mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-11-14 23:43:56 +01:00
test(aa-log): update tests to the last changes.
This commit is contained in:
Alexandre Pujol
parent
e1f665aec1
commit
a8c18f9b94
@ -118,14 +118,20 @@ func (r *File) String() string {
|
||||
}
|
||||
|
||||
func (r *File) Validate() error {
|
||||
if r.Path == "" && r.Target == "" && len(r.Access) == 0 {
|
||||
return nil // rule: `file` or `owner file`
|
||||
}
|
||||
if !isAARE(r.Path) {
|
||||
return fmt.Errorf("'%s' is not a valid AARE", r.Path)
|
||||
}
|
||||
if len(r.Access) == 0 {
|
||||
return fmt.Errorf("missing file access")
|
||||
}
|
||||
for _, v := range r.Access {
|
||||
if v == "" {
|
||||
continue
|
||||
}
|
||||
if !slices.Contains(requirements[r.Kind()]["access"], v) ||
|
||||
if !slices.Contains(requirements[r.Kind()]["access"], v) &&
|
||||
!slices.Contains(requirements[r.Kind()]["transition"], v) {
|
||||
return fmt.Errorf("invalid mode '%s'", v)
|
||||
}
|
||||
|
||||
@ -187,11 +187,11 @@ func parseParagraph(input string) (Rules, error) {
|
||||
}
|
||||
|
||||
res = append(res, rrr...)
|
||||
for _, r := range res {
|
||||
if r.Constraint() == PreambleRule {
|
||||
return nil, fmt.Errorf("Rule not allowed in block: %s", r)
|
||||
}
|
||||
}
|
||||
// for _, r := range res {
|
||||
// if r.Constraint() == PreambleRule {
|
||||
// return nil, fmt.Errorf("Rule not allowed in block: %s", r)
|
||||
// }
|
||||
// }
|
||||
return res, nil
|
||||
}
|
||||
|
||||
|
||||
@ -843,7 +843,7 @@ var (
|
||||
raw string
|
||||
apparmor *AppArmorProfileFile
|
||||
wParseErr bool
|
||||
wRules []Rules
|
||||
wRules ParaRules
|
||||
wParseRulesErr bool
|
||||
}{
|
||||
{
|
||||
@ -851,7 +851,7 @@ var (
|
||||
raw: "",
|
||||
apparmor: &AppArmorProfileFile{},
|
||||
wParseErr: false,
|
||||
wRules: []Rules{},
|
||||
wRules: ParaRules{},
|
||||
wParseRulesErr: false,
|
||||
},
|
||||
{
|
||||
@ -875,7 +875,7 @@ var (
|
||||
},
|
||||
},
|
||||
wParseErr: false,
|
||||
wRules: []Rules{},
|
||||
wRules: ParaRules{},
|
||||
wParseRulesErr: false,
|
||||
},
|
||||
{
|
||||
@ -914,7 +914,7 @@ var (
|
||||
},
|
||||
},
|
||||
wParseErr: false,
|
||||
wRules: []Rules{},
|
||||
wRules: ParaRules{},
|
||||
wParseRulesErr: false,
|
||||
},
|
||||
{
|
||||
@ -943,7 +943,7 @@ var (
|
||||
},
|
||||
},
|
||||
wParseErr: false,
|
||||
wRules: []Rules{
|
||||
wRules: ParaRules{
|
||||
{
|
||||
&Include{IsMagic: true, Path: "abstractions/base"},
|
||||
&Include{IsMagic: true, Path: "abstractions/nameservice-strict"},
|
||||
@ -1050,7 +1050,7 @@ var (
|
||||
},
|
||||
},
|
||||
wParseErr: false,
|
||||
wRules: []Rules{
|
||||
wRules: ParaRules{
|
||||
{
|
||||
&Include{IsMagic: true, Path: "abstractions/base"},
|
||||
&Include{IsMagic: true, Path: "abstractions/nameservice-strict"},
|
||||
|
||||
@ -124,7 +124,7 @@ var (
|
||||
wString: "include if exists <local/foo>",
|
||||
},
|
||||
{
|
||||
name: "include/abs",
|
||||
name: "include-abs",
|
||||
rule: &Include{Path: "/usr/share/apparmor.d/", IsMagic: false},
|
||||
other: &Include{Path: "/usr/share/apparmor.d/", IsMagic: true},
|
||||
wCompare: -1,
|
||||
@ -190,7 +190,7 @@ var (
|
||||
wString: "capability net_admin,",
|
||||
},
|
||||
{
|
||||
name: "capability/multi",
|
||||
name: "capability-multi",
|
||||
rule: &Capability{Names: []string{"dac_override", "dac_read_search"}},
|
||||
other: capability2,
|
||||
wCompare: -15,
|
||||
@ -198,7 +198,7 @@ var (
|
||||
wString: "capability dac_override dac_read_search,",
|
||||
},
|
||||
{
|
||||
name: "capability/all",
|
||||
name: "capability-all",
|
||||
rule: &Capability{},
|
||||
other: capability2,
|
||||
wCompare: -1,
|
||||
@ -222,7 +222,7 @@ var (
|
||||
log: mount1Log,
|
||||
rule: mount1,
|
||||
other: mount2,
|
||||
wCompare: 38,
|
||||
wCompare: 37,
|
||||
wMerge: false,
|
||||
wString: "mount fstype=overlay overlay -> /var/lib/docker/overlay2/opaque-bug-check1209538631/merged/, # failed perms check",
|
||||
},
|
||||
@ -250,7 +250,7 @@ var (
|
||||
log: pivotroot1Log,
|
||||
rule: pivotroot1,
|
||||
other: pivotroot2,
|
||||
wCompare: 7,
|
||||
wCompare: -5,
|
||||
wMerge: false,
|
||||
wString: "pivot_root oldroot=@{run}/systemd/mount-rootfs/ @{run}/systemd/mount-rootfs/,",
|
||||
},
|
||||
@ -307,7 +307,7 @@ var (
|
||||
wString: "signal receive set=kill peer=firefox//&firejail-default,",
|
||||
},
|
||||
{
|
||||
name: "ptrace/xdg-document-portal",
|
||||
name: "ptrace-xdg-document-portal",
|
||||
fromLog: newPtraceFromLog,
|
||||
log: ptrace1Log,
|
||||
rule: ptrace1,
|
||||
@ -317,7 +317,7 @@ var (
|
||||
wString: "ptrace read peer=nautilus,",
|
||||
},
|
||||
{
|
||||
name: "ptrace/snap-update-ns.firefox",
|
||||
name: "ptrace-snap-update-ns.firefox",
|
||||
fromLog: newPtraceFromLog,
|
||||
log: ptrace2Log,
|
||||
rule: ptrace2,
|
||||
@ -355,7 +355,7 @@ var (
|
||||
wString: "dbus bind bus=session name=org.gnome.evolution.dataserver.Sources5,",
|
||||
},
|
||||
{
|
||||
name: "dbus/bind",
|
||||
name: "dbus-bind",
|
||||
rule: &Dbus{Access: []string{"bind"}, Bus: "session", Name: "org.gnome.*"},
|
||||
other: dbus2,
|
||||
wCompare: -39,
|
||||
@ -381,31 +381,33 @@ var (
|
||||
wString: "/usr/share/poppler/cMap/Identity-H r,",
|
||||
},
|
||||
{
|
||||
name: "file/empty",
|
||||
name: "file-all",
|
||||
rule: &File{},
|
||||
other: &File{},
|
||||
wCompare: 0,
|
||||
wMerge: true,
|
||||
wString: " ,",
|
||||
wString: " ,", // FIXME:
|
||||
},
|
||||
{
|
||||
name: "file/equal",
|
||||
rule: &File{Path: "/usr/share/poppler/cMap/Identity-H"},
|
||||
other: &File{Path: "/usr/share/poppler/cMap/Identity-H"},
|
||||
wCompare: 0,
|
||||
wMerge: true,
|
||||
wString: "/usr/share/poppler/cMap/Identity-H ,",
|
||||
name: "file-equal",
|
||||
rule: &File{Path: "/usr/share/poppler/cMap/Identity-H"},
|
||||
other: &File{Path: "/usr/share/poppler/cMap/Identity-H"},
|
||||
wValidErr: true,
|
||||
wCompare: 0,
|
||||
wMerge: true,
|
||||
wString: "/usr/share/poppler/cMap/Identity-H ,",
|
||||
},
|
||||
{
|
||||
name: "file/owner",
|
||||
rule: &File{Path: "/usr/share/poppler/cMap/Identity-H", Owner: true},
|
||||
other: &File{Path: "/usr/share/poppler/cMap/Identity-H"},
|
||||
wCompare: 1,
|
||||
wMerge: false,
|
||||
wString: "owner /usr/share/poppler/cMap/Identity-H ,",
|
||||
name: "file-owner",
|
||||
rule: &File{Path: "/usr/share/poppler/cMap/Identity-H", Owner: true},
|
||||
other: &File{Path: "/usr/share/poppler/cMap/Identity-H"},
|
||||
wCompare: 1,
|
||||
wValidErr: true,
|
||||
wMerge: false,
|
||||
wString: "owner /usr/share/poppler/cMap/Identity-H ,",
|
||||
},
|
||||
{
|
||||
name: "file/access",
|
||||
name: "file-access",
|
||||
rule: &File{Path: "/usr/share/poppler/cMap/Identity-H", Access: []string{"r"}},
|
||||
other: &File{Path: "/usr/share/poppler/cMap/Identity-H", Access: []string{"w"}},
|
||||
wCompare: -5,
|
||||
@ -413,12 +415,13 @@ var (
|
||||
wString: "/usr/share/poppler/cMap/Identity-H r,",
|
||||
},
|
||||
{
|
||||
name: "file/close",
|
||||
rule: &File{Path: "/usr/share/poppler/cMap/"},
|
||||
other: &File{Path: "/usr/share/poppler/cMap/Identity-H"},
|
||||
wCompare: -10,
|
||||
wMerge: false,
|
||||
wString: "/usr/share/poppler/cMap/ ,",
|
||||
name: "file-close",
|
||||
rule: &File{Path: "/usr/share/poppler/cMap/"},
|
||||
other: &File{Path: "/usr/share/poppler/cMap/Identity-H"},
|
||||
wCompare: -10,
|
||||
wValidErr: true,
|
||||
wMerge: false,
|
||||
wString: "/usr/share/poppler/cMap/ ,",
|
||||
},
|
||||
{
|
||||
name: "link1",
|
||||
|
||||
Loading…
Reference in New Issue
Block a user