test: Run sysfs vulnerabilities test on host

Like the spectre-meltdown-checker.sh test, we also run the sysfs vulenrabilities test on host. With this, we can more easily know if test failures on guest are guest-specific. Signed-off-by: Takahiro Itazuri <[email protected]>
firecracker-microvm · Sep 19, 2023 · e2aabc2 · e2aabc2
1 parent b4020ce
commit e2aabc2
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/tests/integration_tests/security/test_vulnerabilities.py b/tests/integration_tests/security/test_vulnerabilities.py
@@ -280,6 +280,20 @@ def get_vuln_files_exception_dict(template):
     return exception_dict
 
 
+@pytest.mark.no_block_pr
+def test_vulnerabilities_on_host():
+    """
+    Test vulnerabilities files on host.
+    """
+    vuln_dir = "/sys/devices/system/cpu/vulnerabilities"
+
+    # `grep` returns 1 if no lines were selected.
+    ecode, stdout, stderr = utils.run_cmd(
+        f"grep -r Vulnerable {vuln_dir}", ignore_return_code=True
+    )
+    assert ecode == 1, f"stdout:\n{stdout}\nstderr:\n{stderr}\n"
+
+
 @pytest.mark.no_block_pr
 def check_vulnerabilities_files_on_guest(microvm, template=None):
     """