This MR closes#239. In the temporary file commit, `tempfile.NamedTemporaryFile` is preferred over `tempfile.mkstemp` because it allows for simpler use of context managers and lets you choose what mode to open the file in. Also in this commit, note that in `aa.py` and `easyprof.py` destination files are now written directly, instead of writing to temp files and then renaming them.
Closes#239
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/898
Approved-by: Christian Boltz <apparmor@cboltz.de>
Merged-by: Christian Boltz <apparmor@cboltz.de>
This partially addresses issue #239. There are still some remaining instances where opened files are not properly closed, e.g. the `NamedTemporaryFile` in `utils/apparmor/config.py`.
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/885
Approved-by: Christian Boltz <apparmor@cboltz.de>
Merged-by: Christian Boltz <apparmor@cboltz.de>
Ensure that pre-2000 and post-2050 dates get rejected, and something in
between gets accepted.
This also extends coverage to 100% - before, the post-2050 branch was
not covered.
Both aarch64 and s390x have a bigger wtmp record size (16 bytes more
than x86_64, 400 bytes total).
The byte position of the timestamp is also different on each
architecture. To make things even more interesting, s390x is big endian.
Fixes: https://bugzilla.opensuse.org/show_bug.cgi?id=1181155
... instead of keeping an own version of it witht the exact same code
and a TODO note to use the one from common.
Also adjust the aa-easyprof tests to directly import AppArmorException
from apparmor.common.
... instead of None.
This avoids the need to allow type changes (None vs. str).
Also adjust the tests accordingly.
While on it, simplify the tests for attachment.
attachment is always a str, therefore adjust the test to expect an empty
str ('') instead of None - and later converting that None to ''.
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/786
Acked-by: John Johansen <john.johansen@canonical.com>
... using [] instead of {}
This should keep the order of checking (and therefore code coverage)
constant, and should fix the randomly appearing partial coverage in
severity.py handle_variable_rank(). In some random cases (depending in
which order the replacements were done and checked for their severity),
the coverage report indicated that the 'elif' condition was never false.
Note: This is only "coverage cosmetics". In "real users", it doesn't
matter in which order the variable replacements are checked because the
result doesn't depend on the ordering.
If a profile uses features not supported by the tools yet, add a
skiplist to (hopefully temporarily) exclude it from the tests.
This is meant to avoid blocking usage of new features in profiles.
When doing a release, the skip lists should be empty.
The added test makes sure that the python code can parse all profiles
shipped with AppArmor. If this fails, read_profiles() /
read_inactive_profiles() will raise an exception.
Checking for the number of read profiles is mostly done to ensure
*something* is read (to make sure an empty or non-existing directory
won't make the test useless).
We sometimes have random coverage changes that are not reproducible and
therefore hard to debug.
Generate html coverage as part of make coverage-regression, and keep the
resulting utils/test/htmlcov/ as artifact to make debugging easier.
coverage-html needs JS files from various libjs-* packages, install them
in before_script
