[apparmor] [patch] severity.py: change rank_capability() to not expect the CAP_ prefix

Christian Boltz apparmor at cboltz.de
Fri May 29 22:40:45 UTC 2015 

Hello,

Am Freitag, 29. Mai 2015 schrieb Steve Beattie:
> On Fri, May 29, 2015 at 11:29:14PM +0200, Christian Boltz wrote:
> > Am Freitag, 29. Mai 2015 schrieb Steve Beattie:
> > > On Sun, May 24, 2015 at 03:45:13PM +0200, Christian Boltz wrote:
> > > > this patch changes rank_capability() so that it doesn't expect
> > > > the CAP_ prefix. This makes usage easier because callers can simply
> > > > hand over the capability name.
> > > > 
> > > > Also change rank() to call rank_capability() without the CAP_
> > > > prefix.
> > > > 
> > > > [ 15-severity-drop-CAP_prefix.diff ]
> > > 
> > > Acked-by: Steve Beattie <steve at nxnw.org>
> > > 
> > > I'm surprised this didn't require any test changes.
> > 
> > Well, that's a) not too surprising and b) expected - I don't want
> > any behaviour changes here ;-)
> 
> You've made an interface change, I would have expected that would
> require changes to tests that exercise that interface directly => no
> tests exercise that interface directly. No code outside of severity.py
> does either (yet).

Right, at that point nothing called or tested rank_capability()
directly. (That's also why I could change the function name.)

> > We have tests for rank() - and they continue to work because rank()
> > still expects the CAP_ prefix (and cuts it off before calling
> > rank_capability()).
> > 
> > Tests that test rank_capability() in a direct way get added in patch
> > 16 and patch 20.
> 
> rank_capability() is still only tested indirectly even after applying
> those patches.

I just checked this again - r3064 (aka 16-test-severity-convert-to-AATest.diff)
_does_ add direct tests ;-)

The patch desctiption contains:

    There's even an addition - SeverityTestCap now additionally verifies 
    the result of rank_capability().

and here's part of the patch:

+class SeverityTestCap(SeverityBaseTest):
...
+    def _run_test(self, params, expected):
+        cap_with_prefix = 'CAP_%s' % params
+        self._simple_severity_test(cap_with_prefix, expected)
+
+        rank = self.sev_db.rank_capability(params)
+        self.assertEqual(rank, expected, 'expected rank %d, got %d' % (expected, rank))


I commited this in the meantime, so you can just check test-severity.py ;-)


Regards,

Christian Boltz
-- 
> Wenn Du die Software-Supend Funktion des Kernels 2.6 nutzen moechtest,
> dann brauchst Du eine Swap-Partition - mit Swap-Files kann es nicht
> funktionieren.
Prinzipiell habe ich meinen Rechner, damit er arbeitet, nicht, damit er
den Regenwald rettet. :-)   [> Thomas Hertweck und Ratti in suse-linux]

More information about the AppArmor mailing list