[apparmor] [PATCH 1/2] parser: Run caching tests even when apparmorfs is not mounted
John Johansen
john.johansen at canonical.com
Thu Aug 13 17:24:41 UTC 2015
On 08/12/2015 10:17 AM, Tyler Hicks wrote:
> The contents of the policy cache files varies based on kernel feature
> support found in apparmorfs but the caching tests are mostly about
> whether or not a cache file was generated and with the right timestamps.
>
> This patch makes it so that the tests are not entirely skipped when
> apparmorfs is not available. Instead, a flat features file will be used
> in most cases and only the specific tests that require apparmorfs will
> be skipped.
>
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
So I have put some comments/notes in below that could be done in
a different patch. This one is fine as it is
Acked-by: John Johansen <john.johansen at canonical.com>
> ---
> parser/tst/caching.py | 24 +++++++++++++++++++-----
> 1 file changed, 19 insertions(+), 5 deletions(-)
>
> diff --git a/parser/tst/caching.py b/parser/tst/caching.py
> index df854d7..d72f4f0 100755
> --- a/parser/tst/caching.py
> +++ b/parser/tst/caching.py
> @@ -56,11 +56,6 @@ class AAParserCachingCommon(testlib.AATestTemplate):
> # REPORT ALL THE OUTPUT
> self.maxDiff = None
>
> - # skip all the things if apparmor securityfs isn't mounted
> - if not os.path.exists("/sys/kernel/security/apparmor"):
> - raise unittest.SkipTest("WARNING: /sys/kernel/security/apparmor does not exist. "
> - "Skipping tests")
> -
> self.tmp_dir = tempfile.mkdtemp(prefix='aa-caching-')
> os.chmod(self.tmp_dir, 0o755)
>
> @@ -81,6 +76,9 @@ class AAParserCachingCommon(testlib.AATestTemplate):
>
> self.cmd_prefix = [config.parser, '--base', self.tmp_dir, '--skip-kernel-load']
>
> + if not self.is_apparmorfs_mounted():
> + self.cmd_prefix += ['-M', './features_files/features.all']
> +
> def tearDown(self):
> '''teardown for each test'''
>
> @@ -98,7 +96,17 @@ class AAParserCachingCommon(testlib.AATestTemplate):
> self.assertFalse(os.path.exists(path),
> 'test created file %s, when it was not expected to do so' % path)
>
> + def is_apparmorfs_mounted(self):
> + return os.path.exists("/sys/kernel/security/apparmor")
> +
> + def require_apparmorfs(self):
> + # skip the test if apparmor securityfs isn't mounted
> + if not self.is_apparmorfs_mounted():
> + raise unittest.SkipTest("WARNING: /sys/kernel/security/apparmor does not exist. Skipping test.")
> +
> def compare_features_file(self, features_path, expected=True):
> + # tests that need this function should call require_apparmorfs() early
> +
> # compare features contents
> expected_output = testlib.read_features_dir('/sys/kernel/security/apparmor/features')
> with open(features_path) as f:
> @@ -152,6 +160,8 @@ class AAParserBasicCachingTests(AAParserCachingCommon):
> def test_features_match_when_caching(self):
> '''test features file is written when caching'''
>
> + self.require_apparmorfs()
> +
This could be reworked to not require apparmorfs
> cmd = list(self.cmd_prefix)
> cmd.extend(['-q', '--write-cache', '-r', self.profile])
> self.run_cmd_check(cmd)
> @@ -268,6 +278,8 @@ class AAParserCachingTests(AAParserCachingCommon):
> def test_cache_writing_does_not_overwrite_features_when_features_differ(self):
> '''test cache writing does not overwrite the features files when it differs and --skip-bad-cache is given'''
>
> + self.require_apparmorfs()
> +
This could be reworked to not require apparmorfs
> features_file = testlib.write_file(self.cache_dir, '.features', 'monkey\n')
>
> cmd = list(self.cmd_prefix)
> @@ -290,6 +302,8 @@ class AAParserCachingTests(AAParserCachingCommon):
> def test_cache_writing_updates_features(self):
> '''test cache writing updates features'''
>
> + self.require_apparmorfs()
> +
This could be reworked to not require apparmorfs
> features_file = testlib.write_file(self.cache_dir, '.features', 'monkey\n')
>
> cmd = list(self.cmd_prefix)
>
Basically I think we could have a version of each of the requires_apparmorfs tests
that tests cache behavior without apparmorfs and then a set of tests around testing
that the caching behavior is correct with apparmorfs
More information about the AppArmor
mailing list