[apparmor] [PATCH 4/4] tests: Update code to correctly use the terms context and label

John Johansen john.johansen at canonical.com
Tue Feb 10 00:16:26 UTC 2015 

On 02/09/2015 04:06 PM, Tyler Hicks wrote:
> There are two things that I missed, mentioned below. I've made these
> changes locally.
> 
Arguable whether the profile change was needed, but I'm not arguing against
making the change.

It looks good, thanks

Acked-by: John Johansen <john.johansen at canonical.com>

> On 2015-02-09 16:37:59, Tyler Hicks wrote:
>> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
>> ---
>>  tests/regression/apparmor/pivot_root.c | 30 +++++++++++++++---------------
>>  tests/regression/apparmor/socketpair.c | 26 +++++++++++++-------------
>>  2 files changed, 28 insertions(+), 28 deletions(-)
>>
>> diff --git a/tests/regression/apparmor/pivot_root.c b/tests/regression/apparmor/pivot_root.c
>> index 1b6ac94..6a1d4eb 100644
>> --- a/tests/regression/apparmor/pivot_root.c
>> +++ b/tests/regression/apparmor/pivot_root.c
>> @@ -31,7 +31,7 @@
>>  struct clone_arg {
>>  	const char *put_old;
>>  	const char *new_root;
>> -	const char *expected_con;
>> +	const char *expected_label;
>>  };
>>  
>>  static int _pivot_root(const char *new_root, const char *put_old)
>> @@ -44,12 +44,12 @@ static int _pivot_root(const char *new_root, const char *put_old)
>>  #endif
>>  }
>>  
>> -static int pivot_and_verify_con(void *arg)
>> +static int pivot_and_verify_label(void *arg)
>>  {
>>  	const char *put_old = ((struct clone_arg *)arg)->put_old;
>>  	const char *new_root = ((struct clone_arg *)arg)->new_root;
>> -	const char *expected_con = ((struct clone_arg *)arg)->expected_con;
>> -	char *con;
>> +	const char *expected_label = ((struct clone_arg *)arg)->expected_label;
>> +	char *label;
>>  	int rc;
>>  
>>  	rc = chdir(new_root);
>> @@ -64,19 +64,19 @@ static int pivot_and_verify_con(void *arg)
>>  		exit(101);
>>  	}
>>  
>> -	rc = aa_getcon(&con, NULL);
>> +	rc = aa_getcon(&label, NULL);
>>  	if (rc < 0) {
>>  		perror("FAIL - aa_getcon");
>>  		exit(102);
>>  	}
>>  
>> -	if (strcmp(expected_con, con)) {
>> -		fprintf(stderr, "FAIL - expected_con (%s) != con (%s)\n",
>> -			expected_con, con);
>> +	if (strcmp(expected_label, label)) {
>> +		fprintf(stderr, "FAIL - expected_label (%s) != label (%s)\n",
>> +			expected_label, label);
>>  		exit(103);
>>  	}
>>  
>> -	free(con);
>> +	free(label);
>>  	exit(0);
>>  }
>>  
>> @@ -86,10 +86,10 @@ static pid_t _clone(int (*fn)(void *), void *arg)
>>          void *stack = alloca(stack_size);
>>  
>>  #ifdef __ia64__
>> -        return __clone2(pivot_and_verify_con, stack,  stack_size,
>> +        return __clone2(pivot_and_verify_label, stack,  stack_size,
>>  			CLONE_NEWNS | SIGCHLD, arg);
>>  #else
>> -        return    clone(pivot_and_verify_con, stack + stack_size,
>> +        return    clone(pivot_and_verify_label, stack + stack_size,
>>  			CLONE_NEWNS | SIGCHLD, arg);
>>  #endif
>>  }
>> @@ -105,19 +105,19 @@ int main(int argc, char **argv)
>>  			"FAIL - usage: %s <PUT_OLD> <NEW_ROOT> <PROFILE>\n\n"
> 
> I missed changing <PROFILE> to <LABEL> here.
> 
> Tyler
> 
>>  			"  <PUT_OLD>\t\tThe put_old param of pivot_root()\n"
>>  			"  <NEW_ROOT>\t\tThe new_root param of pivot_root()\n"
>> -			"  <PROFILE>\t\tThe expected AA context after pivoting\n\n"
>> +			"  <LABEL>\t\tThe expected AA label after pivoting\n\n"
>>  			"This program clones itself in a new mount namespace, \n"
>>  			"does a pivot and then calls aa_getcon(). The test fails \n"
>> -			"if <PROFILE> does not match the context returned by \n"
>> +			"if <PROFILE> does not match the label returned by \n"
>>  			"aa_getcon().\n", argv[0]);
>>  		exit(1);
>>  	}
>>  
>>  	arg.put_old      = argv[1];
>>  	arg.new_root     = argv[2];
>> -	arg.expected_con = argv[3];
>> +	arg.expected_label = argv[3];
>>  
>> -	child = _clone(pivot_and_verify_con, &arg);
>> +	child = _clone(pivot_and_verify_label, &arg);
>>  	if (child < 0) {
>>  		perror("FAIL - clone");
>>  		exit(2);
>> diff --git a/tests/regression/apparmor/socketpair.c b/tests/regression/apparmor/socketpair.c
>> index 9a64ba7..06125d5 100644
>> --- a/tests/regression/apparmor/socketpair.c
>> +++ b/tests/regression/apparmor/socketpair.c
>> @@ -51,13 +51,13 @@ static int get_socketpair(int pair[2])
>>  }
>>  
>>  static int verify_confinement_context(int fd, const char *fd_name,
>> -				      const char *expected_con,
>> +				      const char *expected_label,
>>  				      const char *expected_mode)
>>  {
>> -	char *con, *mode;
>> +	char *label, *mode;
>>  	int rc;
>>  
>> -	rc = aa_getpeercon(fd, &con, &mode);
>> +	rc = aa_getpeercon(fd, &label, &mode);
>>  	if (rc < 0) {
>>  		fprintf(stderr, "FAIL - %s: aa_getpeercon(%d, , ): %m",
>>  			fd_name, fd);
>> @@ -67,10 +67,10 @@ static int verify_confinement_context(int fd, const char *fd_name,
>>  	if (!mode)
>>  		mode = NO_MODE;
>>  
>> -	if (strcmp(con, expected_con)) {
>> +	if (strcmp(label, expected_label)) {
>>  		fprintf(stderr,
>> -			"FAIL - %s: con \"%s\" != expected_con \"%s\"\n",
>> -			fd_name, con, expected_con);
>> +			"FAIL - %s: label \"%s\" != expected_label \"%s\"\n",
>> +			fd_name, label, expected_label);
>>  		rc = 2;
>>  		goto out;
>>  	}
>> @@ -85,7 +85,7 @@ static int verify_confinement_context(int fd, const char *fd_name,
>>  
>>  	rc = 0;
>>  out:
>> -	free(con);
>> +	free(label);
>>  	return rc;
>>  }
>>  
>> @@ -133,17 +133,17 @@ static int reexec(int pair[2], int argc, char **argv)
>>  
>>  int main(int argc, char **argv)
>>  {
>> -	char *expected_con, *expected_mode;
>> +	char *expected_label, *expected_mode;
>>  	int pair[2], rc;
>>  
>>  	if (argc < 3) {
>>  		fprintf(stderr,
>>  			"FAIL - usage: %s <CON> <MODE> [<CHANGE_ONEXEC> ...]\n\n"
> 
> I missed changing <CON> to <LABEL> here.
> 
>> -			"  <CON>\t\tThe expected confinement context\n"
>> +			"  <LABEL>\t\tThe expected confinement label\n"
>>  			"  <MODE>\tThe expected confinement mode\n"
>>  			"  <CHANGE_ONEXEC>\tThe profile to change to on exec\n\n"
>>  			"This program gets a socket pair and then verifies \n"
>> -			"the confinement context and mode of each file \n"
>> +			"the confinement label and mode of each file \n"
>>  			"descriptor. If there is no expected mode string, \n"
>>  			"<MODE> should be \"%s\".\n\n"
>>  			"Multiple <CHANGE_ONEXEC> profiles can be specified \n"
>> @@ -162,17 +162,17 @@ int main(int argc, char **argv)
>>  	if (get_socketpair(pair))
>>  		exit(2);
>>  
>> -	expected_con = argv[1];
>> +	expected_label = argv[1];
>>  	expected_mode = argv[2];
>>  
>>  	if (verify_confinement_context(pair[0], "pair[0]",
>> -				       expected_con, expected_mode)) {
>> +				       expected_label, expected_mode)) {
>>  		rc = 3;
>>  		goto out;
>>  	}
>>  
>>  	if (verify_confinement_context(pair[1], "pair[1]",
>> -				       expected_con, expected_mode)) {
>> +				       expected_label, expected_mode)) {
>>  		rc = 4;
>>  		goto out;
>>  	}
>> -- 
>> 2.1.0
>>
>>
>> -- 
>> AppArmor mailing list
>> AppArmor at lists.ubuntu.com
>> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
>>
>>

More information about the AppArmor mailing list