[apparmor] [PATCH] tests: Conditionalize when to build/run stacking tests
Tyler Hicks
tyhicks at canonical.com
Sat Mar 19 07:35:07 UTC 2016
On 2016-03-19 00:30:01, Steve Beattie wrote:
> On Fri, Mar 18, 2016 at 06:05:47PM -0500, Tyler Hicks wrote:
> > The stacking test binary links against libapparmor for
> > aa_stack_profile() and aa_stack_onexec(), which will be present in 2.11.
> > This means that regression test builds using the system libapparmor
> > should not build the stacking test binary unless the libapparmor 2.11 or
> > newer is present.
> >
> > Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
>
> > ---
> > tests/regression/apparmor/Makefile | 21 ++++++++++++++-------
> > 1 file changed, 14 insertions(+), 7 deletions(-)
> >
> > diff --git a/tests/regression/apparmor/Makefile b/tests/regression/apparmor/Makefile
> > index 21c7fb3..c61f141 100644
> > --- a/tests/regression/apparmor/Makefile
> > +++ b/tests/regression/apparmor/Makefile
> > @@ -119,7 +119,6 @@ SRC=access.c \
> > readdir.c \
> > rw.c \
> > socketpair.c \
> > - stacking.c \
> > symlink.c \
> > syscall_mknod.c \
> > swap.c \
> > @@ -160,16 +159,26 @@ endif
> > ifdef USE_SYSTEM
> > ifneq (,$(shell pkg-config --atleast-version 2.10 libapparmor && echo TRUE))
> > SRC+=aa_policy_cache.c
> > - AA_POLICY_CACHE_TEST=aa_policy_cache
> > + CONDITIONAL_TESTS+=aa_policy_cache
> > else
> > $(warning ${nl}\
> > ************************************************************************${nl}\
> > Skipping aa_policy_cache tests: requires libapparmor 2.10 or newer ...${nl}\
> > ************************************************************************${nl})
> > endif
> > +
> > + ifneq (,$(shell pkg-config --atleast-version 2.11 libapparmor && echo TRUE))
> > + SRC+=stacking.c
> > + CONDITIONAL_TESTS+=stackonexec stackprofile
> > + else
> > + $(warning ${nl}\
> > + ************************************************************************${nl}\
> > + Skipping stacking tests: requires libapparmor 2.11 or newer ...${nl}\
> > + ************************************************************************${nl})
> > + endif
> > else
> > - SRC+=aa_policy_cache.c
> > - AA_POLICY_CACHE_TEST=aa_policy_cache
> > + SRC+=aa_policy_cache.c stacking.c
> > + CONDITIONAL_TESTS+=aa_policy_cache stackonexec stackprofile
> > endif
> >
> > EXEC=$(SRC:%.c=%)
> > @@ -219,8 +228,6 @@ TESTS=aa_exec \
> > swap \
> > sd_flags \
> > setattr \
> > - stackonexec \
> > - stackprofile \
> > symlink \
> > syscall \
> > tcp \
> > @@ -237,7 +244,7 @@ ifneq (,$(shell pkg-config --exists dbus-1 && echo TRUE))
> > TESTS+=dbus_eavesdrop dbus_message dbus_service dbus_unrequested_reply
> > endif
> >
> > -TESTS+=$(AA_POLICY_CACHE_TEST)
> > +TESTS+=$(CONDITIONAL_TESTS)
> >
> > # Tests that can crash the kernel should be placed here
> > RISKY_TESTS=
>
> The added exec_stack tests should also not be used if stacking.c cannot
> be built. It should be removed from the default set and added to the
> $(CONDITIONAL_TESTS). With that change made,
> Acked-by: Steve Beattie <steve at nxnw.org>
The reason I didn't do that was because exec_stack.sh doesn't depend on
any programs that link against libapparmor for aa_stack_*().
The top of the exec_stack.sh file contains:
requires_kernel_features domain/stack
So the entire test is skipped if stacking support isn't present in the
kernel.
Are you fine with this or should I still move it into CONDITIONAL_TESTS?
Tyler
>
> --
> Steve Beattie
> <sbeattie at ubuntu.com>
> http://NxNW.org/~steve/
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160319/72aea670/attachment.pgp>
More information about the AppArmor
mailing list