Hello, this patch adds some tests for severity.py and improves the test coverage to nearly 100% (only 3 partial left).
Added tests and details (all in SeverityVarsTest): - move writing the tunables file from setUp() into _init_tunables() for more flexibiliy (allows to specify other file content) - test adding to a variable (+=) - test #include - make sure double definition of a variable fails - make sure redefinition of non-existing variable fails BTW: even the comment added to VARIABLE_DEFINITIONS contributes to the coverage ;-) severity.py passes all added tests, however I should note that including a non-existing file is silently ignored. [ test-severity-improve-coverage.diff ] === modified file 'utils/test/test-severity.py' --- utils/test/test-severity.py 2014-11-14 01:27:33 +0000 +++ utils/test/test-severity.py 2014-12-06 22:37:22 +0000 @@ -98,6 +98,8 @@ VARIABLE_DEFINITIONS = ''' @{HOME}=@{HOMEDIRS}/*/ /root/ @{HOMEDIRS}=/home/ +# add another path to @{HOMEDIRS} +@{HOMEDIRS}+=/storage/ @{multiarch}=*-linux-gnu* @{TFTP_DIR}=/var/tftp /srv/tftpboot @{PROC}=/proc/ @@ -109,9 +111,14 @@ def setUp(self): super(SeverityVarsTest, self).setUp() self.tmpdir = tempfile.mkdtemp(prefix='aa-severity-') - rules_file = write_file(self.tmpdir, 'tunables', self.VARIABLE_DEFINITIONS) - - self.sev_db.load_variables(rules_file) + + def _init_tunables(self, content=''): + if not content: + content = self.VARIABLE_DEFINITIONS + + self.rules_file = write_file(self.tmpdir, 'tunables', content) + + self.sev_db.load_variables(self.rules_file) def tearDown(self): self.sev_db.unload_variables() @@ -121,17 +128,35 @@ super(SeverityVarsTest, self).tearDown() def test_proc_var(self): + self._init_tunables() self._simple_severity_w_perm('@{PROC}/sys/vm/overcommit_memory', 'r', 6) def test_home_var(self): + self._init_tunables() self._simple_severity_w_perm('@{HOME}/sys/@{PROC}/overcommit_memory', 'r', 10) def test_multiarch_var(self): + self._init_tunables() self._simple_severity_w_perm('/overco@{multiarch}mmit_memory', 'r', 10) def test_proc_tftp_vars(self): + self._init_tunables() self._simple_severity_w_perm('@{PROC}/sys/@{TFTP_DIR}/overcommit_memory', 'r', 6) + def test_include(self): + self._init_tunables('#include <file/not/found>') # including non-existing files doesn't raise an exception + + self.assertTrue(True) # this test only makes sure that loading the tunables file works + + def test_invalid_variable_add(self): + with self.assertRaises(AppArmorException): + self._init_tunables('@{invalid} += /home/') + + def test_invalid_variable_double_definition(self): + invalid_add = '@{foo} = /home/\n@{foo} = /root/' + with self.assertRaises(AppArmorException): + self._init_tunables('@{foo} = /home/\n@{foo} = /root/') + class SeverityDBTest(unittest.TestCase): def setUp(self): Regards, Christian Boltz -- > Ich bekomme auch einige Würmer oder mails mit Vieren! 444444444444444444444444444444444444444444 Hier noch ein paar Vieren, extra fuer dich. [> Jan Hendrik Berlin und David Haller in suse-linux] -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor