[apparmor] [patch] rewrite set_profile_flags() to use write_header()
Steve Beattie
steve at nxnw.org
Thu Apr 2 18:15:41 UTC 2015
On Sun, Mar 15, 2015 at 10:20:16PM +0100, Christian Boltz wrote:
> Changes in set_profile_flags():
> - rewrite set_profile_flags to use parse_profile_start_line() and
> write_header().
> - replace the silent failure for non-existing files with a proper
> exception (using lazy programming - the check is done by removing the
> "if os.path.isfile()" check, open_file_read then raises the
> exception ;-)
> - comment out regex_hat_flag and the code that was supposed to handle
> hat flags, which were totally broken. We'll need another patch to fix
> it, and we also need to decide if we want to do that because it
> introduces a behaviour change (currently, aa-complain etc. don't
> change hat flags).
>
> The tests for set_profile_flags() are also updated:
> - prepend a space to comments because write_header always adds a space
> between '{' and the comment
> - remove a test with superfluous quotes that are no longer kept (that's
> just a profile cleanup, so dropping that test is the easiest way)
> - update test_set_flags_10 and test_set_flags_12 to use the correct
> profile name
> - enable the tests for invalid (empty) flags
> - update the test for a non-existing file
>
> Note: test_set_flags_10, test_set_flags_12 and test_set_flags_nochange_09
> will fail with this patch applied. The next patch will fix that.
More than that fail under python2.7 with this patch:
$ PYTHONPATH=.. python test-aa.py 2>&1 | grep ^FAIL
FAIL: test_set_flags_10 (__main__.AaTest_set_profile_flags)
FAIL: test_set_flags_12 (__main__.AaTest_set_profile_flags)
FAIL: test_set_flags_nochange_02 (__main__.AaTest_set_profile_flags)
FAIL: test_set_flags_nochange_05 (__main__.AaTest_set_profile_flags)
FAIL: test_set_flags_nochange_06 (__main__.AaTest_set_profile_flags)
FAIL: test_set_flags_nochange_07 (__main__.AaTest_set_profile_flags)
FAIL: test_set_flags_nochange_09 (__main__.AaTest_set_profile_flags)
FAILED (failures=7)
as opposed to
$ PYTHONPATH=.. python3 test-aa.py 2>&1 | grep ^FAIL
FAIL: test_set_flags_10 (__main__.AaTest_set_profile_flags)
FAIL: test_set_flags_12 (__main__.AaTest_set_profile_flags)
FAIL: test_set_flags_nochange_09 (__main__.AaTest_set_profile_flags)
FAILED (failures=3)
This is as far as I've gotten with debugging (thanks to nose
being able to drop me into pdb on a test failiure), this is how
AaTest_set_profile_flags.test_set_flags_nochange_02 is failing:
(Pdb) print new_prof
/foo flags=( complain ) {
#include <abstractions/base>
capability chown,
/bar r,
}
(Pdb) print real_new_prof
/foo flags=( complain ) {
#include <abstractions/base>
capability chown,
/bar r,
}
Note the extra space at the beginning of the profile name line in
new_prof? I haven't figured out why that gets added, and why it only
gets added with python 2.7.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150402/76a250e3/attachment.pgp>
More information about the AppArmor
mailing list