[apparmor] [patch] Change test-severity.py to use 'unknown' as default rank, and fix the bugs it found

Steve Beattie steve at nxnw.org
Fri May 29 21:20:26 UTC 2015 

On Mon, May 25, 2015 at 02:37:08AM +0200, Christian Boltz wrote:
> Am Sonntag, 24. Mai 2015 schrieb Christian Boltz:
> > [ 17-rank-unknown.diff ]
> 
> Here's a slightly updated version - the only changes are in test-
> severity.py - I added the @{somepaths} variable and a test using it to 
> also have test that includes different severities for each part of the 
> variable.
> 
> Here's the updated patch:
> 
> 
> Change test-severity.py to use 'unknown' as default rank, and fix the bugs it found
> 
> To be able to distinguish between severity 10 and unknown severity,
> change AASetup to specify 'unknown' as default rank, and change the
> expected result to 'unknown' where it's expected.
> 
> Also change the "expected rank %d" to "%s" because it can be a string
> now, and add a test that contains directories with different severity
> in one variable.
> 
> After these changes, handle_variable_rank() errors out with
>     TypeError: unorderable types: str() > int()
> so fix it by
> - initializing rank with the default rank (instead of none)
> - explicitely check that rank and rank_new are != the default rank before
>   doing a comparison
> 
> A side effect is another bugfix - '@{HOME}/sys/@{PROC}/overcommit_memory'
> is severity 4, not 10 or unknown (confirmed by reading severity.db).
> 
> 
> Because of the bugfixes, I propose this patch for trunk and 2.9.
> This also means
> a) also apply patches 14, 15 and 16 to 2.9 or
> b) only apply the severity.py changes in this patch to 2.9, but not the test changes
> 
> Please choose your prefered option ;-)
> 
> 
> 
> [ 17-rank-unknown.diff ]

Acked-by: Steve Beattie <steve at nxnw.org> for trunk.

For 2.9, there's enough other differences in test-severity.py that patch
16 doesn't apply cleanly. I haven't looked at what those differences
are.

The unmentioned third option is to deem the bugfix around variables
preventing the correct severity level from being reported not worth
fixing in 2.9.

If we decide to fix for 2.9, then I'd like to see testcases along
with it.

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150529/31cede43/attachment.pgp>

More information about the AppArmor mailing list