Merge tests: add tool for observing the profile of a given command

Using gdb in batch mode, put a breakpoint on _start and spawn the
process.  Then using the built-in python interpreter print the
confinement label on the process and terminate everything.

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1500
Approved-by: Georgia Garcia <georgia.garcia@canonical.com>
Merged-by: Georgia Garcia <georgia.garcia@canonical.com>

.image-garden.mk

@@ -19,6 +19,7 @@ packages:
 - dosfstools
 - flake8
 - flex
+- gdb
 - gettext
 - libdbus-1-dev
 - libpam0g-dev
@@ -57,6 +58,7 @@ packages:
 - flex
 - gcc
 - gcc-c++
+- gdb
 - gettext
 - gobject-introspection
 - libtool
@@ -88,6 +90,7 @@ packages:
 - dejagnu
 - dosfstools
 - flex
+- gdb
 - gettext
 - httpd-devel
 - libstdc++-static

tests/bin/actual-profile-of

@@ -0,0 +1,9 @@
+#!/bin/sh
+exec gdb \
+	--quiet \
+	--batch \
+	--eval-command='set breakpoint pending on' \
+	--eval-command='break _start' \
+	--eval-command='run' \
+	--eval-command='python import os; os.fdopen(3, "wt").write(open("/proc/{}/attr/current".format(gdb.selected_inferior().pid), "rt").read())' \
+	"$@" 3>/dev/stdout 1>/dev/null 2>/dev/null

tests/profiles/toybox/task.yaml

@@ -5,7 +5,6 @@ systems:
 execute: |
     # Toybox works (this is a very basic test).
     test "$(toybox id -u)" -eq 0
-    # The profile may be used explicitly.
-    aa-exec -p toybox toybox cat /proc/self/attr/current | MATCH 'toybox \(unconfined\)'
-    # The profile is attached implicitly based on path name.
-    toybox cat /proc/self/attr/current | MATCH 'toybox \(unconfined\)'
+
+    # The profile is attached based on the program path.
+    "$SPREAD_PATH"/tests/bin/actual-profile-of toybox | MATCH 'toybox \(unconfined\)'