[apparmor] [PATCH 1/2] tests: Allow profile names that don't match an exec
Tyler Hicks
tyhicks at canonical.com
Wed May 7 05:26:02 UTC 2014
On 2014-05-06 19:20:31, Tyler Hicks wrote:
> Allow for the regression tests to specify arbitrary profile names
> without hitting fatal errors or getting warnings from mkprofile.pl.
>
> This allows for a test to have a line like this:
>
> genprofile change_profile->':arbitrary_name -- \
> image=arbitrary_name addimage:$test
>
> In the example above, $test can call aa_change_onexec("arbitrary_name")
> and then re-exec itself to test behavior across exec transitions.
>
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
> ---
> tests/regression/apparmor/mkprofile.pl | 8 +++++++-
> tests/regression/apparmor/prologue.inc | 4 ----
> 2 files changed, 7 insertions(+), 5 deletions(-)
>
> diff --git a/tests/regression/apparmor/mkprofile.pl b/tests/regression/apparmor/mkprofile.pl
> index 2ba52bd..59b4a79 100755
> --- a/tests/regression/apparmor/mkprofile.pl
> +++ b/tests/regression/apparmor/mkprofile.pl
> @@ -362,7 +362,7 @@ sub emit_flags($) {
> # generate profiles based on cmd line arguments
> sub gen_from_args() {
> my $bin = shift @ARGV;
> - !(-e $bin || $nowarn) && print STDERR "Warning: execname '$bin': no such file or directory\n";
> + my $noaddimage = 0;
Sorry, this variable's name should be addimage instead of noaddimage.
Please mentally do a s/noaddimage/addimage/g while reviewing this patch.
I've changed my local copy accordingly.
Tyler
>
> unless ($nodefault) {
> gen_default_rules();
> @@ -396,12 +396,18 @@ sub gen_from_args() {
> gen_hat($rule);
> } elsif ($rule =~ /^addimage:/) {
> gen_addimage($rule);
> + $noaddimage = 1;
> } else {
> gen_file($rule);
> }
> }
>
> + !(-e $bin || $noaddimage || $nowarn) && print STDERR "Warning: execname '$bin': no such file or directory\n";
> +
> print STDOUT "# Profile autogenerated by $__VERSION__\n";
> + if (not substr($bin, 0, 1) eq "/") {
> + print STDOUT "profile "
> + }
> print STDOUT "$bin ";
> emit_flags('__no_hat');
> print STDOUT "{\n";
> diff --git a/tests/regression/apparmor/prologue.inc b/tests/regression/apparmor/prologue.inc
> index 716ea7a..9d74ac9 100755
> --- a/tests/regression/apparmor/prologue.inc
> +++ b/tests/regression/apparmor/prologue.inc
> @@ -350,10 +350,6 @@ fi
> # mandatory after --
> case "$1" in
> image=*) imagename=`echo $1 | sed 's/^image=\([^:]*\).*$/\1/'`
> - if [ ! -x "$imagename" ]
> - then
> - fatalerror "invalid imagename specified in input '$1'"
> - fi
> num_emitted=0
> shift
> ;;
> --
> 1.9.1
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140507/ccd52a01/attachment.pgp>
More information about the AppArmor
mailing list