Add a couple more folks to hopefully get a sanity check here; setting up a chroot in the testing directory and copying parts of the host in seems a little unconventional, but hopefully it's OK enough given the circumstances. The test is intended to skip gracefully if the host doesn't have /usr/share/zoneinfo or a specific zone that's being used.

I understand and appreciate what you're striving for, but a major word of caution: tests that involve this degree of complexity have lower determinism, reducing the level of trust in a given test over the long run.

Warning: these comments are based on dated knowledge -- I've had my head in the sand with $work and haven't been keeping up with the state of the art with FreeBSD.

This testcases might not work with all secure levels/security implementations and implicitly builds in a dependency on being run as root (which hasn't been called out in the requirements for the testcases). This also unfortunately violates the ATF sandbox potentially and might not play well with capability mode (when I last looked at it) as it requires file descriptors to be inherited for writing out logs (should work, but.. the way it's done was fragile).

I feel like ATF is the wrong thing for doing these kinds of tests. I really wish we had a better way of invoking/orchestrating integration tests, not just for FreeBSD, but also other consumers of FreeBSD.

In D33493#759412, @ngie wrote:

I understand and appreciate what you're striving for, but a major word of caution: tests that involve this degree of complexity have lower determinism, reducing the level of trust in a given test over the long run.

Warning: these comments are based on dated knowledge -- I've had my head in the sand with $work and haven't been keeping up with the state of the art with FreeBSD.

This testcases might not work with all secure levels/security implementations and implicitly builds in a dependency on being run as root (which hasn't been called out in the requirements for the testcases). This also unfortunately violates the ATF sandbox potentially and might not play well with capability mode (when I last looked at it) as it requires file descriptors to be inherited for writing out logs (should work, but.. the way it's done was fragile).

Virtually all of our regression tests will not work in capability mode. Capsicum generally requires all sandboxed code to be aware of the sandbox since many common operations are not permitted.

The kernel securelevel doesn't restrict chroot (which is used by many daemons to restrict filesystem access), and I don't see how it'd otherwise be relevant here.

I feel like ATF is the wrong thing for doing these kinds of tests. I really wish we had a better way of invoking/orchestrating integration tests, not just for FreeBSD, but also other consumers of FreeBSD.

I'm not a fan of ATF, but I don't immediately see which of its assumptions are being violated by running tests in a chroot. By default test results are written to standard streams, and otherwise are written to a pre-opened file descriptor.