[apparmor] [PATCH 6/6] libapparmor: Add unit tests for aa_splitcon()
John Johansen
john.johansen at canonical.com
Thu May 14 06:54:31 UTC 2015
On 05/13/2015 10:49 PM, Tyler Hicks wrote:
> On 2015-05-12 20:31:32, Seth Arnold wrote:
>> On Mon, Apr 13, 2015 at 04:56:32PM -0500, Tyler Hicks wrote:
>>> Test confinement context splitting, using aa_splitcon(3), with and
>>> without a valid mode pointer.
>>>
>>> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
>>
>> Acked-by: Seth Arnold <seth.arnold at canonical.com<
>>
>> I've got a question about one specific aspect of the API:
>>
>>> + TEST_SPLITCON("/a/b/c (complain)\n", NULL, NULL,
>>> + "path split w/ invalid trailing newline");
>>> +
>>> + TEST_SPLITCON("unconfined\n", NULL, NULL,
>>> + "unconfined w/ invalid trailing newline");
>>
>> Is it a good idea to forbid the trailing newline? /proc/*/attr/current
>> includes the newline and forcing application programmers to deal with it
>> before handing the string to aa_splitcon() feels like a needless
>> annoyance.
>
> I originally had these patches stripping off any trailing newline
> characters. At some point wile finalizing the patches, I removed that
> functionality from aa_splitcon() and can no longer remember why. :/
>
> /proc/*/attr/current is the only interface that I'm aware of which tacks
> on a newline to the AA context.
>
> I'm open to adding back in the functionality to strip a trailing newline
> but would like to get other opinions.
>
so whether we like it or not we have 2 different outputs from the kernel
one with and one without
I would have preferred the kernel never output the trailing newline in
the first place but its there, so I think we should just try and mask
that ugliness as best we can in the lib
More information about the AppArmor
mailing list