[apparmor] [PATCH 1/2] tests: Allow profile names that don't match an exec

Tue May 27 06:58:37 UTC 2014

On 05/07/2014 07:26 AM, Tyler Hicks wrote:
> On 2014-05-06 19:20:31, Tyler Hicks wrote:
>> Allow for the regression tests to specify arbitrary profile names
>> without hitting fatal errors or getting warnings from mkprofile.pl.
>>
>> This allows for a test to have a line like this:
>>
>>   genprofile change_profile->':arbitrary_name -- \
>> 	     image=arbitrary_name addimage:$test
>>
>> In the example above, $test can call aa_change_onexec("arbitrary_name")
>> and then re-exec itself to test behavior across exec transitions.
>>
>> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>

with this change
Acked-by: John Johansen <john.johansen at canonical.com>

>> ---
>>  tests/regression/apparmor/mkprofile.pl | 8 +++++++-
>>  tests/regression/apparmor/prologue.inc | 4 ----
>>  2 files changed, 7 insertions(+), 5 deletions(-)
>>
>> diff --git a/tests/regression/apparmor/mkprofile.pl b/tests/regression/apparmor/mkprofile.pl
>> index 2ba52bd..59b4a79 100755
>> --- a/tests/regression/apparmor/mkprofile.pl
>> +++ b/tests/regression/apparmor/mkprofile.pl
>> @@ -362,7 +362,7 @@ sub emit_flags($) {
>>  # generate profiles based on cmd line arguments
>>  sub gen_from_args() {
>>    my $bin = shift @ARGV;
>> -  !(-e $bin || $nowarn) && print STDERR "Warning: execname '$bin': no such file or directory\n";
>> +  my $noaddimage = 0;
> 
> Sorry, this variable's name should be addimage instead of noaddimage.
> Please mentally do a s/noaddimage/addimage/g while reviewing this patch.
> I've changed my local copy accordingly.
> 
> Tyler
> 
>>  
>>    unless ($nodefault) {
>>      gen_default_rules();
>> @@ -396,12 +396,18 @@ sub gen_from_args() {
>>        gen_hat($rule);
>>      } elsif ($rule =~ /^addimage:/) {
>>        gen_addimage($rule);
>> +      $noaddimage = 1;
>>      } else {
>>        gen_file($rule);
>>      }
>>    }
>>  
>> +  !(-e $bin || $noaddimage || $nowarn) && print STDERR "Warning: execname '$bin': no such file or directory\n";
>> +
>>    print STDOUT "# Profile autogenerated by $__VERSION__\n";
>> +  if (not substr($bin, 0, 1) eq "/") {
>> +	  print STDOUT "profile "
>> +  }
>>    print STDOUT "$bin ";
>>    emit_flags('__no_hat');
>>    print STDOUT "{\n";
>> diff --git a/tests/regression/apparmor/prologue.inc b/tests/regression/apparmor/prologue.inc
>> index 716ea7a..9d74ac9 100755
>> --- a/tests/regression/apparmor/prologue.inc
>> +++ b/tests/regression/apparmor/prologue.inc
>> @@ -350,10 +350,6 @@ fi
>>  		# mandatory after --
>>  		case "$1" in
>>  			image=*) imagename=`echo $1 | sed 's/^image=\([^:]*\).*$/\1/'`
>> -				 if [ ! -x "$imagename" ]
>> -				 then
>> -					fatalerror "invalid imagename specified in input '$1'"
>> -				 fi
>>  				 num_emitted=0
>>  				 shift
>>  				 ;;
>> -- 
>> 1.9.1
>>
>>
>>