[apparmor] [2/3] add testsuite for capability rule class

[Christian Boltz]

Hello,

this patch adds a testsuite for the capability rule class (including the 
base class). Since I'm writing these classes test-driven, the testsuite 
covers 100% of the rule/*.py code :-)

Note that the testsuite also documents two known issues (commented out):

a) 
If you use covered_raw('capability foo bar,') and your profile has 
"capability foo, capability bar,", covered_raw will not detect it. The 
reason for this is that "capability foo, capability bar," is split over 
two capability_rule objects internally.

However it works the other way round - if the profile has "capability 
foo bar", covered_raw("capability foo") and covered_raw("capability foo 
bar",) and even "covered_raw("capability bar foo,") will find it.

That's a corner case and the only problem it can cause is a superfluous 
line in a (hand-modified, we don't write multi-capability lines) 
profile, so I'm not sure if it's worth fixing it

b)
When deleting duplicates, "capability," will delete all "capability 
foo," rules. However it doesn't delete "allow capability foo," rules. 
(I didn't check the reason for this yet.)

(The included good news is that "capability," is now recogniced as "all 
capabilities" :-)


Regards,

Christian Boltz
-- 
[SuSE 9.1] Und utf-8 saugt tote Hamster durch Strohhalme, selbst wenn
es funktioniert. [...] Und das alles nur, damit ich Klingonisch native
verarbeiten kann in meinem Rechner.
[http://blog.koehntopp.de/archives/317_Die+schlimmste+aller+Susen.html]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2-add-capability-rule-test.diff
Type: text/x-patch
Size: 23788 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20141115/01caa559/attachment-0001.bin>