and 'check-install'. The 'check' target will attempt to run the profiles
in the working subversion directory (both in enabled/ and extras/
directories) through the apparmor_parser as a means of sanity checking
the profiles.
The 'check-install' target will also run the 'check' target, only
against the installed location, modifiable by DESTDIR and EXTRASDIR (to
match the behavior of the 'install' target). It also will run logprof
(with an empty logfile) on the installation location, as logprof and the
parser have differing ideas of what is a valid profile :-( .
Thus 'make install check-install DESTDIR=/some/path EXTRASDIR=/other/path'
will install the profiles into a location and cycle the parser and
logprof over the profiles in that
The 'check' target cannot run logprof as the subversion layout does not
conform to a hierarchy logprof can deal with. The limitations also mean
that logprof will not check the profiles in the extras/ directory.
There are other passable variables that impact the 'check' and
'check-install' targets:
VERBOSE - setting this variable will emit the actual commands run,
mostly useful for debugging where the implementation of 'check'
has gone wrong.
PARSER, LOGPROF - setting these with a path to a different parser or
logprof location will have the check targets use those version
rather than the system utilities; e.g.
"make check-install LOGPROF=../utils/logprof" to test a modified
logprof in our current forge svn layout.
* patch from SUSE autobuild team to not strip binaries
* convert rpm release for the parser and mod_apparmor packages to
correspond to the svn repository number.
tonyj:
- Verify long path (d_path) error checking. (6391)
- Better ptrace tests. (6401)
- Confined mount tests require cap_sys_admin to even get to the confined
checks. (6402)
- adds a distinct includes/ subdirectory, populated with a couple of
files that test profiles can include. We purposefully choose to use
a different directory structure than the shipped profile set so that
changes to it will not break our tests.
- modifies the existing test profiles to take advantage of the
includes/ directory.
- modifies tst/Makefile with pushd/popd to get around some pwd
limitations in the parser (that need to be fixed).
This patch prevents the parser from segv'ing if neither of the expected
default profile directories exist (/etc/subdomain.d, /etc/apparmor.d).
A profile passed on the command line or via stdin will still load, so
long as -I/path/to/includes is passed for any relevant includes files.
XFS appears to be more strict than the Linux vfs layer wrt whether a
process can chgrp a file when it's not the owner but still in the same
group -- XFS doesn't allow it and requires CAP_FOWNER instead.
This fix rorders the tests so that the chgrp operations occur before the
chown operations happen, avoiding the difference in requirements between
XFS and linux's vfs.
