[apparmor] [PATCH] regression test: conditionaly run pivot_root domain, transitions

John Johansen john.johansen at canonical.com
Thu Sep 7 23:44:45 UTC 2017 

Document the use of the features_X and requires() functions

Signed-off-by: John Johansen <john.johansen at canonical.com>


=== modified file 'tests/regression/apparmor/prologue.inc'
--- tests/regression/apparmor/prologue.inc	2017-09-07 09:28:06 +0000
+++ tests/regression/apparmor/prologue.inc	2017-09-07 23:42:21 +0000
@@ -23,6 +23,12 @@
 
 #use $() to retreive the failure message or "true" if success
 
+# kernel_features_istrue() - test whether boolean files are true
+# $@: path(s) to test if true
+# Returns: 0 and "true" if all specified paths exist and are true
+#          1 and error message if features directory is not available
+#          2 and error message if feature file does not exist
+#          3 and error message if feature path is not a file
 kernel_features_istrue()
 {
 	if [ ! -e "/sys/kernel/security/apparmor/features/" ] ; then
@@ -46,6 +52,11 @@
 	return 0;
 }
 
+# kernel_features - test whether path(s) are present
+# $@: feature path(s) to test
+# Returns: 0 and outputs "true" if all paths exist
+#          1 and error message if features dir is not available
+#          2 and error message if path does not exist
 kernel_features()
 {
 	if [ ! -e "/sys/kernel/security/apparmor/features/" ] ; then
@@ -64,6 +75,8 @@
 	return 0;
 }
 
+# requires_kernek_features() - exit if kernel feature does not exist
+# $@: feature path(s) to test
 requires_kernel_features()
 {
 	local res=$(kernel_features $@)
@@ -73,6 +86,7 @@
 	fi
 }
 
+# requires_namespace_interface() - exit if namespace iterface is not available
 requires_namespace_interface()
 {
 	if [ ! -e "/sys/kernel/security/apparmor/policy/namespaces" ]
@@ -82,6 +96,7 @@
 	fi
 }
 
+# requires_query_interface() - exit if the query interface is not available
 requires_query_interface()
 {
 	if [ ! -e "/sys/kernel/security/apparmor/.access" ]
@@ -91,6 +106,10 @@
 	fi
 }
 
+# parser_supports() - test if the parser supports the following rules
+# $@: rules to test, use quotes if the rule contains ws
+# Returns: 0 and output "true" if all rules supported
+#          1 and error message if compiler does not support rule
 parser_supports()
 {
 	for R in "$@" ; do
@@ -105,6 +124,8 @@
 	return 0;
 }
 
+#requires_parser_support() - exit if the parser does not suppor the rules
+# $@: rules to test
 requires_parser_support()
 {
 	local res=$(parser_supports $@)

More information about the AppArmor mailing list