[apparmor] update regression tests to account for parser support of a feature
John Johansen
john.johansen at canonical.com
Thu Apr 30 10:18:31 UTC 2015
On 04/30/2015 01:59 AM, Christian Boltz wrote:
> Hello,
>
> Am Mittwoch, 29. April 2015 schrieb John Johansen:
>> On 04/29/2015 04:42 PM, Seth Arnold wrote:
>>> On Wed, Apr 29, 2015 at 03:25:10PM -0700, John Johansen wrote:
>>>> The regression tests have issue on backport kernels when the
>>>> userspace has not been updated. The issue is that the regression
>>>> tests detect the kernel features set and generate policy that the
>>>> parser may not be able to compile.
>>>>
>>>> Augment the regressions tests with a couple simple functions to
>>>> test what is supported by the parser, and update the test
>>>> conditionals to use them.
>>>>
>>>> Signed-off-by: John Johansen <john.johansen at canonical.com>
>>>
>>> This looks good to me as-is; but I think the existing
>>> requires_features and have_features ought to be renamed to reflect
>>> that they are testing the kernel for those features.
>>
>> right I was thinking of a couple follow on patches
>>
>> rename have_features -> kernel_features
>> requires_features -> requires_kernel_features
>>
>> and then another patch that reintroduces have_features and
>> requires_features for the common uses. I think we would have to
>> specify the current sets as pairs unless we can come up with a good
>> way to provide a mapping, so
>>
>> requires_features "network/af_unix" "unix,"
>>
>> and it would expand into
>> $(requires_kernel_features "network/af_unix") == "true" -a
>> $(parser_supports "unix,") == "true"
>
> Wouldn't it make sense to do this now?
>
> Basically your patch introduces additional calls to parser_supports -
> and the follow-up patch you are planning makes those added calls
> superfluous again ;-)
>
> Note that this comment is NOT a "nack", just a silly question ;-)
>
maybe, I just wanted clear baby steps. I will follow up with the other
two patches before committing.
Also I have plans to leverage this to test fallback modes on the kernel
even if the parser supports the features, so I do want the base fns
of this patch
More information about the AppArmor
mailing list