[apparmor] [patch] utils: remove aa-disable non-functional '-r' option
On Fri, Feb 28, 2014 at 09:34:51PM +0100, Christian Boltz wrote: Am Montag, 24. Februar 2014 schrieb Steve Beattie: I should note that one side effect is that this patch effectively neuters the -r (revert) option for aa-disable. I don't really like that option (I'd rather point people at using aa-enforce to undo aa-disable). I can submit a patch that either removes the option or adds the functionality if we desire it. The -r option was probably inspired by the -r option of aa-complain and aa-audit, but I understand your POV that it might be confusing in a triple-state case (enforce/complain/disabled). Anyway, either remove the -r option or make sure it's working ;-) Here's the patch to remove the -r option for aa-disable, as well as the test and manpage documentation for it. Thanks! -- Steve Beattie sbeat...@ubuntu.com http://NxNW.org/~steve/ Signed-off-by: Steve Beattie st...@nxnw.org --- utils/aa-disable |1 - utils/aa-disable.pod |4 utils/apparmor/tools.py |1 - utils/test/minitools_test.py |6 -- 4 files changed, 12 deletions(-) Index: b/utils/aa-disable === --- a/utils/aa-disable +++ b/utils/aa-disable @@ -22,7 +22,6 @@ _ = init_translation() parser = argparse.ArgumentParser(description=_('Disable the profile for the given programs')) parser.add_argument('-d', '--dir', type=str, help=_('path to profiles')) -parser.add_argument('-r', '--revert', action='store_true', help=_('enable the profile for the given programs')) parser.add_argument('program', type=str, nargs='+', help=_('name of program')) args = parser.parse_args() Index: b/utils/aa-disable.pod === --- a/utils/aa-disable.pod +++ b/utils/aa-disable.pod @@ -35,10 +35,6 @@ B-d --dir /path/to/profiles Specifies where to look for the AppArmor security profile set. Defaults to /etc/apparmor.d. -B-r --revert - - Enables the profile and loads it. - =head1 DESCRIPTION Baa-disable is used to Idisable one or more profiles. Index: b/utils/test/minitools_test.py === --- a/utils/test/minitools_test.py +++ b/utils/test/minitools_test.py @@ -97,12 +97,6 @@ class Test(unittest.TestCase): self.assertEqual(os.path.islink('./profiles/disable/%s'%os.path.basename(local_profilename)), True, 'Failed to create a symlink for %s in disable'%local_profilename) -#Enable the ntpd profile and check if it was correctly re-enabled -subprocess.check_output('%s ./../aa-disable -d ./profiles -r %s'%(python_interpreter, test_path), shell=True) - -self.assertEqual(os.path.islink('./profiles/disable/%s'%os.path.basename(local_profilename)), False, 'Failed to remove a symlink for %s from disable'%local_profilename) - - def test_autodep(self): pass Index: b/utils/apparmor/tools.py === --- a/utils/apparmor/tools.py +++ b/utils/apparmor/tools.py @@ -33,7 +33,6 @@ class aa_tools: if tool_name in ['audit', 'complain']: self.remove = args.remove elif tool_name == 'disable': -self.revert = args.revert self.disabledir = apparmor.profile_dir + '/disable' self.check_disable_dir() elif tool_name == 'autodep': signature.asc Description: Digital signature -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] [patch] libapparmor: aa_query_label symbol versioning
On Fri, Feb 28, 2014 at 01:46:30PM -0800, Steve Beattie wrote: A slightly more invasive but conservative solution is to provide both versions (APPARMOR_1.1 and APPARMOR_3.0) of the aa_query_label() symbol. It requires the function name in kernel_interface.c to be renamed (similar to how the deprecated change_hat() symbol is named in the source as __change_hat()), otherwise linking fails with duplicated symbols. The default symbol used will still be the APPARMOR_3.0 version, but binaries linked with the APPARMOR_1.1 version would still continue to work unchanged. Keeping the (misleading) APPARMOR_3.0 version would prevent breaking anyone currently using a snapshot of trunk. This is the second patch attached. I like this version better than the first version; it better reflects reality, and we can't know all our potential downstream users. The fact that you've already done the hard work for it makes it all the more attractive. I know it's too late to put an: Acked-by: Seth Arnold seth.arn...@canonical.com on the checkin, but I thought it'd be worth commenting that I like this course of action all the same. Thanks! signature.asc Description: Digital signature -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] test-aa-easyprof.py fails because of UsrMove
On Sat, Mar 01, 2014 at 09:41:38PM +0100, Christian Boltz wrote: @@ -2482,6 +2482,11 @@ # Now that we have everything we need, import aa-easyprof import easyprof + # work around UsrMove +ls_path='/bin/ls' +if os.path.islink(ls_path): +ls_path='/usr/bin/ls' + # run the tests suite = unittest.TestSuite() suite.addTest(unittest.TestLoader().loadTestsFromTestCase(T)) The spacing around the new block looks strange, I don't think Python would let this through. (It's funny, it looks like all-spaces to me, I'm not sure how this got this screwed up.) Thanks signature.asc Description: Digital signature -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] [patch] modify regression tests to use USE_SYSTEM to select parser
On Sat, Mar 01, 2014 at 05:57:37AM -0800, John Johansen wrote: -all: libapparmor_check $(EXEC) changehat.h +all: libapparmor_check $(EXEC) changehat.h uservars.inc + +uservars.inc: uservars.inc.source uservars.inc.system +ifdef USE_SYSTEM + mv uservars.inc.system uservars.inc cp not mv, I'd like this to be able to be used make than once +else # !USE_SYSTEM + mv uservars.inc.source uservars.inc same here Yikes, I had this fixed somewhere else, I'm not sure how I made this broken patch with the older 'mv'. Thanks. signature.asc Description: Digital signature -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] [patch] utils: remove aa-disable non-functional '-r' option
On Mon, Mar 03, 2014 at 08:33:50AM -0800, Steve Beattie wrote: On Fri, Feb 28, 2014 at 09:34:51PM +0100, Christian Boltz wrote: Am Montag, 24. Februar 2014 schrieb Steve Beattie: I should note that one side effect is that this patch effectively neuters the -r (revert) option for aa-disable. I don't really like that option (I'd rather point people at using aa-enforce to undo aa-disable). I can submit a patch that either removes the option or adds the functionality if we desire it. The -r option was probably inspired by the -r option of aa-complain and aa-audit, but I understand your POV that it might be confusing in a triple-state case (enforce/complain/disabled). Anyway, either remove the -r option or make sure it's working ;-) Here's the patch to remove the -r option for aa-disable, as well as the test and manpage documentation for it. Thanks! -- Steve Beattie sbeat...@ubuntu.com http://NxNW.org/~steve/ Nice. Acked-by: Seth Arnold seth.arn...@canonical.com Thanks Signed-off-by: Steve Beattie st...@nxnw.org --- utils/aa-disable |1 - utils/aa-disable.pod |4 utils/apparmor/tools.py |1 - utils/test/minitools_test.py |6 -- 4 files changed, 12 deletions(-) Index: b/utils/aa-disable === --- a/utils/aa-disable +++ b/utils/aa-disable @@ -22,7 +22,6 @@ _ = init_translation() parser = argparse.ArgumentParser(description=_('Disable the profile for the given programs')) parser.add_argument('-d', '--dir', type=str, help=_('path to profiles')) -parser.add_argument('-r', '--revert', action='store_true', help=_('enable the profile for the given programs')) parser.add_argument('program', type=str, nargs='+', help=_('name of program')) args = parser.parse_args() Index: b/utils/aa-disable.pod === --- a/utils/aa-disable.pod +++ b/utils/aa-disable.pod @@ -35,10 +35,6 @@ B-d --dir /path/to/profiles Specifies where to look for the AppArmor security profile set. Defaults to /etc/apparmor.d. -B-r --revert - - Enables the profile and loads it. - =head1 DESCRIPTION Baa-disable is used to Idisable one or more profiles. Index: b/utils/test/minitools_test.py === --- a/utils/test/minitools_test.py +++ b/utils/test/minitools_test.py @@ -97,12 +97,6 @@ class Test(unittest.TestCase): self.assertEqual(os.path.islink('./profiles/disable/%s'%os.path.basename(local_profilename)), True, 'Failed to create a symlink for %s in disable'%local_profilename) -#Enable the ntpd profile and check if it was correctly re-enabled -subprocess.check_output('%s ./../aa-disable -d ./profiles -r %s'%(python_interpreter, test_path), shell=True) - - self.assertEqual(os.path.islink('./profiles/disable/%s'%os.path.basename(local_profilename)), False, 'Failed to remove a symlink for %s from disable'%local_profilename) - - def test_autodep(self): pass Index: b/utils/apparmor/tools.py === --- a/utils/apparmor/tools.py +++ b/utils/apparmor/tools.py @@ -33,7 +33,6 @@ class aa_tools: if tool_name in ['audit', 'complain']: self.remove = args.remove elif tool_name == 'disable': -self.revert = args.revert self.disabledir = apparmor.profile_dir + '/disable' self.check_disable_dir() elif tool_name == 'autodep': signature.asc Description: Digital signature -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] test-aa-easyprof.py fails because of UsrMove
Hello, On Sat, Mar 1, 2014 at 3:41 AM, Christian Boltz appar...@cboltz.de wrote: Hello, test-aa-easyprof.py depends on /bin/ls being a real binary. In practise, it is a symlink to /usr/bin/ls on some distributions. The patch below fixes this for me, but I know it isn't a good solution because it breaks on systems that didn't follow UsrMove and still have /bin/ls as real binary. Please take this as a bugreport only - I don't expect an Ack for it, but hope for someone to come up with a better patch ;-) === modified file 'utils/test/test-aa-easyprof.py' --- utils/test/test-aa-easyprof.py 2014-02-14 01:53:40 + +++ utils/test/test-aa-easyprof.py 2014-02-28 21:54:06 + @@ -424,14 +424,14 @@ # def test_binary_without_profile_name(self): '''Test binary (binary { })''' -easyprof.AppArmorEasyProfile('/bin/ls', self.options) +easyprof.AppArmorEasyProfile('/usr/bin/ls', self.options) def test_binary_with_profile_name(self): '''Test binary (profile name binary { })''' args = self.full_args args += ['--profile-name=some-profile-name'] (self.options, self.args) = easyprof.parse_args(args) -easyprof.AppArmorEasyProfile('/bin/ls', self.options) +easyprof.AppArmorEasyProfile('/usr/bin/ls', self.options) def test_binary_omitted_with_profile_name(self): '''Test binary (profile name { })''' @@ -1206,7 +1206,7 @@ def test_gen_manifest_policy_with_binary_with_profile_name(self): '''Test gen_manifest_policy (binary with profile name)''' m = Manifest(test_gen_manifest_policy) -m.add_binary('/bin/ls') +m.add_binary('/usr/bin/ls') self._gen_manifest_policy(m) def test_gen_manifest_policy_without_binary_with_profile_name(self): Even with this fixed, I still get two failures in utils make check: @Christian With the patch from @Steve in place I don't get any errors. Do you still get these failures? Regards, Kshitij Gupta == FAIL: test_policygroups_dir_relative (__main__.T) Test --policy-groups-dir (relative DIR) -- Traceback (most recent call last): File test-aa-easyprof.py, line 240, in test_policygroups_dir_relative self.assertTrue(easyp.dirs['policygroups'] == rel, Not using specified --policy-groups-dir) AssertionError: Not using specified --policy-groups-dir == FAIL: test_templates_dir_relative (__main__.T) Test --templates-dir (relative DIR) -- Traceback (most recent call last): File test-aa-easyprof.py, line 363, in test_templates_dir_relative self.assertTrue(easyp.dirs['templates'] == rel, Not using specified --template-dir) AssertionError: Not using specified --template-dir -- Regards, Christian Boltz -- Die Lösung ist denkbar einfach und naheliegend: Ich bin ein Trottel. Aber das wussten wir ja schon. :-) [Ratti in suse-linux] -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
[apparmor] [patch] utils: remove aa-enforce '--remove' option
This patch removes the '--remove' option on aa-enforce as well as from the man page. It also removes the test entry that contains it, but I don't think this is entirely correct because I think the second half of the test is dependent on the (now deleted) first half of the test. (It also removes a missed reference to --revert in the aa-disable man page.) Signed-off-by: Steve Beattie st...@nxnw.org --- utils/aa-disable.pod |2 -- utils/aa-enforce |7 --- utils/aa-enforce.pod |7 --- utils/test/minitools_test.py |5 - 4 files changed, 4 insertions(+), 17 deletions(-) Index: b/utils/aa-disable.pod === --- a/utils/aa-disable.pod +++ b/utils/aa-disable.pod @@ -43,8 +43,6 @@ profile from being loaded on AppArmor st The Iaa-enforce and Iaa-complain utilities may be used to to change this behavior. -The I--revert option can be used to enable the profile. - =head1 BUGS If you find any bugs, please report them at Index: b/utils/aa-enforce === --- a/utils/aa-enforce +++ b/utils/aa-enforce @@ -22,11 +22,12 @@ _ = init_translation() parser = argparse.ArgumentParser(description=_('Switch the given program to enforce mode')) parser.add_argument('-d', '--dir', type=str, help=_('path to profiles')) -parser.add_argument('-r', '--remove', action='store_true', help=_('switch to complain mode')) parser.add_argument('program', type=str, nargs='+', help=_('name of program')) args = parser.parse_args() -# Flipping the remove flag since complain = !enforce -args.remove = not args.remove +# Set the remove flag since complain = !enforce +# XXX remove this entirely once conversion to individual cmd methods +# on the Tool class are implemented +args.remove = True enforce = apparmor.tools.aa_tools('complain', args) Index: b/utils/aa-enforce.pod === --- a/utils/aa-enforce.pod +++ b/utils/aa-enforce.pod @@ -36,10 +36,6 @@ B-d --dir / path/to/profiles Specifies where to look for the AppArmor security profile set. Defaults to /etc/apparmor.d. -B-r --remove - - Removes the enforce mode for the profile. - =head1 DESCRIPTION Baa-enforce is used to set one or more profiles to Ienforce mode. @@ -49,9 +45,6 @@ unloads and disables a profile. The default mode for a security policy is enforce and the Iaa-complain utility must be run to change this behavior. -The I--remove option can be used to remove the enforce mode for the profile, -setting it to complain mode. - =head1 BUGS If you find any bugs, please report them at Index: b/utils/test/minitools_test.py === --- a/utils/test/minitools_test.py +++ b/utils/test/minitools_test.py @@ -77,11 +77,6 @@ class Test(unittest.TestCase): def test_enforce(self): #Set ntpd profile to complain mode and check if it was correctly set -subprocess.check_output('%s ./../aa-enforce -d ./profiles -r %s'%(python_interpreter, test_path), shell=True) - - self.assertEqual(os.path.islink('./profiles/force-complain/%s'%os.path.basename(local_profilename)), True, 'Failed to create a symlink for %s in force-complain'%local_profilename) -self.assertEqual(apparmor.get_profile_flags(local_profilename, test_path), 'complain', 'Complain flag could not be set in profile %s'%local_profilename) - #Set ntpd profile to enforce mode and check if it was correctly set subprocess.check_output('%s ./../aa-enforce -d ./profiles %s'%(python_interpreter, test_path), shell=True) -- Steve Beattie sbeat...@ubuntu.com http://NxNW.org/~steve/ signature.asc Description: Digital signature -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] [patch] modify regression tests to use USE_SYSTEM to select parser
On Mon, Mar 03, 2014 at 12:27:20PM -0800, Seth Arnold wrote: cp not mv, I'd like this to be able to be used make than once Here's a corrected version; this also includes a typo fix for a typo introduced in rev 2405. Signed-of-by: Seth Arnold seth.arn...@canonical.com Thanks === modified file 'tests/regression/apparmor/Makefile' --- tests/regression/apparmor/Makefile 2014-03-01 23:46:42 + +++ tests/regression/apparmor/Makefile 2014-03-03 23:27:51 + @@ -39,7 +39,7 @@ LDLIBS += -Wl,-Bstatic -lapparmor -Wl,-Bdynamic -lpthread uservars.out: - echo uservars.inc uservars.out + cat uservars.inc uservars.out endif # USE_SYSTEM CFLAGS += -Wall -Wstrict-prototypes @@ -186,7 +186,14 @@ return 1 ; \ fi -all: libapparmor_check $(EXEC) changehat.h +all: libapparmor_check $(EXEC) changehat.h uservars.inc + +uservars.inc: uservars.inc.source uservars.inc.system +ifdef USE_SYSTEM + cp uservars.inc.system uservars.inc +else # !USE_SYSTEM + cp uservars.inc.source uservars.inc +endif # USE_SYSTEM changehat_pthread: changehat_pthread.c changehat.h ${CC} ${CFLAGS} ${LDFLAGS} $ -o $@ ${LDLIBS} -pthread @@ -242,6 +249,6 @@ fi clean: - rm -f $(EXEC) dbus_common.o + rm -f $(EXEC) dbus_common.o uservars.inc regex.sh: open exec === removed file 'tests/regression/apparmor/uservars.inc' --- tests/regression/apparmor/uservars.inc 2014-01-13 04:39:07 + +++ tests/regression/apparmor/uservars.inc 1970-01-01 00:00:00 + @@ -1,14 +0,0 @@ -# 1. Path to apparmor parser -subdomain=${PWD}/../../../parser/apparmor_parser -#subdomain=/sbin/apparmor_parser - -# 2. additional arguments to the apparmor parser -parser_args=-q -K - -# 3. directory to be used for temp files -# Need to be able to access this directory by the root and nobody users. -tmpdir=/tmp/sdtest.$$-$RANDOM - - -# 4. Location of load system profiles for verification -sys_profiles=/sys/kernel/security/apparmor/profiles === added file 'tests/regression/apparmor/uservars.inc.source' --- tests/regression/apparmor/uservars.inc.source 1970-01-01 00:00:00 + +++ tests/regression/apparmor/uservars.inc.source 2014-03-01 04:47:23 + @@ -0,0 +1,14 @@ +# 1. Path to apparmor parser +subdomain=${PWD}/../../../parser/apparmor_parser +#subdomain=/sbin/apparmor_parser + +# 2. additional arguments to the apparmor parser +parser_args=-q -K + +# 3. directory to be used for temp files +# Need to be able to access this directory by the root and nobody users. +tmpdir=/tmp/sdtest.$$-$RANDOM + + +# 4. Location of load system profiles for verification +sys_profiles=/sys/kernel/security/apparmor/profiles === added file 'tests/regression/apparmor/uservars.inc.system' --- tests/regression/apparmor/uservars.inc.system 1970-01-01 00:00:00 + +++ tests/regression/apparmor/uservars.inc.system 2014-03-01 04:47:23 + @@ -0,0 +1,14 @@ +# 1. Path to apparmor parser +#subdomain=${PWD}/../../../parser/apparmor_parser +subdomain=/sbin/apparmor_parser + +# 2. additional arguments to the apparmor parser +parser_args=-q -K + +# 3. directory to be used for temp files +# Need to be able to access this directory by the root and nobody users. +tmpdir=/tmp/sdtest.$$-$RANDOM + + +# 4. Location of load system profiles for verification +sys_profiles=/sys/kernel/security/apparmor/profiles signature.asc Description: Digital signature -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] [patch] modify regression tests to use USE_SYSTEM to select parser
On 03/03/2014 03:32 PM, Seth Arnold wrote: On Mon, Mar 03, 2014 at 12:27:20PM -0800, Seth Arnold wrote: cp not mv, I'd like this to be able to be used make than once Here's a corrected version; this also includes a typo fix for a typo introduced in rev 2405. Signed-of-by: Seth Arnold seth.arn...@canonical.com Acked-by: John Johansen john.johan...@canonical.com -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] [patch] modify regression tests to use USE_SYSTEM to select parser
On Mon, Mar 03, 2014 at 03:32:20PM -0800, Seth Arnold wrote: On Mon, Mar 03, 2014 at 12:27:20PM -0800, Seth Arnold wrote: cp not mv, I'd like this to be able to be used make than once Here's a corrected version; this also includes a typo fix for a typo introduced in rev 2405. Oh argh, that (the typo) shouldn't have leaked in at all. I was trying to play around with making the uservars.inc targets occur inside the existing USE_SYSTEM #ifdef, and these were test targets. It should just be backed out, like so: === modified file 'tests/regression/apparmor/Makefile' --- tests/regression/apparmor/Makefile 2014-03-01 23:46:42 + +++ tests/regression/apparmor/Makefile 2014-03-03 23:53:16 + @@ -20,9 +20,6 @@ endif # LIBAPPARMOR not set LDLIBS += $(LIBAPPARMOR) -uservars.out: uservars.inc - cat uservars.inc uservars.out - else # !USE_SYSTEM # use in-tree versions LIBAPPARMOR_SRC := ../../../libraries/libapparmor/ @@ -37,9 +34,6 @@ CFLAGS += -L$(LIBAPPARMOR_PATH) -I$(LIBAPPARMOR_INCLUDE) LDLIBS += -Wl,-Bstatic -lapparmor -Wl,-Bdynamic -lpthread - -uservars.out: - echo uservars.inc uservars.out endif # USE_SYSTEM CFLAGS += -Wall -Wstrict-prototypes Sorry about that. -- Steve Beattie sbeat...@ubuntu.com http://NxNW.org/~steve/ signature.asc Description: Digital signature -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
[apparmor] aa_change_hat() token needs to be unsigned long in test suite
Hello, While testing the latest iteration of Ubuntu 2.8.95 preliminary packages, I found that the magic token used in the test suite is incorrectly stored as an int rather than unsigned long in at least two cases. The test case currently fails with: running changehat_misc /tmp/testlibCTcwOe/source/trusty/apparmor-2.8.95~2411/tests/regression/apparmor/prologue.inc: line 176: 20184 Killed $testexec $@ $outfile 21 Error: changehat_twice failed. Test 'CHANGEHAT (subprofile-subprofile)' was expected to 'pass'. Reason for failure 'killed by signal 9' *** A 'Killed' message from bash is expected for the following test /tmp/testlibCTcwOe/source/trusty/apparmor-2.8.95~2411/tests/regression/apparmor/prologue.inc: line 176: 20190 Killed $testexec $@ $outfile 21 *** A 'Killed' message from bash is expected for the following test /tmp/testlibCTcwOe/source/trusty/apparmor-2.8.95~2411/tests/regression/apparmor/prologue.inc: line 176: 20222 Killed $testexec $@ $outfile 21 With this patch the output is: running changehat_misc *** A 'Killed' message from bash is expected for the following test /tmp/testlibCTcwOe/source/trusty/apparmor-2.8.95~2411/tests/regression/apparmor/prologue.inc: line 176: 26647 Killed $testexec $@ $outfile 21 *** A 'Killed' message from bash is expected for the following test /tmp/testlibCTcwOe/source/trusty/apparmor-2.8.95~2411/tests/regression/apparmor/prologue.inc: line 176: 26679 Killed $testexec $@ $outfile 21 This patch looks necessary in both trunk and 2.8 branches, though I have not tested how 2.8 actually handles now. Signed-off-by: Seth Arnold seth.arn...@canonical.com Thanks === modified file 'tests/regression/apparmor/changehat_twice.c' --- tests/regression/apparmor/changehat_twice.c 2010-12-20 20:29:10 + +++ tests/regression/apparmor/changehat_twice.c 2014-03-04 04:03:01 + @@ -22,7 +22,8 @@ int main(int argc, char *argv[]) { - int rc, magic; + int rc; + unsigned long magic; if (argc != 5){ fprintf(stderr, usage: %s profile1 profile2 goodmagic|badmagic file\n, === modified file 'tests/regression/apparmor/changehat_wrapper.c' --- tests/regression/apparmor/changehat_wrapper.c 2012-03-26 13:10:18 + +++ tests/regression/apparmor/changehat_wrapper.c 2014-03-04 04:03:48 + @@ -87,7 +87,7 @@ int filedes[2]; int c, o; char buf[BUFSIZ]; - unsigned int magic_token = SD_ID_MAGIC+1; + unsigned long magic_token = SD_ID_MAGIC+1; int manual = 0; int exit_hat = 0; char * manual_string; signature.asc Description: Digital signature -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] aa_change_hat() token needs to be unsigned long in test suite
Hey Seth, On Mon, Mar 03, 2014 at 08:15:12PM -0800, Seth Arnold wrote: This patch looks necessary in both trunk and 2.8 branches, though I have not tested how 2.8 actually handles now. Signed-off-by: Seth Arnold seth.arn...@canonical.com Good catch. Acked-by: Steve Beattie st...@nxnw.org for trunk and 2.8. Thanks. -- Steve Beattie sbeat...@ubuntu.com http://NxNW.org/~steve/ signature.asc Description: Digital signature -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor