # `grep` returns 1 if no lines were selected.
+    ecode, stdout, stderr = utils.run_cmd(
+        f"grep -r Vulnerable {vuln_dir}",
+        ignore_return_code=True
+    )
+    assert ecode == 1, f"stdout:\n{stdout}\nstderr:\n{stderr}\n"
+
+
 @pytest.mark.no_block_pr
 def check_vulnerabilities_files_on_guest(microvm, template=None):
     """