[apparmor] [patch] fix is_skippable_dir() and add tests

Christian Boltz apparmor at cboltz.de
Thu Mar 19 20:10:05 UTC 2015 

Hello,

this patch fixes is_skippable_dir() - the regex also matched things like
/etc/apparmor.d/dont_disable, while it should match on the full 
directory name.

Also add some tests based on a real-world aa-logprof run (with "print (path)"
in is_skippable_dir()) and some additional "funny"[tm] dirs.

Needless to say that the tests
        ('dont_disable',                False),
        ('/etc/apparmor.d/cache_foo',   False),
will fail with the old is_skippable_dir().

I propose this patch for trunk and 2.9.


[ 26-fix-is_skippable_dir.diff ]

=== modified file utils/apparmor/aa.py
--- utils/apparmor/aa.py        2015-03-17 19:50:26.935486514 +0100
+++ utils/apparmor/aa.py        2015-03-19 20:56:59.286285683 +0100
@@ -2581,7 +2581,7 @@
     return False
 
 def is_skippable_dir(path):
-    if re.search('(disable|cache|force-complain|lxc)', path):
+    if re.search('^(.*/)?(disable|cache|force-complain|lxc)/?$', path):
         return True
     return False
 
=== modified file utils/test/test-aa.py
--- utils/test/test-aa.py       2015-03-15 23:59:43.442423191 +0100
+++ utils/test/test-aa.py       2015-03-19 20:56:20.146578836 +0100
@@ -16,7 +16,7 @@
 import tempfile
 from common_test import read_file, write_file
 
-from apparmor.aa import check_for_apparmor, get_profile_flags, set_profile_flags, is_skippable_file, parse_profile_start, write_header, serialize_parse_profile_start
+from apparmor.aa import check_for_apparmor, get_profile_flags, set_profile_flags, is_skippable_file, is_skippable_dir, parse_profile_start, write_header, serialize_parse_profile_start
 from apparmor.common import AppArmorException, AppArmorBug
 
 class AaTestWithTempdir(AATest):
@@ -275,6 +275,36 @@
     def test_skippable_13(self):
         self.assertTrue(is_skippable_file('README'))
 
+
+class AaTest_is_skippable_dir(AATest):
+    tests = [
+        ('disable',                     True),
+        ('cache',                       True),
+        ('lxc',                         True),
+        ('force-complain',              True),
+        ('/etc/apparmor.d/cache',       True),
+        ('/etc/apparmor.d/lxc/',        True),
+
+        ('dont_disable',                False),
+        ('/etc/apparmor.d/cache_foo',   False),
+        ('abstractions',                False),
+        ('apache2.d',                   False),
+        ('/etc/apparmor.d/apache2.d',   False),
+        ('local',                       False),
+        ('/etc/apparmor.d/local/',      False),
+        ('tunables',                    False),
+        ('/etc/apparmor.d/tunables',    False),
+        ('/etc/apparmor.d/tunables/multiarch.d',            False),
+        ('/etc/apparmor.d/tunables/xdg-user-dirs.d',        False),
+        ('/etc/apparmor.d/tunables/home.d',                 False),
+        ('/etc/apparmor.d/abstractions',                    False),
+        ('/etc/apparmor.d/abstractions/ubuntu-browsers.d',  False),
+        ('/etc/apparmor.d/abstractions/apparmor_api',       False),
+    ]
+
+    def _run_test(self, params, expected):
+        self.assertEqual(is_skippable_dir(params), expected)
+
 class AaTest_parse_profile_start(AATest):
     def _parse(self, line, profile, hat):
         return parse_profile_start(line, 'somefile', 1, profile, hat)




Regards,

Christian Boltz
-- 
Wenn man bedenkt, dass die Leute vor 150 Jahren ihre E-Mails
noch bei Kerzenlicht geschrieben haben...
[Marianne Kestler, de.admin.net-abuse.mail, 6.5.2000]

More information about the AppArmor mailing list