[apparmor] [patch 6/8] parser - use new caching test script

Seth Arnold seth.arnold at canonical.com
Thu Nov 28 02:01:18 UTC 2013 

On Wed, Oct 23, 2013 at 06:41:50PM -0700, Steve Beattie wrote:
> This patch:
>  - incorporates the new python caching test into the make check/make
>    caching target, and removes the older shell based test script
>  - adjusts the python scripts to give verbose output when the VERBOSE
>    flag is set
>  - reorders the tests so that the tests that take a shorter amount of
>    time to run come first, leaving the language sanity test with its
>    69000+ testcases last
>  - moves the make dependency for the auto-generation of the sanity tests
>    into the parser_sanity/valgrind targets and out of the main tests target
> 
> Patch history:
>   v1: initial revision
>   v2: add gen_xtrans/gen_dbus dependency to valgrind test
> 
> Acked-by: Steve Beattie <steve at nxnw.org>
> ---
>  parser/tst/Makefile   |   11 +--
>  parser/tst/caching.sh |  173 --------------------------------------------------
>  2 files changed, 6 insertions(+), 178 deletions(-)

I think I'd have liked to see the caching.py added also in this patch, it
seems odd to ACK a patch that removes so much but doesn't put anything
back... slight whinging aside :)

Acked-by: Seth Arnold <seth.arnold at canonical.com>

Thanks!


> 
> Index: b/parser/tst/Makefile
> ===================================================================
> --- a/parser/tst/Makefile
> +++ b/parser/tst/Makefile
> @@ -8,12 +8,13 @@ PROVE_ARG=-f
>  
>  ifeq ($(VERBOSE),1)
>    PROVE_ARG+=-v
> +  PYTEST_ARG = -v
>  endif
>  
>  all: tests
>  
>  .PHONY: tests error_output gen_xtrans parser_sanity caching minimize equality
> -tests: error_output gen_xtrans gen_dbus parser_sanity caching minimize equality
> +tests: error_output caching minimize equality parser_sanity
>  
>  GEN_TRANS_DIRS=simple_tests/generated_x/ simple_tests/generated_perms_leading/ simple_tests/generated_perms_safe/ simple_tests/generated_dbus
>  
> @@ -38,11 +39,11 @@ error_output: $(PARSER)
>  		grep -q "AppArmor parser error for errors/multi_include.sd in errors/multi_include.sd at line 12: Could not open 'failure'"
>  	@echo "Error Output: PASS"
>  
> -parser_sanity: $(PARSER)
> +parser_sanity: $(PARSER) gen_xtrans gen_dbus
>  	$(Q)LANG=C APPARMOR_PARSER="$(PARSER)" ${PROVE} ${PROVE_ARG} ${TESTS}
>  
>  caching: $(PARSER)
> -	LANG=C APPARMOR_PARSER="$(PARSER)" ./caching.sh
> +	LANG=C ./caching.py -p "$(PARSER)" $(PYTEST_ARG)
>  
>  minimize: $(PARSER)
>  	LANG=C APPARMOR_PARSER="$(PARSER)" ./minimize.sh
> @@ -50,8 +51,8 @@ minimize: $(PARSER)
>  equality: $(PARSER)
>  	LANG=C APPARMOR_PARSER="$(PARSER)" ./equality.sh
>  
> -valgrind: $(PARSER)
> -	LANG=C ./valgrind_simple.py -p "$(PARSER)" -v simple_tests
> +valgrind: $(PARSER) gen_xtrans gen_dbus
> +	LANG=C ./valgrind_simple.py -p "$(PARSER)" $(PYTEST_ARG) simple_tests
>  
>  $(PARSER):
>  	make -C $(PARSER_DIR) $(PARSER_BIN)
> Index: b/parser/tst/caching.sh
> ===================================================================
> --- a/parser/tst/caching.sh
> +++ /dev/null
> @@ -1,173 +0,0 @@
> -#!/bin/bash
> -# These tests will stop running as soon as a failure is seen since they tend to build
> -# on the actions and results of the prior tests.
> -set -e
> -
> -# This test requires introspection
> -if [ ! -d /sys/kernel/security/apparmor ]; then
> -    echo "WARNING: /sys/kernel/security/apparmor does not exist. Skipping tests"
> -    echo "requiring introspection."
> -    exit 0
> -fi
> -
> -APPARMOR_PARSER="${APPARMOR_PARSER:-../apparmor_parser}"
> -
> -# fake base directory
> -basedir=$(mktemp -d -t aa-cache-XXXXXX)
> -altcachedir=$(mktemp -d -t aa-alt-cache-XXXXXXXX)
> -trap "rm -rf $basedir $altcachedir" EXIT
> -mkdir -p $basedir/cache
> -
> -ARGS="--base $basedir --skip-kernel-load"
> -
> -profile=sbin.pingy
> -cp caching.profile $basedir/$profile
> -
> -# Detect and slow down cache test when filesystem can't represent nanosecond delays.
> -timeout=0.1
> -_count=10
> -for ((i = 0; i < ${_count} ; i++)) ; do
> -	touch $basedir/test${i}
> -	sleep $timeout
> -done
> -TIMES=$(stat $basedir/test* -c %z | cut -d" " -f2 | cut -d: -f3 | sort -u | wc -l)
> -if [ $TIMES -ne ${_count} ]; then
> -    echo "WARNING: $basedir lacks nanosecond timestamp resolution, falling back to slower test"
> -    timeout=1
> -fi
> -rm -f $basedir/test*
> -
> -echo -n "Profiles are not cached by default: "
> -${APPARMOR_PARSER} $ARGS -q -r $basedir/$profile
> -[ -f $basedir/cache/$profile ] && echo "FAIL ($basedir/cache/$profile exists)" && exit 1
> -echo "ok"
> -
> -echo -n "Profiles are not cached when using --skip-cache: "
> -${APPARMOR_PARSER} $ARGS -q --write-cache --skip-cache -r $basedir/$profile
> -[ -f $basedir/cache/$profile ] && echo "FAIL ($basedir/cache/$profile exists)" && exit 1
> -echo "ok"
> -
> -sleep $timeout
> -
> -echo -n "Profiles are cached when requested: "
> -${APPARMOR_PARSER} $ARGS -q --write-cache -r $basedir/$profile
> -[ ! -f $basedir/cache/$profile ] && echo "FAIL ($basedir/cache/$profile does not exist)" && exit 1
> -echo "ok"
> -
> -read_features_dir()
> -{
> -    directory="$1"
> -    if [ ! -d "$directory" ] ; then
> -	return
> -    fi
> -    for f in `ls -AU "$directory"` ; do
> -	if [ -f "$directory/$f" ] ; then
> -	    read -r -d "" KF < "$directory/$f" || true
> -	    echo -e "$f {$KF\n}"
> -	elif [ -d "$directory/$f" ] ; then
> -	    echo -n "$f {"
> -	    KF=`read_features_dir "$directory/$f" "$KF"` || true
> -	    echo "$KF"
> -	    echo -e "}"
> -	fi
> -    done
> -}
> -
> -echo -n "Kernel features are written to cache: "
> -[ ! -f $basedir/cache/.features ] && echo "FAIL ($basedir/cache/.features missing)" && exit 1
> -read -r -d "" CF < $basedir/cache/.features || true
> -if [ -d /sys/kernel/security/apparmor/features ] ; then
> -    KF=`read_features_dir /sys/kernel/security/apparmor/features`
> -else
> -    read -r -d "" KF < /sys/kernel/security/apparmor/features || true
> -fi
> -[ "$CF" != "$KF" ] && echo -e "FAIL (feature text mismatch:\n  cache '$CF'\nvs\n  kernel '$KF')" && exit 1
> -echo "ok"
> -
> -echo -n "Cache is loaded when it exists and features match: "
> -${APPARMOR_PARSER} $ARGS -v -r $basedir/$profile | grep -q 'Cached reload succeeded' || { echo "FAIL"; exit 1; }
> -echo "ok"
> -
> -echo -n "Cache is not loaded when skipping is requested: "
> -${APPARMOR_PARSER} $ARGS -v --skip-read-cache -r $basedir/$profile | grep -q 'Replacement succeeded for' || { echo "FAIL"; exit 1; }
> -${APPARMOR_PARSER} $ARGS -v --skip-cache -r $basedir/$profile | grep -q 'Replacement succeeded for' || { echo "FAIL"; exit 1; }
> -echo "ok"
> -
> -echo -n "Cache reading is skipped when features do not match cache: "
> -echo -n "monkey" > $basedir/cache/.features
> -${APPARMOR_PARSER} $ARGS -v -r $basedir/$profile | grep -q 'Replacement succeeded for' || { echo "FAIL"; exit 1; }
> -echo "ok"
> -
> -echo -n "Cache writing is skipped when features do not match and not cleared: "
> -rm $basedir/cache/$profile
> -${APPARMOR_PARSER} $ARGS -v --write-cache --skip-bad-cache -r $basedir/$profile | grep -q 'Replacement succeeded for' || { echo "FAIL"; exit 1; }
> -[ -f $basedir/cache/$profile ] && echo "FAIL ($basedir/cache/$profile exists)" && exit 1
> -echo "ok"
> -
> -rm -f $basedir/cache/.features || true
> -rm -f $basedir/cache/$profile || true
> -echo -n "monkey" > $basedir/cache/.features
> -echo -n "monkey" > $basedir/cache/$profile
> -echo -n "monkey" > $basedir/cache/monkey
> -${APPARMOR_PARSER} $ARGS -v --write-cache -r $basedir/$profile | grep -q 'Replacement succeeded for' || { echo "Cache clear setup FAIL"; exit 1; }
> -echo -n "Cache clear updates features: "
> -echo -n "monkey" | diff -q $basedir/cache/.features - | grep -q 'differ' || { echo "FAIL"; exit 1; }
> -echo "ok"
> -echo -n "Cache clear writes updated profile: "
> -echo -n "monkey" | diff -q $basedir/cache/$profile - | grep -q 'differ' || { echo "FAIL"; exit 1; }
> -echo "ok"
> -echo -n "Cache clear cleans out all files: "
> -[ -f $basedir/cache/monkey ] && { echo "FAIL"; exit 1; }
> -echo "ok"
> -
> -rm -f $basedir/cache/monkey
> -rm -f $basedir/cache/.features || true
> -rm -f $basedir/cache/$profile || true
> -echo -n "monkey" > $basedir/cache/.features
> -echo -n "monkey" > $basedir/cache/$profile
> -echo -n "monkey" > $basedir/cache/monkey
> -echo -n "Cache purge remove profiles unconditionally: "
> -${APPARMOR_PARSER} $ARGS -v --purge-cache -r $basedir/$profile || { echo "Cache purge setup FAIL"; exit 1; }
> -[ -f $basedir/cache/.features ] && { echo "FAIL"; exit 1; }
> -[ -f $basedir/cache/$profile ] && { echo "FAIL"; exit 1; }
> -[ -f $basedir/cache/monkey ] && { echo "FAIL"; exit 1; }
> -echo "ok"
> -
> -echo -n "Profiles are cached when requested (again): "
> -rm -f $basedir/cache/.features || true
> -rm -f $basedir/cache/$profile || true
> -${APPARMOR_PARSER} $ARGS -q --write-cache -r $basedir/$profile
> -[ ! -f $basedir/cache/$profile ] && echo "FAIL ($basedir/cache/$profile does not exist)" && exit 1
> -echo "ok"
> -
> -echo -n "Cache reading is skipped when profile is newer: "
> -sleep $timeout
> -touch $basedir/$profile
> -${APPARMOR_PARSER} $ARGS -v -r $basedir/$profile | grep -q 'Replacement succeeded for' || { echo "FAIL"; exit 1; }
> -echo "ok"
> -
> -echo -n "Cache is used when cache is newer: "
> -sleep $timeout
> -touch $basedir/cache/$profile
> -${APPARMOR_PARSER} $ARGS -v -r $basedir/$profile | grep -q 'Cached reload succeeded' || { echo "FAIL"; exit 1; }
> -echo "ok"
> -
> -echo -n "Cache reading is skipped when parser is newer: "
> -mkdir $basedir/parser
> -cp ${APPARMOR_PARSER} $basedir/parser/
> -$basedir/parser/apparmor_parser $ARGS -v -r $basedir/$profile | grep -q 'Replacement succeeded for' || { echo "FAIL"; exit 1; }
> -echo "ok"
> -
> -echo -n "Cache reading is skipped when parser in \$PATH is newer: "
> -(PATH=$basedir/parser/ /bin/sh -c "apparmor_parser $ARGS -v -r $basedir/$profile") | grep -q 'Replacement succeeded for' || { echo "FAIL"; exit 1; }
> -echo "ok"
> -
> -echo -n "Profiles are cached in alternate location when requested: "
> -${APPARMOR_PARSER} $ARGS -q --write-cache --cache-loc $altcachedir -r $basedir/$profile
> -[ ! -f $altcachedir/$profile ] && echo "FAIL ($altcachedir/$profile does not exist)" && exit 1
> -echo "ok"
> -
> -echo -n "Cache is loaded from alt location when it exists and features match: "
> -${APPARMOR_PARSER} $ARGS -v -r $basedir/$profile --cache-loc $altcachedir | grep -q 'Cached reload succeeded' || { echo "FAIL"; exit 1; }
> -echo "ok"
> -
> 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20131127/99f97e66/attachment-0001.pgp>

More information about the AppArmor mailing list