[apparmor] [patch] rewrite set_profile_flags() to use write_header()

Steve Beattie steve at nxnw.org
Thu Apr 2 18:35:58 UTC 2015 

On Thu, Apr 02, 2015 at 11:15:41AM -0700, Steve Beattie wrote:
> On Sun, Mar 15, 2015 at 10:20:16PM +0100, Christian Boltz wrote:
> > Changes in set_profile_flags():
> > - rewrite set_profile_flags to use parse_profile_start_line() and
> >   write_header().
> > - replace the silent failure for non-existing files with a proper
> >   exception (using lazy programming - the check is done by removing the
> >   "if os.path.isfile()" check, open_file_read then raises the
> >   exception ;-)
> > - comment out regex_hat_flag and the code that was supposed to handle
> >   hat flags, which were totally broken. We'll need another patch to fix
> >   it, and we also need to decide if we want to do that because it
> >   introduces a behaviour change (currently, aa-complain etc. don't
> >   change hat flags).
> > 
> > The tests for set_profile_flags() are also updated:
> > - prepend a space to comments because write_header always adds a space
> >   between '{' and the comment
> > - remove a test with superfluous quotes that are no longer kept (that's
> >   just a profile cleanup, so dropping that test is the easiest way)
> > - update test_set_flags_10 and test_set_flags_12 to use the correct
> >   profile name
> > - enable the tests for invalid (empty) flags
> > - update the test for a non-existing file
> > 
> > Note: test_set_flags_10, test_set_flags_12 and test_set_flags_nochange_09
> > will fail with this patch applied. The next patch will fix that.
> 
> More than that fail under python2.7 with this patch:
> 
> $ PYTHONPATH=.. python test-aa.py  2>&1 | grep ^FAIL
> FAIL: test_set_flags_10 (__main__.AaTest_set_profile_flags)
> FAIL: test_set_flags_12 (__main__.AaTest_set_profile_flags)
> FAIL: test_set_flags_nochange_02 (__main__.AaTest_set_profile_flags)
> FAIL: test_set_flags_nochange_05 (__main__.AaTest_set_profile_flags)
> FAIL: test_set_flags_nochange_06 (__main__.AaTest_set_profile_flags)
> FAIL: test_set_flags_nochange_07 (__main__.AaTest_set_profile_flags)
> FAIL: test_set_flags_nochange_09 (__main__.AaTest_set_profile_flags)
> FAILED (failures=7)
> 
> as opposed to
> 
> $ PYTHONPATH=.. python3 test-aa.py  2>&1 | grep ^FAIL
> FAIL: test_set_flags_10 (__main__.AaTest_set_profile_flags)
> FAIL: test_set_flags_12 (__main__.AaTest_set_profile_flags)
> FAIL: test_set_flags_nochange_09 (__main__.AaTest_set_profile_flags)
> FAILED (failures=3)
> 
> This is as far as I've gotten with debugging (thanks to nose
> being able to drop me into pdb on a test failiure), this is how
> AaTest_set_profile_flags.test_set_flags_nochange_02 is failing:
> 
> (Pdb) print new_prof
>    /foo flags=(  complain  ) {
> 
>   #include <abstractions/base>
>   capability chown,
>   /bar r,
> }
> 
> (Pdb) print real_new_prof
>   /foo flags=(  complain  ) {
> 
>   #include <abstractions/base>
>   capability chown,
>   /bar r,
> }
> 
> Note the extra space at the beginning of the profile name line in
> new_prof? I haven't figured out why that gets added, and why it only
> gets added with python 2.7.

The difference is this:

$ python2.7 -c "print(len('   ')/2)"
1
$ python3 -c "print(len('   ')/2)"
1.5

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150402/d42671bb/attachment-0001.pgp>

More information about the AppArmor mailing list