[apparmor] [patch] Change minitools_test.py to use aa-* --no-reload

Christian Boltz apparmor at cboltz.de
Mon May 25 13:50:21 UTC 2015 

Hello,

this patch changes the minitools_test.py to use aa-* --no-reload.
This allows to run minitools_test.py as non-root user.

Also add a check that only creates the force-complain directory if it
doesn't exist yet.


Note: With this patch applied, there are still 4 failing tests, probably
caused by changes in the profiles that are used in the tests.


I propose this patch for trunk and 2.9.


[ 34-minitools_test-use-no-reload.diff ]

=== modified file utils/test/minitools_test.py
--- utils/test/minitools_test.py        2015-05-25 15:02:32.489225934 +0200
+++ utils/test/minitools_test.py        2015-05-25 15:32:59.693035190 +0200
@@ -31,37 +32,38 @@
 
     def test_audit(self):
         #Set ntpd profile to audit mode and check if it was correctly set
-        str(subprocess.check_output('%s ./../aa-audit -d ./profiles %s'%(python_interpreter, test_path), shell=True))
+        str(subprocess.check_output('%s ./../aa-audit --no-reload -d ./profiles %s'%(python_interpreter, test_path), shell=True))
 
         self.assertEqual(apparmor.get_profile_flags(local_profilename, test_path), 'audit', 'Audit flag could not be set in profile %s'%local_profilename)
 
         #Remove audit mode from ntpd profile and check if it was correctly removed
-        subprocess.check_output('%s ./../aa-audit -d ./profiles -r %s'%(python_interpreter, test_path), shell=True)
+        subprocess.check_output('%s ./../aa-audit -d --no-reload ./profiles -r %s'%(python_interpreter, test_path), shell=True)
 
         self.assertEqual(apparmor.get_profile_flags(local_profilename, test_path), None, 'Audit flag could not be removed in profile %s'%local_profilename)
 
 
     def test_complain(self):
         #Set ntpd profile to complain mode and check if it was correctly set
-        subprocess.check_output('%s ./../aa-complain -d ./profiles %s'%(python_interpreter, test_path), shell=True)
+        subprocess.check_output('%s ./../aa-complain --no-reload -d ./profiles %s'%(python_interpreter, test_path), shell=True)
        
         # "manually" create a force-complain symlink (will be deleted by aa-enforce later)
-        os.mkdir('./profiles/force-complain')
+        if not os.path.isdir('./profiles/force-complain'):
+            os.mkdir('./profiles/force-complain')
         os.symlink(local_profilename, './profiles/force-complain/%s'%os.path.basename(local_profilename) )
 
         self.assertEqual(os.path.islink('./profiles/force-complain/%s'%os.path.basename(local_profilename)), True, 'Failed to create a symlink for %s in force-complain'%local_profilename)
         self.assertEqual(apparmor.get_profile_flags(local_profilename, test_path), 'complain', 'Complain flag could not be set in profile %s'%local_profilename)
 
         #Set ntpd profile to enforce mode and check if it was correctly set
-        subprocess.check_output('%s ./../aa-enforce -d ./profiles %s'%(python_interpreter, test_path), shell=True)
+        subprocess.check_output('%s ./../aa-enforce --no-reload -d ./profiles %s'%(python_interpreter, test_path), shell=True)
 
         self.assertEqual(os.path.islink('./profiles/force-complain/%s'%os.path.basename(local_profilename)), False, 'Failed to remove symlink for %s from force-complain'%local_profilename)
         self.assertEqual(os.path.islink('./profiles/disable/%s'%os.path.basename(local_profilename)), False, 'Failed to remove symlink for %s from disable'%local_profilename)
         self.assertEqual(apparmor.get_profile_flags(local_profilename, test_path), None, 'Complain flag could not be removed in profile %s'%local_profilename)
 
         # Set audit flag and then complain flag in a profile
-        subprocess.check_output('%s ./../aa-audit -d ./profiles %s'%(python_interpreter, test_path), shell=True)
-        subprocess.check_output('%s ./../aa-complain -d ./profiles %s'%(python_interpreter, test_path), shell=True)
+        subprocess.check_output('%s ./../aa-audit --no-reload -d ./profiles %s'%(python_interpreter, test_path), shell=True)
+        subprocess.check_output('%s ./../aa-complain --no-reload -d ./profiles %s'%(python_interpreter, test_path), shell=True)
         # "manually" create a force-complain symlink (will be deleted by aa-enforce later)
         os.symlink(local_profilename, './profiles/force-complain/%s'%os.path.basename(local_profilename) )
 
@@ -72,20 +76,20 @@
         self.assertEqual(apparmor.get_profile_flags(local_profilename, test_path), 'audit,complain', 'Complain flag could not be set in profile %s'%local_profilename)
 
         #Remove complain flag first i.e. set to enforce mode
-        subprocess.check_output('%s ./../aa-enforce -d ./profiles %s'%(python_interpreter, test_path), shell=True)
+        subprocess.check_output('%s ./../aa-enforce --no-reload -d ./profiles %s'%(python_interpreter, test_path), shell=True)
 
         self.assertEqual(os.path.islink('./profiles/force-complain/%s'%os.path.basename(local_profilename)), False, 'Failed to remove symlink for %s from force-complain'%local_profilename)
         self.assertEqual(os.path.islink('./profiles/disable/%s'%os.path.basename(local_profilename)), False, 'Failed to remove symlink for %s from disable'%local_profilename)
         self.assertEqual(apparmor.get_profile_flags(local_profilename, test_path), 'audit', 'Complain flag could not be removed in profile %s'%local_profilename)
 
         #Remove audit flag
-        subprocess.check_output('%s ./../aa-audit -d ./profiles -r %s'%(python_interpreter, test_path), shell=True)
+        subprocess.check_output('%s ./../aa-audit --no-reload -d ./profiles -r %s'%(python_interpreter, test_path), shell=True)
 
     def test_enforce(self):
         #Set ntpd profile to complain mode and check if it was correctly set
 
         #Set ntpd profile to enforce mode and check if it was correctly set
-        subprocess.check_output('%s ./../aa-enforce -d ./profiles %s'%(python_interpreter, test_path), shell=True)
+        subprocess.check_output('%s ./../aa-enforce --no-reload -d ./profiles %s'%(python_interpreter, test_path), shell=True)
 
         self.assertEqual(os.path.islink('./profiles/force-complain/%s'%os.path.basename(local_profilename)), False, 'Failed to remove symlink for %s from force-complain'%local_profilename)
         self.assertEqual(os.path.islink('./profiles/disable/%s'%os.path.basename(local_profilename)), False, 'Failed to remove symlink for %s from disable'%local_profilename)
@@ -94,7 +98,7 @@
 
     def test_disable(self):
         #Disable the ntpd profile and check if it was correctly disabled
-        subprocess.check_output('%s ./../aa-disable -d ./profiles %s'%(python_interpreter, test_path), shell=True)
+        subprocess.check_output('%s ./../aa-disable --no-reload -d ./profiles %s'%(python_interpreter, test_path), shell=True)
 
         self.assertEqual(os.path.islink('./profiles/disable/%s'%os.path.basename(local_profilename)), True, 'Failed to create a symlink for %s in disable'%local_profilename)
 
@@ -120,7 +123,7 @@
         #Our silly test program whose profile we wish to clean
         cleanprof_test = '/usr/bin/a/simple/cleanprof/test/profile'
 
-        subprocess.check_output('%s ./../aa-cleanprof  -d ./profiles -s %s' % (python_interpreter, cleanprof_test), shell=True)
+        subprocess.check_output('%s ./../aa-cleanprof  --no-reload -d ./profiles -s %s' % (python_interpreter, cleanprof_test), shell=True)
 
         #Strip off the first line (#modified line)
         subprocess.check_output('sed -i 1d ./profiles/%s'%(input_file), shell=True)


Regards,

Christian Boltz
-- 
For patterns and products, this is - as we now learned - wrong and
confusing.  (We will probably have more such learning effects in the
future ... ;-})
[Klaus Kaempf in https://bugzilla.novell.com/show_bug.cgi?id=198379]

More information about the AppArmor mailing list