[apparmor] [patch] minitools_test.py: test if aa-enforce removes force-complain symlinks
Christian Boltz
apparmor at cboltz.de
Fri Sep 26 18:37:33 UTC 2014
Hello,
two weeks ago, I fixed various tests in minitools_test.py which also
included disabling the test if aa-complain deletes the force-complain
symlink because nothing (especially aa-complain) creates those symlinks.
Seth didn't like the removal of that test too much [1]. So here's a patch
that "manually" creates the force-complain symlink and tests that it's
removed by aa-enforce.
=== modified file 'utils/test/minitools_test.py'
--- utils/test/minitools_test.py 2014-09-14 15:27:01 +0000
+++ utils/test/minitools_test.py 2014-09-26 18:28:51 +0000
@@ -47,8 +47,12 @@
def test_complain(self):
#Set ntpd profile to complain mode and check if it was correctly set
subprocess.check_output('%s ./../aa-complain -d ./profiles %s'%(python_interpreter, test_path), shell=True)
+
+ # "manually" create a force-complain symlink (will be deleted by aa-enforce later)
+ os.mkdir('./profiles/force-complain')
+ os.symlink(local_profilename, './profiles/force-complain/%s'%os.path.basename(local_profilename) )
-# self.assertEqual(os.path.islink('./profiles/force-complain/%s'%os.path.basename(local_profilename)), True, 'Failed to create a symlink for %s in force-complain'%local_profilename)
+ self.assertEqual(os.path.islink('./profiles/force-complain/%s'%os.path.basename(local_profilename)), True, 'Failed to create a symlink for %s in force-complain'%local_profilename)
self.assertEqual(apparmor.get_profile_flags(local_profilename, test_path), 'complain', 'Complain flag could not be set in profile %s'%local_profilename)
#Set ntpd profile to enforce mode and check if it was correctly set
@@ -61,8 +65,10 @@
# Set audit flag and then complain flag in a profile
subprocess.check_output('%s ./../aa-audit -d ./profiles %s'%(python_interpreter, test_path), shell=True)
subprocess.check_output('%s ./../aa-complain -d ./profiles %s'%(python_interpreter, test_path), shell=True)
+ # "manually" create a force-complain symlink (will be deleted by aa-enforce later)
+ os.symlink(local_profilename, './profiles/force-complain/%s'%os.path.basename(local_profilename) )
-# self.assertEqual(os.path.islink('./profiles/force-complain/%s'%os.path.basename(local_profilename)), True, 'Failed to create a symlink for %s in force-complain'%local_profilename)
+ self.assertEqual(os.path.islink('./profiles/force-complain/%s'%os.path.basename(local_profilename)), True, 'Failed to create a symlink for %s in force-complain'%local_profilename)
self.assertEqual(apparmor.get_profile_flags(local_profilename, test_path), 'audit,complain', 'Complain flag could not be set in profile %s'%local_profilename)
#Remove complain flag first i.e. set to enforce mode
Regards,
Christian Boltz
[1] see the discussion in [patch] various fixes for minitools_test.py
--
Wenn es mit sysvinit funktioniert, dann lässt systemd mal wieder
die Hosen runter. Das passiert ihm leider öfter. Ich find das ja
unanständig. ;) [Lars Müller in opensuse-de]
More information about the AppArmor
mailing list