[apparmor] test-aa-easyprof.py fails because of UsrMove

Steve Beattie steve at nxnw.org
Wed Mar 5 21:00:35 UTC 2014


On Wed, Mar 05, 2014 at 09:27:29PM +0100, Christian Boltz wrote:
> I finally applied Steve's small change to preserve the tempdirs (and 
> another one to tell me the used tempdir - BTW: is there a "clean" way to 
> do this? I had to abuse a "self.assertTrue(0 == 1, "tempdir %s" % 
> self.tempdir)" because a simple "print" didn't produce any screen 
> output.

Really? I get... voluminous output from the script, including the
temporary directories, with either python or python3.

> The tempdirs of the two failing tests are attached, but I didn't look 
> into their content yet.
> 
> Hmm, thinking about it, it might also be a symlink issue:
> The tempdirs are something like /tmp/test-aa-easyprofXXXXXX, and my /tmp 
> is a symlink to /home/sys-tmp/
> 
> Seems to be a good guess - after
> 
> === modified file 'utils/test/test-aa-easyprof.py'
> --- utils/test/test-aa-easyprof.py      2014-03-03 21:26:41 +0000
> +++ utils/test/test-aa-easyprof.py      2014-03-05 20:15:49 +0000
> @@ -108,7 +108,7 @@
>          '''Setup for tests'''
>          global topdir
>  
> -        self.tmpdir = tempfile.mkdtemp(prefix='test-aa-easyprof')
> +        self.tmpdir = tempfile.mkdtemp(prefix='test-aa-easyprof', dir='/home/sys-tmp/')
>  
>          # Copy everything into place
>          for d in ['easyprof/policygroups', 'easyprof/templates']:
> 
> the tests don't fail anymore.
> One more thing that breaks by /tmp being a symlink ;-)
> 
> I'll attach the tempdir content of the failed tests (without the dir=
> added) nevertheless, in case someone wants to look into them.
> 
> Looks like we need os.path.realpath even for /tmp :-/

The reason the test fails is because the policygroups directory that
easyprof ends up with is different than the constructed one that
includes the tmpdir path. It probably would have been easier to see this
if the failure message had included the comparison values, like so:

Index: b/utils/test/test-aa-easyprof.py
===================================================================
--- a/utils/test/test-aa-easyprof.py
+++ b/utils/test/test-aa-easyprof.py
@@ -241,7 +241,8 @@ TEMPLATES_DIR="%s/templates"
         easyp = easyprof.AppArmorEasyProfile(self.binary, self.options)
 
         # no fallback
-        self.assertTrue(easyp.dirs['policygroups'] == rel, "Not using specified --policy-groups-dir")
+        self.assertTrue(easyp.dirs['policygroups'] == rel, "Not using specified --policy-groups-dir\n" +
+                                                           "Specified dir: %s\nActual dir: %s" % (rel, str(easyp.dirs['policygroups'])))
         self.assertFalse(easyp.get_policy_groups() == None, "Could not find policy-groups")
 
     def test_policygroups_dir_nonexistent(self):

> What about this patch?
> 
> === modified file 'utils/test/test-aa-easyprof.py'
> --- utils/test/test-aa-easyprof.py      2014-03-03 21:26:41 +0000
> +++ utils/test/test-aa-easyprof.py      2014-03-05 20:19:49 +0000
> @@ -108,7 +108,7 @@
>          '''Setup for tests'''
>          global topdir
>  
> -        self.tmpdir = tempfile.mkdtemp(prefix='test-aa-easyprof')
> +        self.tmpdir = tempfile.mkdtemp(prefix='test-aa-easyprof', dir=os.path.realpath('/tmp'))
>  
>          # Copy everything into place
>          for d in ['easyprof/policygroups', 'easyprof/templates']:
> 
> It works for me, but I'm not sure if using the hardcoded /tmp is always
> a good idea. (When not specifying dir=, environment variables like 
> TMPDIR are honored.)
> 
> Opinions? Acks? Naks? ;-)

As someone who sets TMPDIR to point outside of /tmp, no, I don't like
this patch. :) It seems to me the better fix would be:

-        self.tmpdir = tempfile.mkdtemp(prefix='test-aa-easyprof')
+        self.tmpdir = os.path.realpath(tempfile.mkdtemp(prefix='test-aa-easyprof'))

This way, TMPDIR is still honored, but any symlinks in the generated
path are resolved away.

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140305/9bcc7df2/attachment.pgp>


More information about the AppArmor mailing list