[apparmor] [patch] Add some simple_tests (dbus and bare file rules)

Thu Jan 7 22:42:56 UTC 2016

Hello,

Am Donnerstag, 7. Januar 2016 schrieb Steve Beattie:
> On Thu, Jan 07, 2016 at 09:54:40PM +0100, Christian Boltz wrote:
> > [ more-simple_tests.diff ]
> > 
> > === added file 'parser/tst/simple_tests/dbus/ok_bind_2.sd'
> > --- parser/tst/simple_tests/dbus/ok_bind_2.sd   1970-01-01 00:00:00
> > +0000 +++ parser/tst/simple_tests/dbus/ok_bind_2.sd   2015-10-27
> > 22:55:01 +0000 @@ -0,0 +1,7 @@
> > +#
> > +#=DESCRIPTION simple dbus implicit bind acceptance test with deny
> > keyword +#=EXRESULT PASS
> > +
> > +profile a_profile {
> > +  deny dbus name=(SomeService),
> > +}
> 
> Hrm, I'm surprised the autogenerated dbus tests don't cover this,
> since they exercise deny pretty excessively. But grepping recursively
> for 'deny dbus name' doesn't find anything.

IIRC I noticed this by missing code coverage, so... ;-)

> > === added file 'parser/tst/simple_tests/file/ok_bare_1.sd'
> > --- parser/tst/simple_tests/file/ok_bare_1.sd   1970-01-01 00:00:00
> > +0000 +++ parser/tst/simple_tests/file/ok_bare_1.sd   2015-10-27
> > 22:50:19 +0000 @@ -0,0 +1,7 @@
> > +#
> > +#=Description bare file rule
> > +#=EXRESULT PASS
> > +#
> > +/usr/bin/foo {
> > +  file,
> > +}
> 
> Covered by parser/tst/simple_tests/file/file/ok_2.sd; note that the
> file/file/ subdirectory covers use of the file keyword with file
> pathnames. I'm okay with okay with renaming/replacing that one with
> ok_bare_1.sd, but keeping it in the file/file/ subdirectory.

I don't really care about the filename, so I'll just remove ok_bare_1.sd 
from the patch (and keep ok_2.sd unchanged).

This also means I'll rename ok_bare_2.sd to ok_bare_1.sd to avoid 
someone wonders why ok_bare_1.sd doesn't exist ;-)

> > === added file 'parser/tst/simple_tests/file/ok_bare_2.sd'
> > --- parser/tst/simple_tests/file/ok_bare_2.sd   1970-01-01 00:00:00
> > +0000 +++ parser/tst/simple_tests/file/ok_bare_2.sd   2015-10-27
> > 22:50:36 +0000 @@ -0,0 +1,7 @@
> > +#
> > +#=Description bare file rule
> > +#=EXRESULT PASS
> > +#
> > +/usr/bin/foo {
> > +  deny file,
> > +}
> 
> Yep, that's not covered by existing tests.
> 
> Acked-by: Steve Beattie <steve at nxnw.org>, as long as the duplication
> between file/ok_bare_1.sd and file/file/ok_2.sd is resolved.

Regards,

Christian Boltz
-- 
...als ich letztens an der Elbe saß, mein Astra-was-sonst nuckelte und
die Aufschriften auf den Containerschiffen studierte, beschloss ich, daß
die Einheit "Kilopunkt" (kPt) für Fonts durchaus praxisnah sei. Die
Überprüfung meiner Erkenntnisse ("Dasch verdammte Wort is minstens 5
Medder hoch, wennichsogar...") muß ich leider bis zum Erwerb eines
Schlauchbootes zurückstellen. Wissenschaft fordert Opfer.
[Ratti in suse-linux]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160107/c4606edf/attachment.pgp>