[Bug 1553797] Re: Provide a way to Update AppArmor rules for click tests only once

Martin Pitt martin.pitt at ubuntu.com
Wed Mar 9 15:55:07 UTC 2016 

Summary from IRC discussion:

This isn't sufficient yet as it will still need to regenerate the
profiles at the beginning, due to the changing /tmp/adt-run.XXXX paths.
It's also a bit ugly as this is supposed to be an internal
implementation detail which I wouldn't like to expose for eternity in a
command line option.

Alternative proposal:

 (1) apparmor_click() should become a no-op if /var/cache/apparmor/click-ap.rules already exists (http://paste.ubuntu.com/15335183/)
 (2) apparmor_restore_click() is already a no-op if apparmor_click() didn't do anything (no change needed)
 (3) add a setup script which sets a blanket /tmp/adt-run.*/** in the AppArmor policy, so that it works for any run

This would keep the current "correct, but slow" behavior, avoids
exposing the internals as CLI args, but if you choose to use the setup
script once (either manually after you (re)install the phone, or via
adt-run --setup-commands) then adt-run will not touch the apparmor
profiles at all, and things should be fast.

The script should look like this:

---------- 8< -----------------
cat <<EOF > /var/cache/apparmor/click-ap.rules
dbus (receive, send) bus=session path=/com/canonical/Autopilot/**,
/tmp/adt-run.** r,
---------- 8< -----------------

Omer, could you test the above patch and that setup script and make sure
it DTRT?

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to autopkgtest in Ubuntu.
https://bugs.launchpad.net/bugs/1553797

Title:
  Provide a way to Update AppArmor rules for click tests only once

Status in autopkgtest package in Ubuntu:
  New

Bug description:
  We use autopkgtest in ubuntu-system-tests project to run those tests
  on the touch device. While developing the tests, it becomes a bit of a
  challenge to run the tests as it takes a few moment to update AppArmor
  rules for click.

  As part of profiling for ubuntu-system-tests, we found it takes more
  than a minute each time to update AppArmor rules. So we probably need
  some kind of parameter to adt-run to not delete the
  /var/cache/apparmor/click-ap.rules file after running tests.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/autopkgtest/+bug/1553797/+subscriptions

More information about the foundations-bugs mailing list