On Sat, Mar 19, 2016 at 02:35:07AM -0500, Tyler Hicks wrote: > On 2016-03-19 00:30:01, Steve Beattie wrote: > > On Fri, Mar 18, 2016 at 06:05:47PM -0500, Tyler Hicks wrote: > > > The stacking test binary links against libapparmor for > > > aa_stack_profile() and aa_stack_onexec(), which will be present in 2.11. > > > This means that regression test builds using the system libapparmor > > > should not build the stacking test binary unless the libapparmor 2.11 or > > > newer is present. > > > > > > Signed-off-by: Tyler Hicks <[email protected]> > > > > > --- > > > tests/regression/apparmor/Makefile | 21 ++++++++++++++------- > > > 1 file changed, 14 insertions(+), 7 deletions(-) > > > > > > diff --git a/tests/regression/apparmor/Makefile > > > b/tests/regression/apparmor/Makefile > > > index 21c7fb3..c61f141 100644 > > > --- a/tests/regression/apparmor/Makefile > > > +++ b/tests/regression/apparmor/Makefile > > > @@ -119,7 +119,6 @@ SRC=access.c \ > > > readdir.c \ > > > rw.c \ > > > socketpair.c \ > > > - stacking.c \ > > > symlink.c \ > > > syscall_mknod.c \ > > > swap.c \ > > > @@ -160,16 +159,26 @@ endif > > > ifdef USE_SYSTEM > > > ifneq (,$(shell pkg-config --atleast-version 2.10 libapparmor && echo > > > TRUE)) > > > SRC+=aa_policy_cache.c > > > - AA_POLICY_CACHE_TEST=aa_policy_cache > > > + CONDITIONAL_TESTS+=aa_policy_cache > > > else > > > $(warning ${nl}\ > > > > > > ************************************************************************${nl}\ > > > Skipping aa_policy_cache tests: requires libapparmor 2.10 or newer > > > ...${nl}\ > > > > > > ************************************************************************${nl}) > > > endif > > > + > > > + ifneq (,$(shell pkg-config --atleast-version 2.11 libapparmor && echo > > > TRUE)) > > > + SRC+=stacking.c > > > + CONDITIONAL_TESTS+=stackonexec stackprofile > > > + else > > > + $(warning ${nl}\ > > > + > > > ************************************************************************${nl}\ > > > + Skipping stacking tests: requires libapparmor 2.11 or newer ...${nl}\ > > > + > > > ************************************************************************${nl}) > > > + endif > > > else > > > - SRC+=aa_policy_cache.c > > > - AA_POLICY_CACHE_TEST=aa_policy_cache > > > + SRC+=aa_policy_cache.c stacking.c > > > + CONDITIONAL_TESTS+=aa_policy_cache stackonexec stackprofile > > > endif > > > > > > EXEC=$(SRC:%.c=%) > > > @@ -219,8 +228,6 @@ TESTS=aa_exec \ > > > swap \ > > > sd_flags \ > > > setattr \ > > > - stackonexec \ > > > - stackprofile \ > > > symlink \ > > > syscall \ > > > tcp \ > > > @@ -237,7 +244,7 @@ ifneq (,$(shell pkg-config --exists dbus-1 && echo > > > TRUE)) > > > TESTS+=dbus_eavesdrop dbus_message dbus_service dbus_unrequested_reply > > > endif > > > > > > -TESTS+=$(AA_POLICY_CACHE_TEST) > > > +TESTS+=$(CONDITIONAL_TESTS) > > > > > > # Tests that can crash the kernel should be placed here > > > RISKY_TESTS= > > > > The added exec_stack tests should also not be used if stacking.c cannot > > be built. It should be removed from the default set and added to the > > $(CONDITIONAL_TESTS). With that change made, > > Acked-by: Steve Beattie <[email protected]> > > The reason I didn't do that was because exec_stack.sh doesn't depend on > any programs that link against libapparmor for aa_stack_*().
Hrm? It uses the stacking binary. That it doesn't use the aa_stack_*() function references within it doesn't really matter, if stacking.c can't compile successfully. (Unless you're planning some conditional compilation juju that #ifdefs those references away if the library is too old, that is.) > The top of the exec_stack.sh file contains: > > requires_kernel_features domain/stack > > So the entire test is skipped if stacking support isn't present in the > kernel. Consider a kernel that supports stacking but the system libapparmor does not, The stacking binary fails to build, but the exec_stack.sh script still tries to run it. > Are you fine with this or should I still move it into CONDITIONAL_TESTS? I think it should still go in CONDITIONAL_TESTS. That said, one of the tests should verify the interactions between aa_stack, aa_stack_onexec, and x -> &stack. -- Steve Beattie <[email protected]> http://NxNW.org/~steve/
signature.asc
Description: PGP signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
