[apparmor] [PATCH 2/2] tests: Mount without updating mtab in mount.sh

The mount.sh script mixes calls to the regression test 'mount' binary and /sbin/mount. This can result in stale mtab entries being left around after a test run because /sbin/mount adds an mtab entry but the test 'mount' binary, which is also used for unmounting, does not remove mtab entries. To so

[apparmor] [PATCH 1/2] tests: Fix mount.sh test error

The end of the mount.sh regression test script contained cleanup commands to unmount and detach the loop device used for testing. However, the second losetup command fails and, with the recent regression test suite fix to not ignore failed shell commands, an error is triggered at the end of the tes

Re: [apparmor] [PATCH] tests: Don't silently ignore test errors

On Wed, Apr 23, 2014 at 05:16:00PM -0500, Tyler Hicks wrote: > When there was a test error, such as a shell command failure, the > function used for the ERR trap, error_handler(), was causing the error > to be silently ignored by the test runner. > > It was calling exit_handler() directly, before

Re: [apparmor] [patch 2/2] parser: add implicit set variable @{profile_name} to profile symbol table

On Fri, Mar 28, 2014 at 11:15:51AM -0700, Steve Beattie wrote: > parser: add implicit set variable @{profile_name} to profile symbol table > > This patch adds the creation of an implicit set variable > @{profile_name} for use within policy. It expands to: > > - a given profile name if specified

Re: [apparmor] [patch 1/2] parser: refactor symtab unit tests, expand coverage, fix seenlist bug

On Fri, Mar 28, 2014 at 11:14:20AM -0700, Steve Beattie wrote: > parser: refactor symtab unit tests, expand coverage, fix seenlist bug > > This patch: > - refactors the parser_symtab.c unit tests a bit in preparation for > the patch to add an implicit autofilled @{profile_name} variable >

[apparmor] [PATCH] tests: Don't silently ignore test errors

When there was a test error, such as a shell command failure, the function used for the ERR trap, error_handler(), was causing the error to be silently ignored by the test runner. It was calling exit_handler() directly, before calling fatalerror(). This caused $_fatal to be left unset when exit_ha

Re: [apparmor] [PATCH 2/2] utils: Simplify newly added test-regex_matches tests

On 2014-04-23 23:31:23, Christian Boltz wrote: > Hello, > > Am Mittwoch, 23. April 2014 schrieb Tyler Hicks: > > Remove duplicated test code by adding a simple way for regex test > > classes to declare a regex to use and a list of tuples consisting of > > (line, expected_result). The setup_regex_t

Re: [apparmor] [PATCH 2/2] utils: Simplify newly added test-regex_matches tests

Hello, Am Mittwoch, 23. April 2014 schrieb Tyler Hicks: > Remove duplicated test code by adding a simple way for regex test > classes to declare a regex to use and a list of tuples consisting of > (line, expected_result). The setup_regex_tests() method generates test > methods for each tuple in a

Re: [apparmor] [PATCH] utils: Clean up file rule parsing

On 2014-04-23 22:52:45, Christian Boltz wrote: > Hello, > > Am Mittwoch, 23. April 2014 schrieb Tyler Hicks: > > This patch backs out most of the changes from r2448 in favor of a > > better approach. > > > > The optional "file" keyword is handled under the pre-existing > > RE_PROFILE_PATH_ENTRY r

Re: [apparmor] [PATCH 2/2] utils: Clean up str_to_mode()

On 2014-04-23 22:18:04, Christian Boltz wrote: > Hello, > > Am Mittwoch, 23. April 2014 schrieb Tyler Hicks: > > The first conditional around string being set is not needed. If string > > is not set, the while loop will be skipped and mode will be returned. > > > > The variable tmp was being over

Re: [apparmor] [PATCH 1/2] utils: Remove unnecessary regex groups

On 2014-04-23 23:04:38, Christian Boltz wrote: > Hello, > > Am Mittwoch, 23. April 2014 schrieb Tyler Hicks: > > The regexes for signal, ptrace, and pivot_root rules each had an extra > > grouping around the terms 'signal', 'ptrace', and 'pivot_root'. Those > > extra groupings can be safely remove

Re: [apparmor] [PATCH 1/2] utils: Remove unnecessary regex groups

Hello, Am Mittwoch, 23. April 2014 schrieb Tyler Hicks: > The regexes for signal, ptrace, and pivot_root rules each had an extra > grouping around the terms 'signal', 'ptrace', and 'pivot_root'. Those > extra groupings can be safely removed. Indeed. > Signed-off-by: Tyler Hicks > --- > utils/a

Re: [apparmor] [PATCH] utils: Clean up file rule parsing

Hello, Am Mittwoch, 23. April 2014 schrieb Tyler Hicks: > This patch backs out most of the changes from r2448 in favor of a > better approach. > > The optional "file" keyword is handled under the pre-existing > RE_PROFILE_PATH_ENTRY regex and a new regex, > RE_PROFILE_BARE_FILE_ENTRY, is created

Re: [apparmor] [PATCH 2/2] utils: Clean up str_to_mode()

Hello, Am Mittwoch, 23. April 2014 schrieb Tyler Hicks: > The first conditional around string being set is not needed. If string > is not set, the while loop will be skipped and mode will be returned. > > The variable tmp was being overloaded by being the regex search result > and then being reas

Re: [apparmor] [PATCH 1/2] utils: Fix infinite loop when converting an unrecognized mode string

Hello, Am Mittwoch, 23. April 2014 schrieb Tyler Hicks: > Bug: https://bugs.launchpad.net/bugs/1307665 > > When str_to_mode() was given a string containing unknown mode > characters, it entered an infinite loop. The case of the MODE_MAP_RE > regex string not matching the mode string was being ign

Re: [apparmor] [patch 21/26] change syntax of ptrace target

On Tue, Apr 22, 2014 at 05:06:39PM -0700, Seth Arnold wrote: > On Tue, Apr 15, 2014 at 10:22:28AM -0700, john.johan...@canonical.com wrote: > > change from > > ptrace /foo, > > > > to > > ptrace peer=/foo, > > > > Signed-off-by: John Johansen > > > > What happens in the event of a rule lik

[apparmor] [PATCH 2/2] utils: Simplify newly added test-regex_matches tests

Remove duplicated test code by adding a simple way for regex test classes to declare a regex to use and a list of tuples consisting of (line, expected_result). The setup_regex_tests() method generates test methods for each tuple in a classes list. The test methods are based on the regex_test() meth

[apparmor] [PATCH 1/2] utils: Fix infinite loop when converting an unrecognized mode string

Bug: https://bugs.launchpad.net/bugs/1307665 When str_to_mode() was given a string containing unknown mode characters, it entered an infinite loop. The case of the MODE_MAP_RE regex string not matching the mode string was being ignored. This patch makes it so that the loop breaks when MODE_MAP_RE

[apparmor] [PATCH 1/2] utils: Remove unnecessary regex groups

The regexes for signal, ptrace, and pivot_root rules each had an extra grouping around the terms 'signal', 'ptrace', and 'pivot_root'. Those extra groupings can be safely removed. Signed-off-by: Tyler Hicks --- utils/apparmor/aa.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) dif

[apparmor] [PATCH 2/2] utils: Clean up str_to_mode()

The first conditional around string being set is not needed. If string is not set, the while loop will be skipped and mode will be returned. The variable tmp was being overloaded by being the regex search result and then being reassigned to be the first match group in the regex search result. This

[apparmor] [PATCH] utils: Clean up file rule parsing

This patch backs out most of the changes from r2448 in favor of a better approach. The optional "file" keyword is handled under the pre-existing RE_PROFILE_PATH_ENTRY regex and a new regex, RE_PROFILE_BARE_FILE_ENTRY, is created for handling bare file rules. Signed-off-by: Tyler Hicks Cc: Christ