mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
parser - use new caching test script
This patch: - incorporates the new python caching test into the make check/make caching target, and removes the older shell based test script - adjusts the python scripts to give verbose output when the VERBOSE flag is set - reorders the tests so that the tests that take a shorter amount of time to run come first, leaving the language sanity test with its 69000+ testcases last Patch history: v1: initial revision v2: add gen_xtrans/gen_dbus dependency to valgrind test v3: drop gen_xtrans/gen_dbus as that was committed as a separate fix Acked-by: Steve Beattie <steve@nxnw.org> Acked-by: Seth Arnold <seth.arnold@canonical.com>
This commit is contained in:
Steve Beattie
parent
dd8c646920
commit
cfd8478ba4
2 changed files with 3 additions and 175 deletions
|
|
@ -8,12 +8,13 @@ PROVE_ARG=-f
|
|||
|
||||
ifeq ($(VERBOSE),1)
|
||||
PROVE_ARG+=-v
|
||||
PYTEST_ARG = -v
|
||||
endif
|
||||
|
||||
all: tests
|
||||
|
||||
.PHONY: tests error_output gen_dbus gen_xtrans parser_sanity caching minimize equality
|
||||
tests: error_output parser_sanity caching minimize equality
|
||||
tests: error_output caching minimize equality parser_sanity
|
||||
|
||||
GEN_TRANS_DIRS=simple_tests/generated_x/ simple_tests/generated_perms_leading/ simple_tests/generated_perms_safe/ simple_tests/generated_dbus
|
||||
|
||||
|
|
@ -42,7 +43,7 @@ parser_sanity: $(PARSER) gen_xtrans gen_dbus
|
|||
$(Q)LANG=C APPARMOR_PARSER="$(PARSER)" ${PROVE} ${PROVE_ARG} ${TESTS}
|
||||
|
||||
caching: $(PARSER)
|
||||
LANG=C APPARMOR_PARSER="$(PARSER)" ./caching.sh
|
||||
LANG=C ./caching.py -p "$(PARSER)" $(PYTEST_ARG)
|
||||
|
||||
minimize: $(PARSER)
|
||||
LANG=C APPARMOR_PARSER="$(PARSER)" ./minimize.sh
|
||||
|
|
|
|||
|
|
@ -1,173 +0,0 @@
|
|||
#!/bin/bash
|
||||
# These tests will stop running as soon as a failure is seen since they tend to build
|
||||
# on the actions and results of the prior tests.
|
||||
set -e
|
||||
|
||||
# This test requires introspection
|
||||
if [ ! -d /sys/kernel/security/apparmor ]; then
|
||||
echo "WARNING: /sys/kernel/security/apparmor does not exist. Skipping tests"
|
||||
echo "requiring introspection."
|
||||
exit 0
|
||||
fi
|
||||
|
||||
APPARMOR_PARSER="${APPARMOR_PARSER:-../apparmor_parser}"
|
||||
|
||||
# fake base directory
|
||||
basedir=$(mktemp -d -t aa-cache-XXXXXX)
|
||||
altcachedir=$(mktemp -d -t aa-alt-cache-XXXXXXXX)
|
||||
trap "rm -rf $basedir $altcachedir" EXIT
|
||||
mkdir -p $basedir/cache
|
||||
|
||||
ARGS="--base $basedir --skip-kernel-load"
|
||||
|
||||
profile=sbin.pingy
|
||||
cp caching.profile $basedir/$profile
|
||||
|
||||
# Detect and slow down cache test when filesystem can't represent nanosecond delays.
|
||||
timeout=0.1
|
||||
_count=10
|
||||
for ((i = 0; i < ${_count} ; i++)) ; do
|
||||
touch $basedir/test${i}
|
||||
sleep $timeout
|
||||
done
|
||||
TIMES=$(stat $basedir/test* -c %z | cut -d" " -f2 | cut -d: -f3 | sort -u | wc -l)
|
||||
if [ $TIMES -ne ${_count} ]; then
|
||||
echo "WARNING: $basedir lacks nanosecond timestamp resolution, falling back to slower test"
|
||||
timeout=1
|
||||
fi
|
||||
rm -f $basedir/test*
|
||||
|
||||
echo -n "Profiles are not cached by default: "
|
||||
${APPARMOR_PARSER} $ARGS -q -r $basedir/$profile
|
||||
[ -f $basedir/cache/$profile ] && echo "FAIL ($basedir/cache/$profile exists)" && exit 1
|
||||
echo "ok"
|
||||
|
||||
echo -n "Profiles are not cached when using --skip-cache: "
|
||||
${APPARMOR_PARSER} $ARGS -q --write-cache --skip-cache -r $basedir/$profile
|
||||
[ -f $basedir/cache/$profile ] && echo "FAIL ($basedir/cache/$profile exists)" && exit 1
|
||||
echo "ok"
|
||||
|
||||
sleep $timeout
|
||||
|
||||
echo -n "Profiles are cached when requested: "
|
||||
${APPARMOR_PARSER} $ARGS -q --write-cache -r $basedir/$profile
|
||||
[ ! -f $basedir/cache/$profile ] && echo "FAIL ($basedir/cache/$profile does not exist)" && exit 1
|
||||
echo "ok"
|
||||
|
||||
read_features_dir()
|
||||
{
|
||||
directory="$1"
|
||||
if [ ! -d "$directory" ] ; then
|
||||
return
|
||||
fi
|
||||
for f in `ls -AU "$directory"` ; do
|
||||
if [ -f "$directory/$f" ] ; then
|
||||
read -r -d "" KF < "$directory/$f" || true
|
||||
echo -e "$f {$KF\n}"
|
||||
elif [ -d "$directory/$f" ] ; then
|
||||
echo -n "$f {"
|
||||
KF=`read_features_dir "$directory/$f" "$KF"` || true
|
||||
echo "$KF"
|
||||
echo -e "}"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
echo -n "Kernel features are written to cache: "
|
||||
[ ! -f $basedir/cache/.features ] && echo "FAIL ($basedir/cache/.features missing)" && exit 1
|
||||
read -r -d "" CF < $basedir/cache/.features || true
|
||||
if [ -d /sys/kernel/security/apparmor/features ] ; then
|
||||
KF=`read_features_dir /sys/kernel/security/apparmor/features`
|
||||
else
|
||||
read -r -d "" KF < /sys/kernel/security/apparmor/features || true
|
||||
fi
|
||||
[ "$CF" != "$KF" ] && echo -e "FAIL (feature text mismatch:\n cache '$CF'\nvs\n kernel '$KF')" && exit 1
|
||||
echo "ok"
|
||||
|
||||
echo -n "Cache is loaded when it exists and features match: "
|
||||
${APPARMOR_PARSER} $ARGS -v -r $basedir/$profile | grep -q 'Cached reload succeeded' || { echo "FAIL"; exit 1; }
|
||||
echo "ok"
|
||||
|
||||
echo -n "Cache is not loaded when skipping is requested: "
|
||||
${APPARMOR_PARSER} $ARGS -v --skip-read-cache -r $basedir/$profile | grep -q 'Replacement succeeded for' || { echo "FAIL"; exit 1; }
|
||||
${APPARMOR_PARSER} $ARGS -v --skip-cache -r $basedir/$profile | grep -q 'Replacement succeeded for' || { echo "FAIL"; exit 1; }
|
||||
echo "ok"
|
||||
|
||||
echo -n "Cache reading is skipped when features do not match cache: "
|
||||
echo -n "monkey" > $basedir/cache/.features
|
||||
${APPARMOR_PARSER} $ARGS -v -r $basedir/$profile | grep -q 'Replacement succeeded for' || { echo "FAIL"; exit 1; }
|
||||
echo "ok"
|
||||
|
||||
echo -n "Cache writing is skipped when features do not match and not cleared: "
|
||||
rm $basedir/cache/$profile
|
||||
${APPARMOR_PARSER} $ARGS -v --write-cache --skip-bad-cache -r $basedir/$profile | grep -q 'Replacement succeeded for' || { echo "FAIL"; exit 1; }
|
||||
[ -f $basedir/cache/$profile ] && echo "FAIL ($basedir/cache/$profile exists)" && exit 1
|
||||
echo "ok"
|
||||
|
||||
rm -f $basedir/cache/.features || true
|
||||
rm -f $basedir/cache/$profile || true
|
||||
echo -n "monkey" > $basedir/cache/.features
|
||||
echo -n "monkey" > $basedir/cache/$profile
|
||||
echo -n "monkey" > $basedir/cache/monkey
|
||||
${APPARMOR_PARSER} $ARGS -v --write-cache -r $basedir/$profile | grep -q 'Replacement succeeded for' || { echo "Cache clear setup FAIL"; exit 1; }
|
||||
echo -n "Cache clear updates features: "
|
||||
echo -n "monkey" | diff -q $basedir/cache/.features - | grep -q 'differ' || { echo "FAIL"; exit 1; }
|
||||
echo "ok"
|
||||
echo -n "Cache clear writes updated profile: "
|
||||
echo -n "monkey" | diff -q $basedir/cache/$profile - | grep -q 'differ' || { echo "FAIL"; exit 1; }
|
||||
echo "ok"
|
||||
echo -n "Cache clear cleans out all files: "
|
||||
[ -f $basedir/cache/monkey ] && { echo "FAIL"; exit 1; }
|
||||
echo "ok"
|
||||
|
||||
rm -f $basedir/cache/monkey
|
||||
rm -f $basedir/cache/.features || true
|
||||
rm -f $basedir/cache/$profile || true
|
||||
echo -n "monkey" > $basedir/cache/.features
|
||||
echo -n "monkey" > $basedir/cache/$profile
|
||||
echo -n "monkey" > $basedir/cache/monkey
|
||||
echo -n "Cache purge remove profiles unconditionally: "
|
||||
${APPARMOR_PARSER} $ARGS -v --purge-cache -r $basedir/$profile || { echo "Cache purge setup FAIL"; exit 1; }
|
||||
[ -f $basedir/cache/.features ] && { echo "FAIL"; exit 1; }
|
||||
[ -f $basedir/cache/$profile ] && { echo "FAIL"; exit 1; }
|
||||
[ -f $basedir/cache/monkey ] && { echo "FAIL"; exit 1; }
|
||||
echo "ok"
|
||||
|
||||
echo -n "Profiles are cached when requested (again): "
|
||||
rm -f $basedir/cache/.features || true
|
||||
rm -f $basedir/cache/$profile || true
|
||||
${APPARMOR_PARSER} $ARGS -q --write-cache -r $basedir/$profile
|
||||
[ ! -f $basedir/cache/$profile ] && echo "FAIL ($basedir/cache/$profile does not exist)" && exit 1
|
||||
echo "ok"
|
||||
|
||||
echo -n "Cache reading is skipped when profile is newer: "
|
||||
sleep $timeout
|
||||
touch $basedir/$profile
|
||||
${APPARMOR_PARSER} $ARGS -v -r $basedir/$profile | grep -q 'Replacement succeeded for' || { echo "FAIL"; exit 1; }
|
||||
echo "ok"
|
||||
|
||||
echo -n "Cache is used when cache is newer: "
|
||||
sleep $timeout
|
||||
touch $basedir/cache/$profile
|
||||
${APPARMOR_PARSER} $ARGS -v -r $basedir/$profile | grep -q 'Cached reload succeeded' || { echo "FAIL"; exit 1; }
|
||||
echo "ok"
|
||||
|
||||
echo -n "Cache reading is skipped when parser is newer: "
|
||||
mkdir $basedir/parser
|
||||
cp ${APPARMOR_PARSER} $basedir/parser/
|
||||
$basedir/parser/apparmor_parser $ARGS -v -r $basedir/$profile | grep -q 'Replacement succeeded for' || { echo "FAIL"; exit 1; }
|
||||
echo "ok"
|
||||
|
||||
echo -n "Cache reading is skipped when parser in \$PATH is newer: "
|
||||
(PATH=$basedir/parser/ /bin/sh -c "apparmor_parser $ARGS -v -r $basedir/$profile") | grep -q 'Replacement succeeded for' || { echo "FAIL"; exit 1; }
|
||||
echo "ok"
|
||||
|
||||
echo -n "Profiles are cached in alternate location when requested: "
|
||||
${APPARMOR_PARSER} $ARGS -q --write-cache --cache-loc $altcachedir -r $basedir/$profile
|
||||
[ ! -f $altcachedir/$profile ] && echo "FAIL ($altcachedir/$profile does not exist)" && exit 1
|
||||
echo "ok"
|
||||
|
||||
echo -n "Cache is loaded from alt location when it exists and features match: "
|
||||
${APPARMOR_PARSER} $ARGS -v -r $basedir/$profile --cache-loc $altcachedir | grep -q 'Cached reload succeeded' || { echo "FAIL"; exit 1; }
|
||||
echo "ok"
|
||||
|
||||
Loading…
Add table
Reference in a new issue