Hello, On Mon, May 25, 2015 at 7:31 PM, Christian Boltz <appar...@cboltz.de> wrote:
> Hello, > > Am Montag, 25. Mai 2015 schrieb Christian Boltz: > > [ 34-minitools_test-use-no-reload.diff ] > > I accidently added a --no-reload between -d and the path in the > aa-audit test. The test still fails for another reason ;-) but > nevertheless here's v2: > > > Change minitools_test.py to use aa-* --no-reload. > This allows to run minitools_test.py as non-root user. > Thats a good thing but this change in tests probably breaks two things as the remainder of code in reload_profile and unload_profile is ignored due to the flag. I think there should be additional tests for them. Also add a check that only creates the force-complain directory if it > doesn't exist yet. > > > Note: With this patch applied, there are still 4 failing tests, probably > caused by changes in the profiles that are used in the tests. > > > I propose this patch for trunk and 2.9. > > > [ 34-minitools_test-use-no-reload.diff ] > > === modified file utils/test/minitools_test.py > --- utils/test/minitools_test.py 2015-05-25 15:02:32.489225934 +0200 > +++ utils/test/minitools_test.py 2015-05-25 15:32:59.693035190 +0200 > @@ -31,37 +32,38 @@ > > def test_audit(self): > #Set ntpd profile to audit mode and check if it was correctly set > - str(subprocess.check_output('%s ./../aa-audit -d ./profiles > %s'%(python_interpreter, test_path), shell=True)) > + str(subprocess.check_output('%s ./../aa-audit --no-reload -d > ./profiles %s'%(python_interpreter, test_path), shell=True)) > > self.assertEqual(apparmor.get_profile_flags(local_profilename, > test_path), 'audit', 'Audit flag could not be set in profile > %s'%local_profilename) > > #Remove audit mode from ntpd profile and check if it was > correctly removed > - subprocess.check_output('%s ./../aa-audit -d ./profiles -r > %s'%(python_interpreter, test_path), shell=True) > + subprocess.check_output('%s ./../aa-audit --no-reload -d > ./profiles -r %s'%(python_interpreter, test_path), shell=True) > > self.assertEqual(apparmor.get_profile_flags(local_profilename, > test_path), None, 'Audit flag could not be removed in profile > %s'%local_profilename) > > > def test_complain(self): > #Set ntpd profile to complain mode and check if it was correctly > set > - subprocess.check_output('%s ./../aa-complain -d ./profiles > %s'%(python_interpreter, test_path), shell=True) > + subprocess.check_output('%s ./../aa-complain --no-reload -d > ./profiles %s'%(python_interpreter, test_path), shell=True) > > # "manually" create a force-complain symlink (will be deleted by > aa-enforce later) > - os.mkdir('./profiles/force-complain') > + if not os.path.isdir('./profiles/force-complain'): > + os.mkdir('./profiles/force-complain') > os.symlink(local_profilename, > './profiles/force-complain/%s'%os.path.basename(local_profilename) ) > > > > self.assertEqual(os.path.islink('./profiles/force-complain/%s'%os.path.basename(local_profilename)), > True, 'Failed to create a symlink for %s in > force-complain'%local_profilename) > self.assertEqual(apparmor.get_profile_flags(local_profilename, > test_path), 'complain', 'Complain flag could not be set in profile > %s'%local_profilename) > > #Set ntpd profile to enforce mode and check if it was correctly > set > - subprocess.check_output('%s ./../aa-enforce -d ./profiles > %s'%(python_interpreter, test_path), shell=True) > + subprocess.check_output('%s ./../aa-enforce --no-reload -d > ./profiles %s'%(python_interpreter, test_path), shell=True) > > > > self.assertEqual(os.path.islink('./profiles/force-complain/%s'%os.path.basename(local_profilename)), > False, 'Failed to remove symlink for %s from > force-complain'%local_profilename) > > > self.assertEqual(os.path.islink('./profiles/disable/%s'%os.path.basename(local_profilename)), > False, 'Failed to remove symlink for %s from disable'%local_profilename) > self.assertEqual(apparmor.get_profile_flags(local_profilename, > test_path), None, 'Complain flag could not be removed in profile > %s'%local_profilename) > > # Set audit flag and then complain flag in a profile > - subprocess.check_output('%s ./../aa-audit -d ./profiles > %s'%(python_interpreter, test_path), shell=True) > - subprocess.check_output('%s ./../aa-complain -d ./profiles > %s'%(python_interpreter, test_path), shell=True) > + subprocess.check_output('%s ./../aa-audit --no-reload -d > ./profiles %s'%(python_interpreter, test_path), shell=True) > + subprocess.check_output('%s ./../aa-complain --no-reload -d > ./profiles %s'%(python_interpreter, test_path), shell=True) > # "manually" create a force-complain symlink (will be deleted by > aa-enforce later) > os.symlink(local_profilename, > './profiles/force-complain/%s'%os.path.basename(local_profilename) ) > > @@ -72,20 +76,20 @@ > self.assertEqual(apparmor.get_profile_flags(local_profilename, > test_path), 'audit,complain', 'Complain flag could not be set in profile > %s'%local_profilename) > > #Remove complain flag first i.e. set to enforce mode > - subprocess.check_output('%s ./../aa-enforce -d ./profiles > %s'%(python_interpreter, test_path), shell=True) > + subprocess.check_output('%s ./../aa-enforce --no-reload -d > ./profiles %s'%(python_interpreter, test_path), shell=True) > > > > self.assertEqual(os.path.islink('./profiles/force-complain/%s'%os.path.basename(local_profilename)), > False, 'Failed to remove symlink for %s from > force-complain'%local_profilename) > > > self.assertEqual(os.path.islink('./profiles/disable/%s'%os.path.basename(local_profilename)), > False, 'Failed to remove symlink for %s from disable'%local_profilename) > self.assertEqual(apparmor.get_profile_flags(local_profilename, > test_path), 'audit', 'Complain flag could not be removed in profile > %s'%local_profilename) > > #Remove audit flag > - subprocess.check_output('%s ./../aa-audit -d ./profiles -r > %s'%(python_interpreter, test_path), shell=True) > + subprocess.check_output('%s ./../aa-audit --no-reload -d > ./profiles -r %s'%(python_interpreter, test_path), shell=True) > > def test_enforce(self): > #Set ntpd profile to complain mode and check if it was correctly > set > > #Set ntpd profile to enforce mode and check if it was correctly > set > - subprocess.check_output('%s ./../aa-enforce -d ./profiles > %s'%(python_interpreter, test_path), shell=True) > + subprocess.check_output('%s ./../aa-enforce --no-reload -d > ./profiles %s'%(python_interpreter, test_path), shell=True) > > > > self.assertEqual(os.path.islink('./profiles/force-complain/%s'%os.path.basename(local_profilename)), > False, 'Failed to remove symlink for %s from > force-complain'%local_profilename) > > > self.assertEqual(os.path.islink('./profiles/disable/%s'%os.path.basename(local_profilename)), > False, 'Failed to remove symlink for %s from disable'%local_profilename) > @@ -94,7 +98,7 @@ > > def test_disable(self): > #Disable the ntpd profile and check if it was correctly disabled > Nitpick: As the next patch changes the used profile from ntpd to winbind I think the above comment is rendered wrong. A replacement of "ntpd" with "test" in such comments would be nice. > - subprocess.check_output('%s ./../aa-disable -d ./profiles > %s'%(python_interpreter, test_path), shell=True) > + subprocess.check_output('%s ./../aa-disable --no-reload -d > ./profiles %s'%(python_interpreter, test_path), shell=True) > > > > self.assertEqual(os.path.islink('./profiles/disable/%s'%os.path.basename(local_profilename)), > True, 'Failed to create a symlink for %s in disable'%local_profilename) > > @@ -120,7 +123,7 @@ > #Our silly test program whose profile we wish to clean > cleanprof_test = '/usr/bin/a/simple/cleanprof/test/profile' > > - subprocess.check_output('%s ./../aa-cleanprof -d ./profiles -s > %s' % (python_interpreter, cleanprof_test), shell=True) > + subprocess.check_output('%s ./../aa-cleanprof --no-reload -d > ./profiles -s %s' % (python_interpreter, cleanprof_test), shell=True) > > #Strip off the first line (#modified line) > subprocess.check_output('sed -i 1d ./profiles/%s'%(input_file), > shell=True) > > > > > Acked-by: Kshitij Gupta <kgupta8...@gmail.com>. Thanks. Regards, Kshitij Gupta > > Regards, > > Christian Boltz > -- > Verstehen kann ich das Problem. Die meisten von uns hätten gerne > brandaktuelle *und* felsenstabile Software. Der Unterschied zwischen > Redmond und Pinguinhausen ist, daß erstere dir erzählen, daß man > beides haben könne. Stimmt aber nicht. [Ratti in suse-linux] > > > -- > AppArmor mailing list > AppArmor@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor >
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor