[apparmor] [PATCH 07/20] Rename requires_features and have_features
John Johansen
john.johansen at canonical.com
Fri May 29 08:39:13 UTC 2015
Rename require_features to require_kernel_features and
have_features to kernel_features
to indicate they are tests for kernel features, as now there are tests
for parser features and in the future there might be library features
as well.
Signed-off-by: John Johansen <john.johansen at canonical.com>
---
tests/regression/apparmor/capabilities.sh | 8 ++++----
tests/regression/apparmor/dbus_eavesdrop.sh | 2 +-
tests/regression/apparmor/dbus_message.sh | 2 +-
tests/regression/apparmor/dbus_service.sh | 2 +-
tests/regression/apparmor/dbus_unrequested_reply.sh | 2 +-
tests/regression/apparmor/deleted.sh | 2 +-
tests/regression/apparmor/mount.sh | 2 +-
tests/regression/apparmor/named_pipe.sh | 2 +-
tests/regression/apparmor/pivot_root.sh | 2 +-
tests/regression/apparmor/prologue.inc | 6 +++---
tests/regression/apparmor/ptrace.sh | 2 +-
tests/regression/apparmor/socketpair.sh | 2 +-
tests/regression/apparmor/tcp.sh | 2 +-
tests/regression/apparmor/unix_fd_server.sh | 4 ++--
tests/regression/apparmor/unix_socket_abstract.sh | 4 ++--
tests/regression/apparmor/unix_socket_pathname.sh | 6 +++---
tests/regression/apparmor/unix_socket_unnamed.sh | 4 ++--
17 files changed, 27 insertions(+), 27 deletions(-)
diff --git a/tests/regression/apparmor/capabilities.sh b/tests/regression/apparmor/capabilities.sh
index 1b50445..74a3c90 100644
--- a/tests/regression/apparmor/capabilities.sh
+++ b/tests/regression/apparmor/capabilities.sh
@@ -97,7 +97,7 @@ for TEST in ${TESTS} ; do
# no capabilities allowed
genprofile ${my_entries}
- if [ "${TEST}" == "syscall_ptrace" -a "$(have_features ptrace)" == "true" ] ; then
+ if [ "${TEST}" == "syscall_ptrace" -a "$(kernel_features ptrace)" == "true" ] ; then
# ptrace between profiles confining tasks of same pid is controlled by the ptrace rule
# capability + ptrace rule needed between pids
runchecktest "${TEST} -- no caps" pass ${my_arg}
@@ -113,7 +113,7 @@ for TEST in ${TESTS} ; do
for cap in ${CAPABILITIES} ; do
if [ "X$(eval echo \${${TEST}_${cap}})" == "XTRUE" ] ; then
expected_result=pass
- elif [ "${TEST}" == "syscall_ptrace" -a "$(have_features ptrace)" == "true" ]; then
+ elif [ "${TEST}" == "syscall_ptrace" -a "$(kernel_features ptrace)" == "true" ]; then
expected_result=pass
else
expected_result=fail
@@ -126,7 +126,7 @@ for TEST in ${TESTS} ; do
# a subprofile.
settest ${testwrapper}
genprofile hat:$bin/${TEST} addimage:${bin}/${TEST} ${my_entries}
- if [ "${TEST}" == "syscall_ptrace" -a "$(have_features ptrace)" == "true" ] ; then
+ if [ "${TEST}" == "syscall_ptrace" -a "$(kernel_features ptrace)" == "true" ] ; then
# ptrace between profiles confining tasks of same pid is controlled by the ptrace rule
# capability + ptrace rule needed between pids
runchecktest "${TEST} changehat -- no caps" pass $bin/${TEST} ${my_arg}
@@ -141,7 +141,7 @@ for TEST in ${TESTS} ; do
for cap in ${CAPABILITIES} ; do
if [ "X$(eval echo \${${TEST}_${cap}})" == "XTRUE" ] ; then
expected_result=pass
- elif [ "${TEST}" == "syscall_ptrace" -a "$(have_features ptrace)" == "true" ]; then
+ elif [ "${TEST}" == "syscall_ptrace" -a "$(kernel_features ptrace)" == "true" ]; then
expected_result=pass
else
expected_result=fail
diff --git a/tests/regression/apparmor/dbus_eavesdrop.sh b/tests/regression/apparmor/dbus_eavesdrop.sh
index 2792900..a7f2155 100755
--- a/tests/regression/apparmor/dbus_eavesdrop.sh
+++ b/tests/regression/apparmor/dbus_eavesdrop.sh
@@ -18,7 +18,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
. $bin/prologue.inc
-requires_features dbus
+requires_kernel_features dbus
requires_parser_support "dbus,"
. $bin/dbus.inc
diff --git a/tests/regression/apparmor/dbus_message.sh b/tests/regression/apparmor/dbus_message.sh
index cc52745..27807c4 100755
--- a/tests/regression/apparmor/dbus_message.sh
+++ b/tests/regression/apparmor/dbus_message.sh
@@ -18,7 +18,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
. $bin/prologue.inc
-requires_features dbus
+requires_kernel_features dbus
requires_parser_support "dbus,"
. $bin/dbus.inc
diff --git a/tests/regression/apparmor/dbus_service.sh b/tests/regression/apparmor/dbus_service.sh
index 322853b..5cd698a 100755
--- a/tests/regression/apparmor/dbus_service.sh
+++ b/tests/regression/apparmor/dbus_service.sh
@@ -17,7 +17,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
. $bin/prologue.inc
-requires_features dbus
+requires_kernel_features dbus
requires_parser_support "dbus,"
. $bin/dbus.inc
diff --git a/tests/regression/apparmor/dbus_unrequested_reply.sh b/tests/regression/apparmor/dbus_unrequested_reply.sh
index e91f3ad..e69c8b4 100644
--- a/tests/regression/apparmor/dbus_unrequested_reply.sh
+++ b/tests/regression/apparmor/dbus_unrequested_reply.sh
@@ -17,7 +17,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
. $bin/prologue.inc
-requires_features dbus
+requires_kernel_features dbus
requires_parser_support "dbus,"
. $bin/dbus.inc
diff --git a/tests/regression/apparmor/deleted.sh b/tests/regression/apparmor/deleted.sh
index 8d4c5b4..9ca937f 100755
--- a/tests/regression/apparmor/deleted.sh
+++ b/tests/regression/apparmor/deleted.sh
@@ -65,7 +65,7 @@ okperm=rwl
badperm=wl
af_unix=""
-if [ "$(have_features network/af_unix)" == "true" -a "$(parser_supports 'unix,')" == "true" ]; then
+if [ "$(kernel_features network/af_unix)" == "true" -a "$(parser_supports 'unix,')" == "true" ]; then
af_unix="unix:create"
fi
diff --git a/tests/regression/apparmor/mount.sh b/tests/regression/apparmor/mount.sh
index 0840199..8dc1a88 100755
--- a/tests/regression/apparmor/mount.sh
+++ b/tests/regression/apparmor/mount.sh
@@ -102,7 +102,7 @@ runchecktest "UMOUNT (confined no perm)" fail umount ${loop_device} ${mount_poin
remove_mnt
-if [ "$(have_features mount)" != "true" -o "$(parser_supports 'mount,')" != "true" ] ; then
+if [ "$(kernel_features mount)" != "true" -o "$(parser_supports 'mount,')" != "true" ] ; then
genprofile capability:sys_admin
runchecktest "MOUNT (confined cap)" pass mount ${loop_device} ${mount_point}
remove_mnt
diff --git a/tests/regression/apparmor/named_pipe.sh b/tests/regression/apparmor/named_pipe.sh
index 52037e5..72bc736 100755
--- a/tests/regression/apparmor/named_pipe.sh
+++ b/tests/regression/apparmor/named_pipe.sh
@@ -38,7 +38,7 @@ badchild=r
# Add genprofile params that are common to all hats here
common=""
-if [ "$(have_features signal)" == "true" -a "$(parser_supports 'signal,')" == "true" ] ; then
+if [ "$(kernel_features signal)" == "true" -a "$(parser_supports 'signal,')" == "true" ] ; then
# Allow send/receive of all signals
common="${common} signal:ALL"
fi
diff --git a/tests/regression/apparmor/pivot_root.sh b/tests/regression/apparmor/pivot_root.sh
index faea755..b68f6cf 100755
--- a/tests/regression/apparmor/pivot_root.sh
+++ b/tests/regression/apparmor/pivot_root.sh
@@ -106,7 +106,7 @@ do_test "unconfined, bad context" fail "$put_old" "$new_root" "$bad"
genprofile
do_test "no perms" fail "$put_old" "$new_root" "$test"
-if [ "$(have_features mount)" != "true" -o "$(parser_supports 'mount,')" != "true" ] ; then
+if [ "$(kernel_features mount)" != "true" -o "$(parser_supports 'mount,')" != "true" ] ; then
# pivot_root mediation isn't supported by this kernel/parser, so verify that
# capability sys_admin is sufficient and skip the remaining tests
genprofile $cur $cap
diff --git a/tests/regression/apparmor/prologue.inc b/tests/regression/apparmor/prologue.inc
index bcbe7ea..f6707ab 100755
--- a/tests/regression/apparmor/prologue.inc
+++ b/tests/regression/apparmor/prologue.inc
@@ -22,7 +22,7 @@
# For this file, functions are first, entry point code is at end, see "MAIN"
#use $() to retreive the failure message or "true" if success
-have_features()
+kernel_features()
{
if [ ! -e "/sys/kernel/security/apparmor/features/" ] ; then
echo "Kernel feature masks not supported."
@@ -40,9 +40,9 @@ have_features()
return 0;
}
-requires_features()
+requires_kernel_features()
{
- local res=$(have_features $@)
+ local res=$(kernel_features $@)
if [ "$res" != "true" ] ; then
echo "$res. Skipping tests ..."
exit 0
diff --git a/tests/regression/apparmor/ptrace.sh b/tests/regression/apparmor/ptrace.sh
index 17771d0..c336347 100755
--- a/tests/regression/apparmor/ptrace.sh
+++ b/tests/regression/apparmor/ptrace.sh
@@ -52,7 +52,7 @@ runchecktest "test 2 -h prog" pass -h -n 100 $helper /bin/true
runchecktest "test 2 -hc prog" pass -h -c -n 100 $helper /bin/true
-if [ "$(have_features ptrace)" == "true" -a "$(parser_supports 'ptrace,')" == "true" ] ; then
+if [ "$(kernel_features ptrace)" == "true" -a "$(parser_supports 'ptrace,')" == "true" ] ; then
. $bin/ptrace_v6.inc
else
. $bin/ptrace_v5.inc
diff --git a/tests/regression/apparmor/socketpair.sh b/tests/regression/apparmor/socketpair.sh
index 4e56707..423a51d 100755
--- a/tests/regression/apparmor/socketpair.sh
+++ b/tests/regression/apparmor/socketpair.sh
@@ -34,7 +34,7 @@ af_unix_create=""
af_unix_create_label=""
af_unix_inherit=""
-if [ "$(have_features network/af_unix)" == "true" -a "$(parser_supports 'unix,')" == "true" ]; then
+if [ "$(kernel_features network/af_unix)" == "true" -a "$(parser_supports 'unix,')" == "true" ]; then
# AppArmor requires that the process inheriting the sock file
# descriptors have send,receive perms in its profile
af_unix_create="unix:(create,getopt)"
diff --git a/tests/regression/apparmor/tcp.sh b/tests/regression/apparmor/tcp.sh
index 73eff1b..076ca00 100755
--- a/tests/regression/apparmor/tcp.sh
+++ b/tests/regression/apparmor/tcp.sh
@@ -15,7 +15,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
. $bin/prologue.inc
-requires_features network
+requires_kernel_features network
port=34567
ip="127.0.0.1"
diff --git a/tests/regression/apparmor/unix_fd_server.sh b/tests/regression/apparmor/unix_fd_server.sh
index fc2b947..0bba807 100755
--- a/tests/regression/apparmor/unix_fd_server.sh
+++ b/tests/regression/apparmor/unix_fd_server.sh
@@ -27,7 +27,7 @@ okperm=rw
badperm=w
af_unix=""
-if [ "$(have_features network/af_unix)" == "true" -a "$(parser_supports 'unix,')" == "true" ]; then
+if [ "$(kernel_features network/af_unix)" == "true" -a "$(parser_supports 'unix,')" == "true" ]; then
af_unix="unix:create"
fi
@@ -137,7 +137,7 @@ runchecktest "fd passing; confined -> confined (no perm)" fail $file $socket $fd
sleep 1
rm -f ${socket}
-if [ "$(have_features policy/versions/v6)" == "true" -a "$(parser_supports 'unix,')" == "true" ] ; then
+if [ "$(kernel_features policy/versions/v6)" == "true" -a "$(parser_supports 'unix,')" == "true" ] ; then
# FAIL - confined client, no access to the socket file
genprofile $file:$okperm $af_unix $socket:rw $fd_client:px -- image=$fd_client $file:$okperm $af_unix
diff --git a/tests/regression/apparmor/unix_socket_abstract.sh b/tests/regression/apparmor/unix_socket_abstract.sh
index 6a949c1..21c35e2 100644
--- a/tests/regression/apparmor/unix_socket_abstract.sh
+++ b/tests/regression/apparmor/unix_socket_abstract.sh
@@ -28,8 +28,8 @@ bin=$pwd
. $bin/prologue.inc
. $bin/unix_socket.inc
-requires_features policy/versions/v7
-requires_features network/af_unix
+requires_kernel_features policy/versions/v7
+requires_kernel_features network/af_unix
requires_parser_support "unix,"
settest unix_socket
diff --git a/tests/regression/apparmor/unix_socket_pathname.sh b/tests/regression/apparmor/unix_socket_pathname.sh
index be3631d..c14ac9c 100755
--- a/tests/regression/apparmor/unix_socket_pathname.sh
+++ b/tests/regression/apparmor/unix_socket_pathname.sh
@@ -27,7 +27,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
. $bin/prologue.inc
-requires_features policy/versions/v6
+requires_kernel_features policy/versions/v6
settest unix_socket
@@ -41,7 +41,7 @@ message=4a0c83d87aaa7afa2baab5df3ee4df630f0046d5bfb7a3080c550b721f401b3b\
okserver=w
badserver1=r
badserver2=
-if [ "$(have_features policy/versions/v7)" == "true" ] ; then
+if [ "$(kernel_features policy/versions/v7)" == "true" ] ; then
okserver=rw
badserver2=w
fi
@@ -52,7 +52,7 @@ fi
# af_unix support requires 'unix getattr' to call getsockname()
af_unix_okserver=
af_unix_okclient=
-if [ "$(have_features network/af_unix)" == "true" -a "$(parser_supports 'unix,')" == "true" ] ; then
+if [ "$(kernel_features network/af_unix)" == "true" -a "$(parser_supports 'unix,')" == "true" ] ; then
af_unix_okserver="create,setopt"
af_unix_okclient="create,getopt,setopt,getattr"
fi
diff --git a/tests/regression/apparmor/unix_socket_unnamed.sh b/tests/regression/apparmor/unix_socket_unnamed.sh
index b834888..66bea0a 100644
--- a/tests/regression/apparmor/unix_socket_unnamed.sh
+++ b/tests/regression/apparmor/unix_socket_unnamed.sh
@@ -28,8 +28,8 @@ bin=$pwd
. $bin/prologue.inc
. $bin/unix_socket.inc
-requires_features policy/versions/v7
-requires_features network/af_unix
+requires_kernel_features policy/versions/v7
+requires_kernel_features network/af_unix
requires_parser_support "unix,"
settest unix_socket
--
2.1.4
More information about the AppArmor
mailing list