<div dir="ltr">Hello,<br><div class="gmail_extra"><br><div class="gmail_quote">On Mon, May 25, 2015 at 7:31 PM, Christian Boltz <span dir="ltr"><<a href="mailto:apparmor@cboltz.de" target="_blank">apparmor@cboltz.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello,<br>
<br>
Am Montag, 25. Mai 2015 schrieb Christian Boltz:<br>
> [ 34-minitools_test-use-no-reload.diff ]<br>
<br>
I accidently added a --no-reload between -d and the path in the<br>
aa-audit test. The test still fails for another reason ;-) but<br>
nevertheless here's v2:<br>
<br>
<br>
Change minitools_test.py to use aa-* --no-reload.<br>
<span>This allows to run minitools_test.py as non-root user.<br>
</span> </blockquote><div>Thats a good thing but this change in tests probably breaks two things as the remainder of code in reload_profile and unload_profile is ignored due to the flag. <br><br></div><div>I think there should be additional tests for them.<br><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span>
Also add a check that only creates the force-complain directory if it<br>
doesn't exist yet.<br>
<br>
<br>
Note: With this patch applied, there are still 4 failing tests, probably<br>
caused by changes in the profiles that are used in the tests.<br>
<br>
<br>
I propose this patch for trunk and 2.9.<br>
<br>
<br>
[ 34-minitools_test-use-no-reload.diff ]<br>
<br>
=== modified file utils/test/minitools_test.py<br>
--- utils/test/minitools_test.py 2015-05-25 15:02:32.489225934 +0200<br>
+++ utils/test/minitools_test.py 2015-05-25 15:32:59.693035190 +0200<br>
@@ -31,37 +32,38 @@<br>
<br>
def test_audit(self):<br>
#Set ntpd profile to audit mode and check if it was correctly set<br>
- str(subprocess.check_output('%s ./../aa-audit -d ./profiles %s'%(python_interpreter, test_path), shell=True))<br>
+ str(subprocess.check_output('%s ./../aa-audit --no-reload -d ./profiles %s'%(python_interpreter, test_path), shell=True))<br>
<br>
self.assertEqual(apparmor.get_profile_flags(local_profilename, test_path), 'audit', 'Audit flag could not be set in profile %s'%local_profilename)<br>
<br>
#Remove audit mode from ntpd profile and check if it was correctly removed<br>
- subprocess.check_output('%s ./../aa-audit -d ./profiles -r %s'%(python_interpreter, test_path), shell=True)<br>
</span><div><div>+ subprocess.check_output('%s ./../aa-audit --no-reload -d ./profiles -r %s'%(python_interpreter, test_path), shell=True)<br>
<br>
self.assertEqual(apparmor.get_profile_flags(local_profilename, test_path), None, 'Audit flag could not be removed in profile %s'%local_profilename)<br>
<br>
<br>
def test_complain(self):<br>
#Set ntpd profile to complain mode and check if it was correctly set<br>
- subprocess.check_output('%s ./../aa-complain -d ./profiles %s'%(python_interpreter, test_path), shell=True)<br>
+ subprocess.check_output('%s ./../aa-complain --no-reload -d ./profiles %s'%(python_interpreter, test_path), shell=True)<br>
<br>
# "manually" create a force-complain symlink (will be deleted by aa-enforce later)<br>
- os.mkdir('./profiles/force-complain')<br>
+ if not os.path.isdir('./profiles/force-complain'):<br>
+ os.mkdir('./profiles/force-complain')<br>
os.symlink(local_profilename, './profiles/force-complain/%s'%os.path.basename(local_profilename) )<br>
<br>
self.assertEqual(os.path.islink('./profiles/force-complain/%s'%os.path.basename(local_profilename)), True, 'Failed to create a symlink for %s in force-complain'%local_profilename)<br>
self.assertEqual(apparmor.get_profile_flags(local_profilename, test_path), 'complain', 'Complain flag could not be set in profile %s'%local_profilename)<br>
<br>
#Set ntpd profile to enforce mode and check if it was correctly set<br>
- subprocess.check_output('%s ./../aa-enforce -d ./profiles %s'%(python_interpreter, test_path), shell=True)<br>
+ subprocess.check_output('%s ./../aa-enforce --no-reload -d ./profiles %s'%(python_interpreter, test_path), shell=True)<br>
<br>
self.assertEqual(os.path.islink('./profiles/force-complain/%s'%os.path.basename(local_profilename)), False, 'Failed to remove symlink for %s from force-complain'%local_profilename)<br>
self.assertEqual(os.path.islink('./profiles/disable/%s'%os.path.basename(local_profilename)), False, 'Failed to remove symlink for %s from disable'%local_profilename)<br>
self.assertEqual(apparmor.get_profile_flags(local_profilename, test_path), None, 'Complain flag could not be removed in profile %s'%local_profilename)<br>
<br>
# Set audit flag and then complain flag in a profile<br>
- subprocess.check_output('%s ./../aa-audit -d ./profiles %s'%(python_interpreter, test_path), shell=True)<br>
- subprocess.check_output('%s ./../aa-complain -d ./profiles %s'%(python_interpreter, test_path), shell=True)<br>
+ subprocess.check_output('%s ./../aa-audit --no-reload -d ./profiles %s'%(python_interpreter, test_path), shell=True)<br>
+ subprocess.check_output('%s ./../aa-complain --no-reload -d ./profiles %s'%(python_interpreter, test_path), shell=True)<br>
# "manually" create a force-complain symlink (will be deleted by aa-enforce later)<br>
os.symlink(local_profilename, './profiles/force-complain/%s'%os.path.basename(local_profilename) )<br>
<br>
@@ -72,20 +76,20 @@<br>
self.assertEqual(apparmor.get_profile_flags(local_profilename, test_path), 'audit,complain', 'Complain flag could not be set in profile %s'%local_profilename)<br>
<br>
#Remove complain flag first i.e. set to enforce mode<br>
- subprocess.check_output('%s ./../aa-enforce -d ./profiles %s'%(python_interpreter, test_path), shell=True)<br>
+ subprocess.check_output('%s ./../aa-enforce --no-reload -d ./profiles %s'%(python_interpreter, test_path), shell=True)<br>
<br>
self.assertEqual(os.path.islink('./profiles/force-complain/%s'%os.path.basename(local_profilename)), False, 'Failed to remove symlink for %s from force-complain'%local_profilename)<br>
self.assertEqual(os.path.islink('./profiles/disable/%s'%os.path.basename(local_profilename)), False, 'Failed to remove symlink for %s from disable'%local_profilename)<br>
self.assertEqual(apparmor.get_profile_flags(local_profilename, test_path), 'audit', 'Complain flag could not be removed in profile %s'%local_profilename)<br>
<br>
#Remove audit flag<br>
- subprocess.check_output('%s ./../aa-audit -d ./profiles -r %s'%(python_interpreter, test_path), shell=True)<br>
+ subprocess.check_output('%s ./../aa-audit --no-reload -d ./profiles -r %s'%(python_interpreter, test_path), shell=True)<br>
<br>
def test_enforce(self):<br>
#Set ntpd profile to complain mode and check if it was correctly set<br>
<br>
#Set ntpd profile to enforce mode and check if it was correctly set<br>
- subprocess.check_output('%s ./../aa-enforce -d ./profiles %s'%(python_interpreter, test_path), shell=True)<br>
+ subprocess.check_output('%s ./../aa-enforce --no-reload -d ./profiles %s'%(python_interpreter, test_path), shell=True)<br>
<br>
self.assertEqual(os.path.islink('./profiles/force-complain/%s'%os.path.basename(local_profilename)), False, 'Failed to remove symlink for %s from force-complain'%local_profilename)<br>
self.assertEqual(os.path.islink('./profiles/disable/%s'%os.path.basename(local_profilename)), False, 'Failed to remove symlink for %s from disable'%local_profilename)<br>
@@ -94,7 +98,7 @@<br>
<br>
def test_disable(self):<br>
#Disable the ntpd profile and check if it was correctly disabled<br></div></div></blockquote><div>Nitpick: As the next patch changes the used profile from ntpd to winbind I think the above comment is rendered wrong.<br></div><div>A replacement of "ntpd" with "test" in such comments would be nice.<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div>
- subprocess.check_output('%s ./../aa-disable -d ./profiles %s'%(python_interpreter, test_path), shell=True)<br>
+ subprocess.check_output('%s ./../aa-disable --no-reload -d ./profiles %s'%(python_interpreter, test_path), shell=True)<br>
<br>
self.assertEqual(os.path.islink('./profiles/disable/%s'%os.path.basename(local_profilename)), True, 'Failed to create a symlink for %s in disable'%local_profilename)<br>
<br>
@@ -120,7 +123,7 @@<br>
#Our silly test program whose profile we wish to clean<br>
cleanprof_test = '/usr/bin/a/simple/cleanprof/test/profile'<br>
<br>
- subprocess.check_output('%s ./../aa-cleanprof -d ./profiles -s %s' % (python_interpreter, cleanprof_test), shell=True)<br>
+ subprocess.check_output('%s ./../aa-cleanprof --no-reload -d ./profiles -s %s' % (python_interpreter, cleanprof_test), shell=True)<br>
<br>
#Strip off the first line (#modified line)<br>
subprocess.check_output('sed -i 1d ./profiles/%s'%(input_file), shell=True)<br>
<br>
<br>
<br>
<br></div></div></blockquote><div>Acked-by: Kshitij Gupta <<a href="mailto:kgupta8592@gmail.com" target="_blank">kgupta8592@gmail.com</a>>. <br><div><br></div><div>Thanks.<br><br></div><div>Regards,<br><br></div>Kshitij Gupta <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div>
<br>
Regards,<br>
<br>
Christian Boltz<br>
--<br>
</div></div>Verstehen kann ich das Problem. Die meisten von uns hätten gerne<br>
brandaktuelle *und* felsenstabile Software. Der Unterschied zwischen<br>
Redmond und Pinguinhausen ist, daß erstere dir erzählen, daß man<br>
beides haben könne. Stimmt aber nicht. [Ratti in suse-linux]<br>
<div><div><br>
<br>
--<br>
AppArmor mailing list<br>
<a href="mailto:AppArmor@lists.ubuntu.com" target="_blank">AppArmor@lists.ubuntu.com</a><br>
Modify settings or unsubscribe at: <a href="https://lists.ubuntu.com/mailman/listinfo/apparmor" target="_blank">https://lists.ubuntu.com/mailman/listinfo/apparmor</a><br>
</div></div></blockquote></div><br></div></div>