[apparmor] GSoC review r55..57
Christian Boltz
apparmor at cboltz.de
Thu Sep 5 17:25:17 UTC 2013
Hello,
the review for r55 is attached.
I didn't notice any problems in r56 and r57 :-)
Regards,
Christian Boltz
--
[...] sollte für einen Ortskundigen also kinderleicht zu finden sein.
Wir sind die Leute, die den dicken weißgrünen Europcar Lastwagen so
bescheuert mitten auf der Straße geparkt haben.
[Kristian Köhntopp zieht um]
-------------- next part --------------
------------------------------------------------------------
revno: 55
committer: Kshitij Gupta <kgupta8592 at gmail.com
branch nick: apparmor-profile-tools
timestamp: Sat 2013-08-31 04:08:26 +0530
message:
Tests for minitools aa-disable, aa-audit, aa-complain, aa-enforce added and
some minor bugs fixed. Ran all existing test suites on python2 and python3
and tweaked a few things
=== modified file 'Testing/minitools_test.py'
--- Testing/minitools_test.py 2013-08-29 22:24:31 +0000
+++ Testing/minitools_test.py 2013-08-30 22:38:26 +0000
def test_audit(self):
+ #Set ntpd profile to audit mode and check if it was correctly set
+ subprocess.check_output('python ./../Tools/aa-audit.py -d ./profiles ntpd', shell=True)
# this will always run the test with py2
# is there an easy way to get the current interpreter (py2 vs. py3) and use it?
# besides that, aa-audit will fail if ntpd is not installed
# in other words: please specify the full path for ntpd in this test to avoid BuildRequires: ntpd (which would look strange)
+ local_profilename = apparmor.get_profile_filename(apparmor.get_full_path(apparmor.which('ntpd')))
# which will fail if ntpd is not installed
+ self.assertEqual(apparmor.get_profile_flags(local_profilename), 'audit', 'Audit flag could not be set in profile %s'%local_profilename)
+
+ #Remove audit mode from ntpd profile and check if it was correctly removed
+ subprocess.check_output('python ./../Tools/aa-audit.py -d ./profiles -r ntpd', shell=True)
# py2 here also
# aa-audit will fail if ntpd is not installed
+ local_profilename = apparmor.get_profile_filename(apparmor.get_full_path(apparmor.which('ntpd')))
# which will fail if ntpd is not installed
+ self.assertEqual(apparmor.get_profile_flags(local_profilename), None, 'Complain flag could not be removed in profile %s'%local_profilename)
def test_complain(self):
- pass
+ #Set ntpd profile to complain mode and check if it was correctly set
+ subprocess.check_output('python ./../Tools/aa-complain.py -d ./profiles ntpd', shell=True)
# py2 here also, and will also fail if ntpd is not installed
+ local_profilename = apparmor.get_profile_filename(apparmor.get_full_path(apparmor.which('ntpd')))
# which will fail if ntpd is not installed
+ self.assertEqual(os.path.islink('./profiles/force-complain/%s'%os.path.basename(local_profilename)), True, 'Failed to create a symlink for %s in force-complain'%local_profilename)
+ self.assertEqual(apparmor.get_profile_flags(local_profilename), 'complain', 'Complain flag could not be set in profile %s'%local_profilename)
+
+ #Set ntpd profile to enforce mode and check if it was correctly set
+ subprocess.check_output('python ./../Tools/aa-complain.py -d ./profiles -r ntpd', shell=True)
# py2 here also, and will also fail if ntpd is not installed
+ local_profilename = apparmor.get_profile_filename(apparmor.get_full_path(apparmor.which('ntpd')))
# which will fail if ntpd is not installed
+ self.assertEqual(os.path.islink('./profiles/force-complain/%s'%os.path.basename(local_profilename)), False, 'Failed to remove symlink for %s from force-complain'%local_profilename)
+ self.assertEqual(os.path.islink('./profiles/disable/%s'%os.path.basename(local_profilename)), False, 'Failed to remove symlink for %s from disable'%local_profilename)
+ self.assertEqual(apparmor.get_profile_flags(local_profilename), None, 'Complain flag could not be removed in profile %s'%local_profilename)
+
+ # Set audit flag and then complain flag in a profile
+ subprocess.check_output('python ./../Tools/aa-audit.py -d ./profiles ntpd', shell=True)
+ subprocess.check_output('python ./../Tools/aa-complain.py -d ./profiles ntpd', shell=True)
# py2 here also, and will also fail if ntpd is not installed
+ local_profilename = apparmor.get_profile_filename(apparmor.get_full_path(apparmor.which('ntpd')))
# which will fail if ntpd is not installed
+ self.assertEqual(os.path.islink('./profiles/force-complain/%s'%os.path.basename(local_profilename)), True, 'Failed to create a symlink for %s in force-complain'%local_profilename)
+ self.assertEqual(apparmor.get_profile_flags(local_profilename), 'audit,complain', 'Complain flag could not be set in profile %s'%local_profilename)
+
+ #Remove complain flag first i.e. set to enforce mode
+ subprocess.check_output('python ./../Tools/aa-complain.py -d ./profiles -r ntpd', shell=True)
# py2 here also, and will also fail if ntpd is not installed
+ local_profilename = apparmor.get_profile_filename(apparmor.get_full_path(apparmor.which('ntpd')))
# which will fail if ntpd is not installed
+ self.assertEqual(os.path.islink('./profiles/force-complain/%s'%os.path.basename(local_profilename)), False, 'Failed to remove symlink for %s from force-complain'%local_profilename)
+ self.assertEqual(os.path.islink('./profiles/disable/%s'%os.path.basename(local_profilename)), False, 'Failed to remove symlink for %s from disable'%local_profilename)
+ self.assertEqual(apparmor.get_profile_flags(local_profilename), 'audit', 'Complain flag could not be removed in profile %s'%local_profilename)
+
+ #Remove audit flag
+ subprocess.check_output('python ./../Tools/aa-audit.py -d ./profiles -r ntpd', shell=True)
# py2 here also, and will also fail if ntpd is not installed
def test_enforce(self):
+ #Set ntpd profile to complain mode and check if it was correctly set
+ subprocess.check_output('python ./../Tools/aa-enforce.py -d ./profiles -r ntpd', shell=True)
# py2 here also, and will also fail if ntpd is not installed
+ local_profilename = apparmor.get_profile_filename(apparmor.get_full_path(apparmor.which('ntpd')))
# which will fail if ntpd is not installed
+ self.assertEqual(os.path.islink('./profiles/force-complain/%s'%os.path.basename(local_profilename)), True, 'Failed to create a symlink for %s in force-complain'%local_profilename)
+ self.assertEqual(apparmor.get_profile_flags(local_profilename), 'complain', 'Complain flag could not be set in profile %s'%local_profilename)
+
+
+ #Set ntpd profile to enforce mode and check if it was correctly set
+ subprocess.check_output('python ./../Tools/aa-enforce.py -d ./profiles ntpd', shell=True)
# py2 here also, and will also fail if ntpd is not installed
+ local_profilename = apparmor.get_profile_filename(apparmor.get_full_path(apparmor.which('ntpd')))
# which will fail if ntpd is not installed
+ self.assertEqual(os.path.islink('./profiles/force-complain/%s'%os.path.basename(local_profilename)), False, 'Failed to remove symlink for %s from force-complain'%local_profilename)
+ self.assertEqual(os.path.islink('./profiles/disable/%s'%os.path.basename(local_profilename)), False, 'Failed to remove symlink for %s from disable'%local_profilename)
+ self.assertEqual(apparmor.get_profile_flags(local_profilename), None, 'Complain flag could not be removed in profile %s'%local_profilename)
def test_disable(self):
- pass
+ #Disable the ntpd profile and check if it was correctly disabled
+ subprocess.check_output('python ./../Tools/aa-disable.py -d ./profiles ntpd', shell=True)
# py2 here also, and will also fail if ntpd is not installed
+ local_profilename = apparmor.get_profile_filename(apparmor.get_full_path(apparmor.which('ntpd')))
# which will fail if ntpd is not installed
+ self.assertEqual(os.path.islink('./profiles/disable/%s'%os.path.basename(local_profilename)), True, 'Failed to create a symlink for %s in disable'%local_profilename)
+
+ #Enable the ntpd profile and check if it was correctly re-enabled
+ subprocess.check_output('python ./../Tools/aa-disable.py -d ./profiles -r ntpd', shell=True)
# py2 here also, and will also fail if ntpd is not installed
+ local_profilename = apparmor.get_profile_filename(apparmor.get_full_path(apparmor.which('ntpd')))
# which will fail if ntpd is not installed (did I mention this already?)
+ self.assertEqual(os.path.islink('./profiles/disable/%s'%os.path.basename(local_profilename)), False, 'Failed to remove a symlink for %s from disable'%local_profilename)
+
+ if os.path.exists('./profiles'):
+ shutil.rmtree('./profiles')
+
+ #copy the local profiles to the test directory
+ shutil.copytree('/etc/apparmor.d', './profiles', symlinks=True)
# better take the profiles from the tarball or an apparmor bzr checkout
# to avoid getting user-modified profiles
=== modified file 'Testing/severity_test.py'
--- Testing/severity_test.py 2013-08-29 22:24:31 +0000
+++ Testing/severity_test.py 2013-08-30 22:38:26 +0000
@@ -11,11 +12,15 @@
def setUp(self):
#copy the local profiles to the test directory
- shutil.copytree('/etc/apparmor.d/', './profiles/')
+ if os.path.exists('./profiles'):
+ shutil.rmtree('./profiles')
+ shutil.copytree('/etc/apparmor.d/', './profiles/', symlinks=True)
# better take the profiles from the tarball or an apparmor bzr checkout
# to avoid getting user-modified profiles
=== modified file 'apparmor/aa.py'
--- apparmor/aa.py 2013-08-29 22:24:31 +0000
+++ apparmor/aa.py 2013-08-30 22:38:26 +0000
@@ -152,13 +152,14 @@
def which(file):
"""Returns the executable fullpath for the file, None otherwise"""
+ return shutil.which(file)
# does this mean apparmor.which is superfluous and you could just use shutil.which everywhere?
@@ -502,7 +511,7 @@
write_profile(pname)
if complain:
fname = get_profile_filename(pname)
- set_profile_flags(fname, 'complain')
+ set_profile_flags(profile_dir + fname, 'complain')
# missing third parameter
=== modified file 'apparmor/tools.py'
--- apparmor/tools.py 2013-08-29 22:24:31 +0000
+++ apparmor/tools.py 2013-08-30 22:38:26 +0000
@@ -45,12 +45,12 @@
if which:
program = apparmor.get_full_path(which)
- if not os.path.exists(program):
- apparmor.UI_Info(_('The given program cannot be found, please try with the fully qualified path name of the program: '))
- program = apparmor.UI_GetString('', '')
+ if not program or not os.path.exists(program):
+ program = apparmor.UI_GetString(_('The given program cannot be found, please try with the fully qualified path name of the program: '), '')
# you'll see this message also if the full path is specified...
# (there's no check for program.startswith('/')
vim:ft=diff
More information about the AppArmor
mailing list