[apparmor] [PATCH 4/4] tests: Update code to correctly use the terms context and label

Tyler Hicks tyhicks at canonical.com
Tue Feb 10 00:06:24 UTC 2015 

There are two things that I missed, mentioned below. I've made these
changes locally.

On 2015-02-09 16:37:59, Tyler Hicks wrote:
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
> ---
>  tests/regression/apparmor/pivot_root.c | 30 +++++++++++++++---------------
>  tests/regression/apparmor/socketpair.c | 26 +++++++++++++-------------
>  2 files changed, 28 insertions(+), 28 deletions(-)
> 
> diff --git a/tests/regression/apparmor/pivot_root.c b/tests/regression/apparmor/pivot_root.c
> index 1b6ac94..6a1d4eb 100644
> --- a/tests/regression/apparmor/pivot_root.c
> +++ b/tests/regression/apparmor/pivot_root.c
> @@ -31,7 +31,7 @@
>  struct clone_arg {
>  	const char *put_old;
>  	const char *new_root;
> -	const char *expected_con;
> +	const char *expected_label;
>  };
>  
>  static int _pivot_root(const char *new_root, const char *put_old)
> @@ -44,12 +44,12 @@ static int _pivot_root(const char *new_root, const char *put_old)
>  #endif
>  }
>  
> -static int pivot_and_verify_con(void *arg)
> +static int pivot_and_verify_label(void *arg)
>  {
>  	const char *put_old = ((struct clone_arg *)arg)->put_old;
>  	const char *new_root = ((struct clone_arg *)arg)->new_root;
> -	const char *expected_con = ((struct clone_arg *)arg)->expected_con;
> -	char *con;
> +	const char *expected_label = ((struct clone_arg *)arg)->expected_label;
> +	char *label;
>  	int rc;
>  
>  	rc = chdir(new_root);
> @@ -64,19 +64,19 @@ static int pivot_and_verify_con(void *arg)
>  		exit(101);
>  	}
>  
> -	rc = aa_getcon(&con, NULL);
> +	rc = aa_getcon(&label, NULL);
>  	if (rc < 0) {
>  		perror("FAIL - aa_getcon");
>  		exit(102);
>  	}
>  
> -	if (strcmp(expected_con, con)) {
> -		fprintf(stderr, "FAIL - expected_con (%s) != con (%s)\n",
> -			expected_con, con);
> +	if (strcmp(expected_label, label)) {
> +		fprintf(stderr, "FAIL - expected_label (%s) != label (%s)\n",
> +			expected_label, label);
>  		exit(103);
>  	}
>  
> -	free(con);
> +	free(label);
>  	exit(0);
>  }
>  
> @@ -86,10 +86,10 @@ static pid_t _clone(int (*fn)(void *), void *arg)
>          void *stack = alloca(stack_size);
>  
>  #ifdef __ia64__
> -        return __clone2(pivot_and_verify_con, stack,  stack_size,
> +        return __clone2(pivot_and_verify_label, stack,  stack_size,
>  			CLONE_NEWNS | SIGCHLD, arg);
>  #else
> -        return    clone(pivot_and_verify_con, stack + stack_size,
> +        return    clone(pivot_and_verify_label, stack + stack_size,
>  			CLONE_NEWNS | SIGCHLD, arg);
>  #endif
>  }
> @@ -105,19 +105,19 @@ int main(int argc, char **argv)
>  			"FAIL - usage: %s <PUT_OLD> <NEW_ROOT> <PROFILE>\n\n"

I missed changing <PROFILE> to <LABEL> here.

Tyler

>  			"  <PUT_OLD>\t\tThe put_old param of pivot_root()\n"
>  			"  <NEW_ROOT>\t\tThe new_root param of pivot_root()\n"
> -			"  <PROFILE>\t\tThe expected AA context after pivoting\n\n"
> +			"  <LABEL>\t\tThe expected AA label after pivoting\n\n"
>  			"This program clones itself in a new mount namespace, \n"
>  			"does a pivot and then calls aa_getcon(). The test fails \n"
> -			"if <PROFILE> does not match the context returned by \n"
> +			"if <PROFILE> does not match the label returned by \n"
>  			"aa_getcon().\n", argv[0]);
>  		exit(1);
>  	}
>  
>  	arg.put_old      = argv[1];
>  	arg.new_root     = argv[2];
> -	arg.expected_con = argv[3];
> +	arg.expected_label = argv[3];
>  
> -	child = _clone(pivot_and_verify_con, &arg);
> +	child = _clone(pivot_and_verify_label, &arg);
>  	if (child < 0) {
>  		perror("FAIL - clone");
>  		exit(2);
> diff --git a/tests/regression/apparmor/socketpair.c b/tests/regression/apparmor/socketpair.c
> index 9a64ba7..06125d5 100644
> --- a/tests/regression/apparmor/socketpair.c
> +++ b/tests/regression/apparmor/socketpair.c
> @@ -51,13 +51,13 @@ static int get_socketpair(int pair[2])
>  }
>  
>  static int verify_confinement_context(int fd, const char *fd_name,
> -				      const char *expected_con,
> +				      const char *expected_label,
>  				      const char *expected_mode)
>  {
> -	char *con, *mode;
> +	char *label, *mode;
>  	int rc;
>  
> -	rc = aa_getpeercon(fd, &con, &mode);
> +	rc = aa_getpeercon(fd, &label, &mode);
>  	if (rc < 0) {
>  		fprintf(stderr, "FAIL - %s: aa_getpeercon(%d, , ): %m",
>  			fd_name, fd);
> @@ -67,10 +67,10 @@ static int verify_confinement_context(int fd, const char *fd_name,
>  	if (!mode)
>  		mode = NO_MODE;
>  
> -	if (strcmp(con, expected_con)) {
> +	if (strcmp(label, expected_label)) {
>  		fprintf(stderr,
> -			"FAIL - %s: con \"%s\" != expected_con \"%s\"\n",
> -			fd_name, con, expected_con);
> +			"FAIL - %s: label \"%s\" != expected_label \"%s\"\n",
> +			fd_name, label, expected_label);
>  		rc = 2;
>  		goto out;
>  	}
> @@ -85,7 +85,7 @@ static int verify_confinement_context(int fd, const char *fd_name,
>  
>  	rc = 0;
>  out:
> -	free(con);
> +	free(label);
>  	return rc;
>  }
>  
> @@ -133,17 +133,17 @@ static int reexec(int pair[2], int argc, char **argv)
>  
>  int main(int argc, char **argv)
>  {
> -	char *expected_con, *expected_mode;
> +	char *expected_label, *expected_mode;
>  	int pair[2], rc;
>  
>  	if (argc < 3) {
>  		fprintf(stderr,
>  			"FAIL - usage: %s <CON> <MODE> [<CHANGE_ONEXEC> ...]\n\n"

I missed changing <CON> to <LABEL> here.

> -			"  <CON>\t\tThe expected confinement context\n"
> +			"  <LABEL>\t\tThe expected confinement label\n"
>  			"  <MODE>\tThe expected confinement mode\n"
>  			"  <CHANGE_ONEXEC>\tThe profile to change to on exec\n\n"
>  			"This program gets a socket pair and then verifies \n"
> -			"the confinement context and mode of each file \n"
> +			"the confinement label and mode of each file \n"
>  			"descriptor. If there is no expected mode string, \n"
>  			"<MODE> should be \"%s\".\n\n"
>  			"Multiple <CHANGE_ONEXEC> profiles can be specified \n"
> @@ -162,17 +162,17 @@ int main(int argc, char **argv)
>  	if (get_socketpair(pair))
>  		exit(2);
>  
> -	expected_con = argv[1];
> +	expected_label = argv[1];
>  	expected_mode = argv[2];
>  
>  	if (verify_confinement_context(pair[0], "pair[0]",
> -				       expected_con, expected_mode)) {
> +				       expected_label, expected_mode)) {
>  		rc = 3;
>  		goto out;
>  	}
>  
>  	if (verify_confinement_context(pair[1], "pair[1]",
> -				       expected_con, expected_mode)) {
> +				       expected_label, expected_mode)) {
>  		rc = 4;
>  		goto out;
>  	}
> -- 
> 2.1.0
> 
> 
> -- 
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150209/b5d848bf/attachment.pgp>

More information about the AppArmor mailing list