[apparmor] [PATCH 07/20] Rename requires_features and have_features
Tyler Hicks
tyhicks at canonical.com
Fri May 29 17:50:06 UTC 2015
On 2015-05-29 01:39:13, John Johansen wrote:
> Rename require_features to require_kernel_features and
> have_features to kernel_features
>
> to indicate they are tests for kernel features, as now there are tests
> for parser features and in the future there might be library features
> as well.
>
> Signed-off-by: John Johansen <john.johansen at canonical.com>
Acked-by: Tyler Hicks <tyhicks at canonical.com>
> ---
> tests/regression/apparmor/capabilities.sh | 8 ++++----
> tests/regression/apparmor/dbus_eavesdrop.sh | 2 +-
> tests/regression/apparmor/dbus_message.sh | 2 +-
> tests/regression/apparmor/dbus_service.sh | 2 +-
> tests/regression/apparmor/dbus_unrequested_reply.sh | 2 +-
> tests/regression/apparmor/deleted.sh | 2 +-
> tests/regression/apparmor/mount.sh | 2 +-
> tests/regression/apparmor/named_pipe.sh | 2 +-
> tests/regression/apparmor/pivot_root.sh | 2 +-
> tests/regression/apparmor/prologue.inc | 6 +++---
> tests/regression/apparmor/ptrace.sh | 2 +-
> tests/regression/apparmor/socketpair.sh | 2 +-
> tests/regression/apparmor/tcp.sh | 2 +-
> tests/regression/apparmor/unix_fd_server.sh | 4 ++--
> tests/regression/apparmor/unix_socket_abstract.sh | 4 ++--
> tests/regression/apparmor/unix_socket_pathname.sh | 6 +++---
> tests/regression/apparmor/unix_socket_unnamed.sh | 4 ++--
> 17 files changed, 27 insertions(+), 27 deletions(-)
>
> diff --git a/tests/regression/apparmor/capabilities.sh b/tests/regression/apparmor/capabilities.sh
> index 1b50445..74a3c90 100644
> --- a/tests/regression/apparmor/capabilities.sh
> +++ b/tests/regression/apparmor/capabilities.sh
> @@ -97,7 +97,7 @@ for TEST in ${TESTS} ; do
>
> # no capabilities allowed
> genprofile ${my_entries}
> - if [ "${TEST}" == "syscall_ptrace" -a "$(have_features ptrace)" == "true" ] ; then
> + if [ "${TEST}" == "syscall_ptrace" -a "$(kernel_features ptrace)" == "true" ] ; then
> # ptrace between profiles confining tasks of same pid is controlled by the ptrace rule
> # capability + ptrace rule needed between pids
> runchecktest "${TEST} -- no caps" pass ${my_arg}
> @@ -113,7 +113,7 @@ for TEST in ${TESTS} ; do
> for cap in ${CAPABILITIES} ; do
> if [ "X$(eval echo \${${TEST}_${cap}})" == "XTRUE" ] ; then
> expected_result=pass
> - elif [ "${TEST}" == "syscall_ptrace" -a "$(have_features ptrace)" == "true" ]; then
> + elif [ "${TEST}" == "syscall_ptrace" -a "$(kernel_features ptrace)" == "true" ]; then
> expected_result=pass
> else
> expected_result=fail
> @@ -126,7 +126,7 @@ for TEST in ${TESTS} ; do
> # a subprofile.
> settest ${testwrapper}
> genprofile hat:$bin/${TEST} addimage:${bin}/${TEST} ${my_entries}
> - if [ "${TEST}" == "syscall_ptrace" -a "$(have_features ptrace)" == "true" ] ; then
> + if [ "${TEST}" == "syscall_ptrace" -a "$(kernel_features ptrace)" == "true" ] ; then
> # ptrace between profiles confining tasks of same pid is controlled by the ptrace rule
> # capability + ptrace rule needed between pids
> runchecktest "${TEST} changehat -- no caps" pass $bin/${TEST} ${my_arg}
> @@ -141,7 +141,7 @@ for TEST in ${TESTS} ; do
> for cap in ${CAPABILITIES} ; do
> if [ "X$(eval echo \${${TEST}_${cap}})" == "XTRUE" ] ; then
> expected_result=pass
> - elif [ "${TEST}" == "syscall_ptrace" -a "$(have_features ptrace)" == "true" ]; then
> + elif [ "${TEST}" == "syscall_ptrace" -a "$(kernel_features ptrace)" == "true" ]; then
> expected_result=pass
> else
> expected_result=fail
> diff --git a/tests/regression/apparmor/dbus_eavesdrop.sh b/tests/regression/apparmor/dbus_eavesdrop.sh
> index 2792900..a7f2155 100755
> --- a/tests/regression/apparmor/dbus_eavesdrop.sh
> +++ b/tests/regression/apparmor/dbus_eavesdrop.sh
> @@ -18,7 +18,7 @@ pwd=`cd $pwd ; /bin/pwd`
> bin=$pwd
>
> . $bin/prologue.inc
> -requires_features dbus
> +requires_kernel_features dbus
> requires_parser_support "dbus,"
> . $bin/dbus.inc
>
> diff --git a/tests/regression/apparmor/dbus_message.sh b/tests/regression/apparmor/dbus_message.sh
> index cc52745..27807c4 100755
> --- a/tests/regression/apparmor/dbus_message.sh
> +++ b/tests/regression/apparmor/dbus_message.sh
> @@ -18,7 +18,7 @@ pwd=`cd $pwd ; /bin/pwd`
> bin=$pwd
>
> . $bin/prologue.inc
> -requires_features dbus
> +requires_kernel_features dbus
> requires_parser_support "dbus,"
> . $bin/dbus.inc
>
> diff --git a/tests/regression/apparmor/dbus_service.sh b/tests/regression/apparmor/dbus_service.sh
> index 322853b..5cd698a 100755
> --- a/tests/regression/apparmor/dbus_service.sh
> +++ b/tests/regression/apparmor/dbus_service.sh
> @@ -17,7 +17,7 @@ pwd=`cd $pwd ; /bin/pwd`
> bin=$pwd
>
> . $bin/prologue.inc
> -requires_features dbus
> +requires_kernel_features dbus
> requires_parser_support "dbus,"
> . $bin/dbus.inc
>
> diff --git a/tests/regression/apparmor/dbus_unrequested_reply.sh b/tests/regression/apparmor/dbus_unrequested_reply.sh
> index e91f3ad..e69c8b4 100644
> --- a/tests/regression/apparmor/dbus_unrequested_reply.sh
> +++ b/tests/regression/apparmor/dbus_unrequested_reply.sh
> @@ -17,7 +17,7 @@ pwd=`cd $pwd ; /bin/pwd`
> bin=$pwd
>
> . $bin/prologue.inc
> -requires_features dbus
> +requires_kernel_features dbus
> requires_parser_support "dbus,"
> . $bin/dbus.inc
>
> diff --git a/tests/regression/apparmor/deleted.sh b/tests/regression/apparmor/deleted.sh
> index 8d4c5b4..9ca937f 100755
> --- a/tests/regression/apparmor/deleted.sh
> +++ b/tests/regression/apparmor/deleted.sh
> @@ -65,7 +65,7 @@ okperm=rwl
> badperm=wl
> af_unix=""
>
> -if [ "$(have_features network/af_unix)" == "true" -a "$(parser_supports 'unix,')" == "true" ]; then
> +if [ "$(kernel_features network/af_unix)" == "true" -a "$(parser_supports 'unix,')" == "true" ]; then
> af_unix="unix:create"
> fi
>
> diff --git a/tests/regression/apparmor/mount.sh b/tests/regression/apparmor/mount.sh
> index 0840199..8dc1a88 100755
> --- a/tests/regression/apparmor/mount.sh
> +++ b/tests/regression/apparmor/mount.sh
> @@ -102,7 +102,7 @@ runchecktest "UMOUNT (confined no perm)" fail umount ${loop_device} ${mount_poin
> remove_mnt
>
>
> -if [ "$(have_features mount)" != "true" -o "$(parser_supports 'mount,')" != "true" ] ; then
> +if [ "$(kernel_features mount)" != "true" -o "$(parser_supports 'mount,')" != "true" ] ; then
> genprofile capability:sys_admin
> runchecktest "MOUNT (confined cap)" pass mount ${loop_device} ${mount_point}
> remove_mnt
> diff --git a/tests/regression/apparmor/named_pipe.sh b/tests/regression/apparmor/named_pipe.sh
> index 52037e5..72bc736 100755
> --- a/tests/regression/apparmor/named_pipe.sh
> +++ b/tests/regression/apparmor/named_pipe.sh
> @@ -38,7 +38,7 @@ badchild=r
> # Add genprofile params that are common to all hats here
> common=""
>
> -if [ "$(have_features signal)" == "true" -a "$(parser_supports 'signal,')" == "true" ] ; then
> +if [ "$(kernel_features signal)" == "true" -a "$(parser_supports 'signal,')" == "true" ] ; then
> # Allow send/receive of all signals
> common="${common} signal:ALL"
> fi
> diff --git a/tests/regression/apparmor/pivot_root.sh b/tests/regression/apparmor/pivot_root.sh
> index faea755..b68f6cf 100755
> --- a/tests/regression/apparmor/pivot_root.sh
> +++ b/tests/regression/apparmor/pivot_root.sh
> @@ -106,7 +106,7 @@ do_test "unconfined, bad context" fail "$put_old" "$new_root" "$bad"
> genprofile
> do_test "no perms" fail "$put_old" "$new_root" "$test"
>
> -if [ "$(have_features mount)" != "true" -o "$(parser_supports 'mount,')" != "true" ] ; then
> +if [ "$(kernel_features mount)" != "true" -o "$(parser_supports 'mount,')" != "true" ] ; then
> # pivot_root mediation isn't supported by this kernel/parser, so verify that
> # capability sys_admin is sufficient and skip the remaining tests
> genprofile $cur $cap
> diff --git a/tests/regression/apparmor/prologue.inc b/tests/regression/apparmor/prologue.inc
> index bcbe7ea..f6707ab 100755
> --- a/tests/regression/apparmor/prologue.inc
> +++ b/tests/regression/apparmor/prologue.inc
> @@ -22,7 +22,7 @@
> # For this file, functions are first, entry point code is at end, see "MAIN"
>
> #use $() to retreive the failure message or "true" if success
> -have_features()
> +kernel_features()
> {
> if [ ! -e "/sys/kernel/security/apparmor/features/" ] ; then
> echo "Kernel feature masks not supported."
> @@ -40,9 +40,9 @@ have_features()
> return 0;
> }
>
> -requires_features()
> +requires_kernel_features()
> {
> - local res=$(have_features $@)
> + local res=$(kernel_features $@)
> if [ "$res" != "true" ] ; then
> echo "$res. Skipping tests ..."
> exit 0
> diff --git a/tests/regression/apparmor/ptrace.sh b/tests/regression/apparmor/ptrace.sh
> index 17771d0..c336347 100755
> --- a/tests/regression/apparmor/ptrace.sh
> +++ b/tests/regression/apparmor/ptrace.sh
> @@ -52,7 +52,7 @@ runchecktest "test 2 -h prog" pass -h -n 100 $helper /bin/true
> runchecktest "test 2 -hc prog" pass -h -c -n 100 $helper /bin/true
>
>
> -if [ "$(have_features ptrace)" == "true" -a "$(parser_supports 'ptrace,')" == "true" ] ; then
> +if [ "$(kernel_features ptrace)" == "true" -a "$(parser_supports 'ptrace,')" == "true" ] ; then
> . $bin/ptrace_v6.inc
> else
> . $bin/ptrace_v5.inc
> diff --git a/tests/regression/apparmor/socketpair.sh b/tests/regression/apparmor/socketpair.sh
> index 4e56707..423a51d 100755
> --- a/tests/regression/apparmor/socketpair.sh
> +++ b/tests/regression/apparmor/socketpair.sh
> @@ -34,7 +34,7 @@ af_unix_create=""
> af_unix_create_label=""
> af_unix_inherit=""
>
> -if [ "$(have_features network/af_unix)" == "true" -a "$(parser_supports 'unix,')" == "true" ]; then
> +if [ "$(kernel_features network/af_unix)" == "true" -a "$(parser_supports 'unix,')" == "true" ]; then
> # AppArmor requires that the process inheriting the sock file
> # descriptors have send,receive perms in its profile
> af_unix_create="unix:(create,getopt)"
> diff --git a/tests/regression/apparmor/tcp.sh b/tests/regression/apparmor/tcp.sh
> index 73eff1b..076ca00 100755
> --- a/tests/regression/apparmor/tcp.sh
> +++ b/tests/regression/apparmor/tcp.sh
> @@ -15,7 +15,7 @@ pwd=`cd $pwd ; /bin/pwd`
> bin=$pwd
>
> . $bin/prologue.inc
> -requires_features network
> +requires_kernel_features network
>
> port=34567
> ip="127.0.0.1"
> diff --git a/tests/regression/apparmor/unix_fd_server.sh b/tests/regression/apparmor/unix_fd_server.sh
> index fc2b947..0bba807 100755
> --- a/tests/regression/apparmor/unix_fd_server.sh
> +++ b/tests/regression/apparmor/unix_fd_server.sh
> @@ -27,7 +27,7 @@ okperm=rw
> badperm=w
> af_unix=""
>
> -if [ "$(have_features network/af_unix)" == "true" -a "$(parser_supports 'unix,')" == "true" ]; then
> +if [ "$(kernel_features network/af_unix)" == "true" -a "$(parser_supports 'unix,')" == "true" ]; then
> af_unix="unix:create"
> fi
>
> @@ -137,7 +137,7 @@ runchecktest "fd passing; confined -> confined (no perm)" fail $file $socket $fd
> sleep 1
> rm -f ${socket}
>
> -if [ "$(have_features policy/versions/v6)" == "true" -a "$(parser_supports 'unix,')" == "true" ] ; then
> +if [ "$(kernel_features policy/versions/v6)" == "true" -a "$(parser_supports 'unix,')" == "true" ] ; then
> # FAIL - confined client, no access to the socket file
>
> genprofile $file:$okperm $af_unix $socket:rw $fd_client:px -- image=$fd_client $file:$okperm $af_unix
> diff --git a/tests/regression/apparmor/unix_socket_abstract.sh b/tests/regression/apparmor/unix_socket_abstract.sh
> index 6a949c1..21c35e2 100644
> --- a/tests/regression/apparmor/unix_socket_abstract.sh
> +++ b/tests/regression/apparmor/unix_socket_abstract.sh
> @@ -28,8 +28,8 @@ bin=$pwd
>
> . $bin/prologue.inc
> . $bin/unix_socket.inc
> -requires_features policy/versions/v7
> -requires_features network/af_unix
> +requires_kernel_features policy/versions/v7
> +requires_kernel_features network/af_unix
> requires_parser_support "unix,"
>
> settest unix_socket
> diff --git a/tests/regression/apparmor/unix_socket_pathname.sh b/tests/regression/apparmor/unix_socket_pathname.sh
> index be3631d..c14ac9c 100755
> --- a/tests/regression/apparmor/unix_socket_pathname.sh
> +++ b/tests/regression/apparmor/unix_socket_pathname.sh
> @@ -27,7 +27,7 @@ pwd=`cd $pwd ; /bin/pwd`
> bin=$pwd
>
> . $bin/prologue.inc
> -requires_features policy/versions/v6
> +requires_kernel_features policy/versions/v6
>
> settest unix_socket
>
> @@ -41,7 +41,7 @@ message=4a0c83d87aaa7afa2baab5df3ee4df630f0046d5bfb7a3080c550b721f401b3b\
> okserver=w
> badserver1=r
> badserver2=
> -if [ "$(have_features policy/versions/v7)" == "true" ] ; then
> +if [ "$(kernel_features policy/versions/v7)" == "true" ] ; then
> okserver=rw
> badserver2=w
> fi
> @@ -52,7 +52,7 @@ fi
> # af_unix support requires 'unix getattr' to call getsockname()
> af_unix_okserver=
> af_unix_okclient=
> -if [ "$(have_features network/af_unix)" == "true" -a "$(parser_supports 'unix,')" == "true" ] ; then
> +if [ "$(kernel_features network/af_unix)" == "true" -a "$(parser_supports 'unix,')" == "true" ] ; then
> af_unix_okserver="create,setopt"
> af_unix_okclient="create,getopt,setopt,getattr"
> fi
> diff --git a/tests/regression/apparmor/unix_socket_unnamed.sh b/tests/regression/apparmor/unix_socket_unnamed.sh
> index b834888..66bea0a 100644
> --- a/tests/regression/apparmor/unix_socket_unnamed.sh
> +++ b/tests/regression/apparmor/unix_socket_unnamed.sh
> @@ -28,8 +28,8 @@ bin=$pwd
>
> . $bin/prologue.inc
> . $bin/unix_socket.inc
> -requires_features policy/versions/v7
> -requires_features network/af_unix
> +requires_kernel_features policy/versions/v7
> +requires_kernel_features network/af_unix
> requires_parser_support "unix,"
>
> settest unix_socket
> --
> 2.1.4
>
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150529/679b4d03/attachment.pgp>
More information about the AppArmor
mailing list