mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
Change minitools_test.py to use aa-* --no-reload
This allows to run minitools_test.py as non-root user. Also add a check that only creates the force-complain directory if it doesn't exist yet. Note: With this patch applied, there are still 4 failing tests, probably caused by changes in the profiles that are used in the tests. Acked-by: Kshitij Gupta <kgupta8592@gmail.com>
This commit is contained in:
Christian Boltz
parent
e88148d0c8
commit
2421ded8fe
1 changed files with 13 additions and 12 deletions
|
|
@ -34,37 +34,38 @@ class Test(unittest.TestCase):
|
|||
|
||||
def test_audit(self):
|
||||
#Set ntpd profile to audit mode and check if it was correctly set
|
||||
str(subprocess.check_output('%s ./../aa-audit -d ./profiles %s'%(python_interpreter, test_path), shell=True))
|
||||
str(subprocess.check_output('%s ./../aa-audit --no-reload -d ./profiles %s'%(python_interpreter, test_path), shell=True))
|
||||
|
||||
self.assertEqual(apparmor.get_profile_flags(local_profilename, test_path), 'audit', 'Audit flag could not be set in profile %s'%local_profilename)
|
||||
|
||||
#Remove audit mode from ntpd profile and check if it was correctly removed
|
||||
subprocess.check_output('%s ./../aa-audit -d ./profiles -r %s'%(python_interpreter, test_path), shell=True)
|
||||
subprocess.check_output('%s ./../aa-audit --no-reload -d ./profiles -r %s'%(python_interpreter, test_path), shell=True)
|
||||
|
||||
self.assertEqual(apparmor.get_profile_flags(local_profilename, test_path), None, 'Audit flag could not be removed in profile %s'%local_profilename)
|
||||
|
||||
|
||||
def test_complain(self):
|
||||
#Set ntpd profile to complain mode and check if it was correctly set
|
||||
subprocess.check_output('%s ./../aa-complain -d ./profiles %s'%(python_interpreter, test_path), shell=True)
|
||||
subprocess.check_output('%s ./../aa-complain --no-reload -d ./profiles %s'%(python_interpreter, test_path), shell=True)
|
||||
|
||||
# "manually" create a force-complain symlink (will be deleted by aa-enforce later)
|
||||
os.mkdir('./profiles/force-complain')
|
||||
if not os.path.isdir('./profiles/force-complain'):
|
||||
os.mkdir('./profiles/force-complain')
|
||||
os.symlink(local_profilename, './profiles/force-complain/%s'%os.path.basename(local_profilename) )
|
||||
|
||||
self.assertEqual(os.path.islink('./profiles/force-complain/%s'%os.path.basename(local_profilename)), True, 'Failed to create a symlink for %s in force-complain'%local_profilename)
|
||||
self.assertEqual(apparmor.get_profile_flags(local_profilename, test_path), 'complain', 'Complain flag could not be set in profile %s'%local_profilename)
|
||||
|
||||
#Set ntpd profile to enforce mode and check if it was correctly set
|
||||
subprocess.check_output('%s ./../aa-enforce -d ./profiles %s'%(python_interpreter, test_path), shell=True)
|
||||
subprocess.check_output('%s ./../aa-enforce --no-reload -d ./profiles %s'%(python_interpreter, test_path), shell=True)
|
||||
|
||||
self.assertEqual(os.path.islink('./profiles/force-complain/%s'%os.path.basename(local_profilename)), False, 'Failed to remove symlink for %s from force-complain'%local_profilename)
|
||||
self.assertEqual(os.path.islink('./profiles/disable/%s'%os.path.basename(local_profilename)), False, 'Failed to remove symlink for %s from disable'%local_profilename)
|
||||
self.assertEqual(apparmor.get_profile_flags(local_profilename, test_path), None, 'Complain flag could not be removed in profile %s'%local_profilename)
|
||||
|
||||
# Set audit flag and then complain flag in a profile
|
||||
subprocess.check_output('%s ./../aa-audit -d ./profiles %s'%(python_interpreter, test_path), shell=True)
|
||||
subprocess.check_output('%s ./../aa-complain -d ./profiles %s'%(python_interpreter, test_path), shell=True)
|
||||
subprocess.check_output('%s ./../aa-audit --no-reload -d ./profiles %s'%(python_interpreter, test_path), shell=True)
|
||||
subprocess.check_output('%s ./../aa-complain --no-reload -d ./profiles %s'%(python_interpreter, test_path), shell=True)
|
||||
# "manually" create a force-complain symlink (will be deleted by aa-enforce later)
|
||||
os.symlink(local_profilename, './profiles/force-complain/%s'%os.path.basename(local_profilename) )
|
||||
|
||||
|
|
@ -72,20 +73,20 @@ class Test(unittest.TestCase):
|
|||
self.assertEqual(apparmor.get_profile_flags(local_profilename, test_path), 'audit,complain', 'Complain flag could not be set in profile %s'%local_profilename)
|
||||
|
||||
#Remove complain flag first i.e. set to enforce mode
|
||||
subprocess.check_output('%s ./../aa-enforce -d ./profiles %s'%(python_interpreter, test_path), shell=True)
|
||||
subprocess.check_output('%s ./../aa-enforce --no-reload -d ./profiles %s'%(python_interpreter, test_path), shell=True)
|
||||
|
||||
self.assertEqual(os.path.islink('./profiles/force-complain/%s'%os.path.basename(local_profilename)), False, 'Failed to remove symlink for %s from force-complain'%local_profilename)
|
||||
self.assertEqual(os.path.islink('./profiles/disable/%s'%os.path.basename(local_profilename)), False, 'Failed to remove symlink for %s from disable'%local_profilename)
|
||||
self.assertEqual(apparmor.get_profile_flags(local_profilename, test_path), 'audit', 'Complain flag could not be removed in profile %s'%local_profilename)
|
||||
|
||||
#Remove audit flag
|
||||
subprocess.check_output('%s ./../aa-audit -d ./profiles -r %s'%(python_interpreter, test_path), shell=True)
|
||||
subprocess.check_output('%s ./../aa-audit --no-reload -d ./profiles -r %s'%(python_interpreter, test_path), shell=True)
|
||||
|
||||
def test_enforce(self):
|
||||
#Set ntpd profile to complain mode and check if it was correctly set
|
||||
|
||||
#Set ntpd profile to enforce mode and check if it was correctly set
|
||||
subprocess.check_output('%s ./../aa-enforce -d ./profiles %s'%(python_interpreter, test_path), shell=True)
|
||||
subprocess.check_output('%s ./../aa-enforce --no-reload -d ./profiles %s'%(python_interpreter, test_path), shell=True)
|
||||
|
||||
self.assertEqual(os.path.islink('./profiles/force-complain/%s'%os.path.basename(local_profilename)), False, 'Failed to remove symlink for %s from force-complain'%local_profilename)
|
||||
self.assertEqual(os.path.islink('./profiles/disable/%s'%os.path.basename(local_profilename)), False, 'Failed to remove symlink for %s from disable'%local_profilename)
|
||||
|
|
@ -94,7 +95,7 @@ class Test(unittest.TestCase):
|
|||
|
||||
def test_disable(self):
|
||||
#Disable the ntpd profile and check if it was correctly disabled
|
||||
subprocess.check_output('%s ./../aa-disable -d ./profiles %s'%(python_interpreter, test_path), shell=True)
|
||||
subprocess.check_output('%s ./../aa-disable --no-reload -d ./profiles %s'%(python_interpreter, test_path), shell=True)
|
||||
|
||||
self.assertEqual(os.path.islink('./profiles/disable/%s'%os.path.basename(local_profilename)), True, 'Failed to create a symlink for %s in disable'%local_profilename)
|
||||
|
||||
|
|
@ -119,7 +120,7 @@ class Test(unittest.TestCase):
|
|||
#Our silly test program whose profile we wish to clean
|
||||
cleanprof_test = '/usr/bin/a/simple/cleanprof/test/profile'
|
||||
|
||||
subprocess.check_output('%s ./../aa-cleanprof -d ./profiles -s %s' % (python_interpreter, cleanprof_test), shell=True)
|
||||
subprocess.check_output('%s ./../aa-cleanprof --no-reload -d ./profiles -s %s' % (python_interpreter, cleanprof_test), shell=True)
|
||||
|
||||
#Strip off the first line (#modified line)
|
||||
subprocess.check_output('sed -i 1d ./profiles/%s'%(input_file), shell=True)
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue