On Thu, Jun 25, 2015 at 02:57:21PM -0700, Steve Beattie wrote: > On Thu, Jun 25, 2015 at 04:30:46PM -0500, Tyler Hicks wrote: > > On 2015-06-25 13:55:47, Tyler Hicks wrote: > > > On 2015-06-25 01:21:39, Steve Beattie wrote: > > > > Hi, > > > > > > > > When running the apparmor regression tests on wily with the trunk of > > > > the userspace tools, I'm getting the following two failures in the > > > > query_label test: > > > > > > > > Error: query_label failed. Test 'QUERY file (all base perms #1)' was > > > > expected to 'pass'. Reason for failure 'FAIL: the access should not be > > > > allowed and should be audited' > > > > Error: query_label failed. Test 'QUERY file (all base perms #2)' was > > > > expected to 'pass'. Reason for failure 'FAIL: the access should not be > > > > allowed and should be audited' > > > > > > Note that the test passes when we run them against the wily apparmor > > > userspace (2.9.2-0ubuntu1). Seems to be something broken specifically in > > > trunk. > > > > The tests start failing after r3081: > > > > http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/revision/3081 > > > > That patch defined values for AA_MAY_* perms, in apparmor.h, related to > > file operations: > > > > > > http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/view/head:/libraries/libapparmor/include/sys/apparmor.h#L34 > > > > The query_label.c binary already defined many of the macros: > > > > > > http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/view/head:/tests/regression/apparmor/query_label.c#L22 > > > > The problem is that the new macros in apparmor.h do not match the old > > macros in query_label.c. Which ones are correct? I assume that the > > apparmor.h ones are correct but would like confirmation before I go > > modify the query_label.c test program. > > Right, running the query_label test compiled against the trunk > definitions but with the 2.9.2-0ubuntu1 parser fails in the same way. > > Note that changed definition of the AA_MAY_* perms also causes > compilation of the link_subset test to generate a number of warnings, > due to link_subset.c defining them differently than in apparmor.h: > > > http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/view/head:/tests/regression/apparmor/link_subset.c#L18 > > I was working on a patch to address the warnings, but it becomes > difficult to work in both a USE_SYSTEM environment where 2.9 libraries > are available and against the different trunk definitions. I > didn't want to merely protect with #ifndef AA_MAY_*, because > link_subset.c defines some macros that aren't defined in either > libraries/libapparmor/include/sys/apparmor.h or parser/immunix.h: > http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/view/head:/parser/immunix.h#L25
Sorry I didn't finish the reasoning here; I was afraid that with the differing definitions and link_subset.c defining additional things that relying on #ifndef protection could result in two different AA_MAY_* permissions defined to the same value, which would probably break things. > One of the questions I have is that with rev 3081, the macro definitions > become part of the library API, which means that it gets harder to > change them in the future. Are we sure we want that? (We don't have any > releases out there with them visible in the header yet.) -- Steve Beattie <sbeat...@ubuntu.com> http://NxNW.org/~steve/
signature.asc
Description: Digital signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor