their purpose a little more accurately; renames the dump_flags to
emit_flags for the same reason, and also adds a modicum a function
prototype information to the function declarations.
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-by: John Johansen <john.johansen@canonical.com>
write access to /proc/*/attr/current to mkprofile.pl from prologue.inc.
Signed-Off-By: Steve Beattie <sbeattie@ubuntu.com>
Acked-by: John Johansen <john.johansen@canonical.com>
The behavior for revalidation/revocation of open files has changed
with the current kernel code, resulting in these tests being reported
as failing even though they are showing expected behavior.
Under the current kernel module this form of revalidation/revocation
can not be tested reliably, so just changing the expected result is
not enough, completely disable the tests for now.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
toolchain has gotten stricter about linking order; in short, linked
libraries need to come after the objects referring to them. Adding to
LDLIBS is the correct solution for this.
See https://wiki.ubuntu.com/NattyNarwhal/ToolchainTransition for more
details.
loopback mounted filesystem to operate on, to guarantee that the mount
option user_xattr is enabled (it's disabled by default on Ubuntu).
With this change, a number of the user xattr testcases that were
expected to pass but weren't started working; however, some of the
ones that were failing as expected are now passing. I've touched up
the expectations as well.
the testsuite. It looks like coredump mediation may have been removed,
since it is rather a corner-case, so I have currently marked it as XFAIL.
In hooking it back up, the "prologue.inc" was reviewed, dead code dropped,
and the "image=" argument changed to correctly handle the imageperms
syntax used elsewhere. It was working in other tests out of coincidence.
paths. Secondly, the /lib64 -> /lib symlink would mean the
/lib64/ld-linux symlink would incorrectly be generated as
/lib64/ld-N.NN.so which still has a symlink in its path, and thus
apparmor wouldn't permit the access. Fixing by having readlink
canonicalize the entire path.
ack thppt.
xfail instead of known_{pass,fail}, also have it only reports unexpected
results, error for when result != what it should, and Alert for when it
result is what is should be but is a known problem and hence expected
to report something else.
Also update the regression tests for known problems under AppArmor 2.5,
this does not fix all known problems, (ie hats being removed differently
and hence resulting in unable to load profile errors, and the mknod
problem on alternate runs of the test suite, nor xattrs tests not ensuring
that the fs supports xattrs).
which means the failure of the tests is known. So known_fail
means the test should fail but is known to succeed and similar
for known_pass.
This allows tests to be marked as having a known problem so that
regressions are useful to those less familure with what is failing
