The retaining of the tmpdir is used during debugging of test failures, but currently
when a test fails, the next test is run overwritting the previous tmpdir value. This
is a problem even when manually running individual test shell scripts if the failure
is not the last test in the script.
Instead cause testing to about when retaintmpdir is true, which will cover the debugging
needs for the majority of failure cases.
Signed-off-by: John Johansen <john.johansen@canonical.com>
aa_getprocattr is returning the size of the buffer not the size of the
data read that it is supposed to return. Also update the man page to
reflect the return value as documented in the functions, and update
the test cases to check the return value.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Steve Beattie <sbeattie@ubuntu.com>
file,
was not given the correct permissions. It was only being given the owner
set of permissions. This would result in rejects when trying look at
files owned by other users
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
properly quote the _known variable (set when the tests are marked as
expected failures) when the expectation was that the testcase would
produce a corefile. This would result in a failed testcase reporting
XFAIL incorrectly.
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-by: John Johansen <john.johansen@canonical.com>
suffix of an image= flag, as it's no longer needed. It also eliminates
code that emitted the permissions based on the result of the parse.
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-by: John Johansen@canonical.com
add 'rix' permissions on executable images (but still auto-generate
ldd dependencies), for use when specifying alternate permissions
on executables.
Where appropriate, it also converts a few testcases to make use of
the option.
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-by: John Johansen <john.johansen@canonical.com>
generated profile and have the ldd auto-generation of rules occur on
it. It also kills all testcase usage of $dynlibs, which had stopped
being generated by prologue.inc in a prior patch.
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-by: John Johansen <john.johansen@canonical.com>
mkprofile.pl helper and take the convoluted code out of the bash
prologue.inc. It also detects if the binary is a script and performs
ldd analysis on the interpreter.
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-by: John Johansen <john.johansen@canonical.com>
their purpose a little more accurately; renames the dump_flags to
emit_flags for the same reason, and also adds a modicum a function
prototype information to the function declarations.
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-by: John Johansen <john.johansen@canonical.com>
write access to /proc/*/attr/current to mkprofile.pl from prologue.inc.
Signed-Off-By: Steve Beattie <sbeattie@ubuntu.com>
Acked-by: John Johansen <john.johansen@canonical.com>
The behavior for revalidation/revocation of open files has changed
with the current kernel code, resulting in these tests being reported
as failing even though they are showing expected behavior.
Under the current kernel module this form of revalidation/revocation
can not be tested reliably, so just changing the expected result is
not enough, completely disable the tests for now.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
stress tests on the parser, by dropping the maximum number of rules
each profile can have, as well as reducing the number of profiles to
generate by default to 50. It also cleans up the emitted profiles
a little, creates the profile names with the suffix .sd [1], fixes
stress.sh to actually honor the -p (alternate parser) argument, fixes
the profile flags generation to not generate duplicates flags, and
fixes the file rules to always start with a constant randomly-generated
prefix element (rather than a regex or variable) to greatly reduce
the possibility of X dominance collisions in the parser
toolchain has gotten stricter about linking order; in short, linked
libraries need to come after the objects referring to them. Adding to
LDLIBS is the correct solution for this.
See https://wiki.ubuntu.com/NattyNarwhal/ToolchainTransition for more
details.
loopback mounted filesystem to operate on, to guarantee that the mount
option user_xattr is enabled (it's disabled by default on Ubuntu).
With this change, a number of the user xattr testcases that were
expected to pass but weren't started working; however, some of the
ones that were failing as expected are now passing. I've touched up
the expectations as well.
the testsuite. It looks like coredump mediation may have been removed,
since it is rather a corner-case, so I have currently marked it as XFAIL.
In hooking it back up, the "prologue.inc" was reviewed, dead code dropped,
and the "image=" argument changed to correctly handle the imageperms
syntax used elsewhere. It was working in other tests out of coincidence.
paths. Secondly, the /lib64 -> /lib symlink would mean the
/lib64/ld-linux symlink would incorrectly be generated as
/lib64/ld-N.NN.so which still has a symlink in its path, and thus
apparmor wouldn't permit the access. Fixing by having readlink
canonicalize the entire path.
ack thppt.
killall-ing a few things in order to make it stop. And alas, it does seem
to eventually cause kernel hangs with 2.6.32-16. (Committing now before ext4
eats my changes and brain.)
xfail instead of known_{pass,fail}, also have it only reports unexpected
results, error for when result != what it should, and Alert for when it
result is what is should be but is a known problem and hence expected
to report something else.
Also update the regression tests for known problems under AppArmor 2.5,
this does not fix all known problems, (ie hats being removed differently
and hence resulting in unable to load profile errors, and the mknod
problem on alternate runs of the test suite, nor xattrs tests not ensuring
that the fs supports xattrs).
