feat(profile): add needrestart-vmlinuz-get-version & tests for needrestart.

2025-01-23 19:38:12 +01:00 · 2024-11-21 19:39:55 +00:00 · 2024-11-21 19:39:55 +00:00 · 3960f20f00
commit 3960f20f00
parent 5237ab3989
3 changed files with 73 additions and 2 deletions
--- a/apparmor.d/profiles-m-r/needrestart
+++ b/apparmor.d/profiles-m-r/needrestart
@ -35,11 +35,11 @@ profile needrestart @{exec_path} flags=(attach_disconnected) {
  @{bin}/stty                              rix,
  @{bin}/systemctl                         rCx -> systemctl,
  @{bin}/systemd-detect-virt               rPx,
-  @{bin}/udevadm                           rPx,
+  @{bin}/udevadm                           rCx -> udevadm,
  @{bin}/unix_chkpwd                       rPx,
  @{bin}/whiptail                          rPx,
  @{bin}/who                               rix,
-  @{lib}/needrestart/iucode-scan-versions  rPx,
+  @{lib}/needrestart/*                     rPx,
  /usr/share/debconf/frontend              rix,

  @{bin}/networkd-dispatcher r,
@ -88,6 +88,13 @@ profile needrestart @{exec_path} flags=(attach_disconnected) {
    include if exists <local/needrestart_systemctl>
  }

+  profile udevadm {
+    include <abstractions/base>
+    include <abstractions/app/udevadm>
+
+    include if exists <local/needrestart_udevadm>
+  }
+
  include if exists <local/needrestart>
 }

--- a/apparmor.d/profiles-m-r/needrestart-vmlinuz-get-version
+++ b/apparmor.d/profiles-m-r/needrestart-vmlinuz-get-version
@ -0,0 +1,30 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{lib}/needrestart/vmlinuz-get-version
+profile needrestart-vmlinuz-get-version @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/consoles>
+
+  @{exec_path} mr,
+
+  @{sh_path}                   rix,
+  @{bin}/grep                  rix,
+  @{bin}/mktemp                rix,
+  @{bin}/rm                    rix,
+  @{bin}/tr                    rix,
+  @{bin}/which{,.debianutils}  rix,
+
+  /boot/vmlinuz* r,
+
+  owner @{tmp}/tmp.@{rand10} rw,
+
+  include if exists <local/needrestart-vmlinuz-get-version>
+}
+
+# vim:syntax=apparmor
--- a/tests/bats/needrestart.bats
+++ b/tests/bats/needrestart.bats
@ -0,0 +1,34 @@
+#!/usr/bin/env bats
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+load common
+
+@test "needrestart: List outdated processes" {
+    needrestart
+}
+
+@test "needrestart: Interactively restart services" {
+    sudo needrestart
+}
+
+@test "needrestart: List outdated processes in verbose mode" {
+    needrestart -v
+}
+
+@test "needrestart: Check if the kernel is outdated" {
+    needrestart -k
+}
+
+@test "needrestart: Check if the CPU microcode is outdated" {
+    needrestart -w
+}
+
+@test "needrestart: List outdated processes in batch mode" {
+    needrestart -b
+}
+
+@test "needrestart: Display help" {
+    needrestart --help
+}