[apparmor] [patch] Add tests for various rules outside of a profile

[Christian Boltz]

Hello,

$subject ;-)

All of those tests are expected to fail.


[ add-tests-for-rules-outside-of-profile.diff ]

=== added file 'parser/tst/simple_tests/capability/bad_outside1.sd'
--- parser/tst/simple_tests/capability/bad_outside1.sd  1970-01-01 00:00:00 +0000
+++ parser/tst/simple_tests/capability/bad_outside1.sd  2015-10-18 16:10:45 +0000
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION capability rule outside of a profile
+#=EXRESULT FAIL
+#
+
+capability,
+

=== added file 'parser/tst/simple_tests/change_profile/bad_outside_1.sd'
--- parser/tst/simple_tests/change_profile/bad_outside_1.sd     1970-01-01 00:00:00 +0000
+++ parser/tst/simple_tests/change_profile/bad_outside_1.sd     2015-10-18 16:15:25 +0000
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION change_profile rule outside of a profile
+#=EXRESULT FAIL
+#
+
+change_profile -> /bin/foo,
+

=== added file 'parser/tst/simple_tests/dbus/bad_outside_1.sd'
--- parser/tst/simple_tests/dbus/bad_outside_1.sd       1970-01-01 00:00:00 +0000
+++ parser/tst/simple_tests/dbus/bad_outside_1.sd       2015-10-18 16:19:26 +0000
@@ -0,0 +1,5 @@
+#
+#=DESCRIPTION dbus rule outside of a profile
+#=EXRESULT FAIL
+
+dbus name=(SomeService),

=== added file 'parser/tst/simple_tests/file/bad_bare_file_outside.sd'
--- parser/tst/simple_tests/file/bad_bare_file_outside.sd       1970-01-01 00:00:00 +0000
+++ parser/tst/simple_tests/file/bad_bare_file_outside.sd       2015-10-18 16:16:57 +0000
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION bare file rule outside of a profile
+#=EXRESULT FAIL
+#
+
+file,
+

=== added file 'parser/tst/simple_tests/file/bad_link_outside.sd'
--- parser/tst/simple_tests/file/bad_link_outside.sd    1970-01-01 00:00:00 +0000
+++ parser/tst/simple_tests/file/bad_link_outside.sd    2015-10-18 16:12:27 +0000
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION link rule outside of a profile
+#=EXRESULT FAIL
+#
+
+deny link /alpha/beta -> /tmp/**,
+

=== added file 'parser/tst/simple_tests/mount/bad_outside_1.sd'
--- parser/tst/simple_tests/mount/bad_outside_1.sd      1970-01-01 00:00:00 +0000
+++ parser/tst/simple_tests/mount/bad_outside_1.sd      2015-10-18 16:20:23 +0000
@@ -0,0 +1,6 @@
+#
+#=Description mount rule outside of a profile
+#=EXRESULT FAIL
+#
+
+  mount,

=== added file 'parser/tst/simple_tests/network/bad_network_outside_1.sd'
--- parser/tst/simple_tests/network/bad_network_outside_1.sd    1970-01-01 00:00:00 +0000
+++ parser/tst/simple_tests/network/bad_network_outside_1.sd    2015-10-18 16:26:55 +0000
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION network rule outside of a profile
+#=EXRESULT FAIL
+#
+
+network,
+

=== added file 'parser/tst/simple_tests/ptrace/bad_outside_01.sd'
--- parser/tst/simple_tests/ptrace/bad_outside_01.sd    1970-01-01 00:00:00 +0000
+++ parser/tst/simple_tests/ptrace/bad_outside_01.sd    2015-10-18 16:21:59 +0000
@@ -0,0 +1,7 @@
+#
+#=Description ptrace all rule outside of a profile
+#=EXRESULT FAIL
+#
+
+  ptrace,
+

=== added file 'parser/tst/simple_tests/rlimits/bad_rlimit_outside_01.sd'
--- parser/tst/simple_tests/rlimits/bad_rlimit_outside_01.sd    1970-01-01 00:00:00 +0000
+++ parser/tst/simple_tests/rlimits/bad_rlimit_outside_01.sd    2015-10-18 16:16:15 +0000
@@ -0,0 +1,5 @@
+#
+#=DESCRIPTION simple cpu rlimit rule outside of a profile
+#=EXRESULT FAIL
+
+set rlimit cpu <= 1024,

=== added file 'parser/tst/simple_tests/signal/bad_outside_01.sd'
--- parser/tst/simple_tests/signal/bad_outside_01.sd    1970-01-01 00:00:00 +0000
+++ parser/tst/simple_tests/signal/bad_outside_01.sd    2015-10-18 16:21:20 +0000
@@ -0,0 +1,7 @@
+#
+#=Description signal rule outside of a profile
+#=EXRESULT FAIL
+#
+
+  signal,
+

=== added file 'parser/tst/simple_tests/unix/bad_outside_1.sd'
--- parser/tst/simple_tests/unix/bad_outside_1.sd       1970-01-01 00:00:00 +0000
+++ parser/tst/simple_tests/unix/bad_outside_1.sd       2015-10-18 16:24:03 +0000
@@ -0,0 +1,5 @@
+#
+#=DESCRIPTION unix accept rule outside of a profile
+#=EXRESULT FAIL
+
+  unix accept,



Regards,

Christian Boltz
-- 
switch2nvidia:
  * fixed disabling Composite extension; script replaced "Option"
    with "Optioff" :-(
[Stefan Dirsch in opensuse-commit]