mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
b85046648b
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1048 made it so rules like mount slave /snap/bin/** -> /**, mount /snap/bin/** -> /**, would get passed into change_mount_type rule generation when they shouldn't have been. This would result in two different errors. 1. If kernel mount flags were present on the rule. The error would be caught causing an error to be returned, causing profile compilation to fail. 2. If the rule did not contain explicit flags then rule would generate change_mount_type permissions based on souly the mount point. And the implied set of flags. However this is incorrect as it should not generate change_mount permissions for this type of rule. Not only does it ignore the source/device type condition but it generates permissions that were never intended. When used in combination with a deny prefix this overly broad rule can result in almost all mount rules being denied, as the denial takes priority over the allow mount rules. Fixes: https://bugs.launchpad.net/apparmor/+bug/2023814 Fixes: https://bugzilla.opensuse.org/show_bug.cgi?id=1211989 Fixes: |
||
|---|---|---|
| .. | ||
| wtmp-examples | ||
| cleanprof_test.in | ||
| cleanprof_test.out | ||
| common_test.py | ||
| easyprof.conf | ||
| fake_ldd | ||
| logprof.conf | ||
| Makefile | ||
| minitools_test.py | ||
| README.md | ||
| runtests-py2.sh | ||
| runtests-py3.sh | ||
| severity.db | ||
| severity_broken.db | ||
| test-aa-cli-bootstrap.py | ||
| test-aa-decode.py | ||
| test-aa-easyprof.py | ||
| test-aa-notify.py | ||
| test-aa.py | ||
| test-aare.py | ||
| test-abi.py | ||
| test-alias.py | ||
| test-baserule.py | ||
| test-capability.py | ||
| test-change_profile.py | ||
| test-common.py | ||
| test-config.py | ||
| test-dbus.py | ||
| test-example.py | ||
| test-file.py | ||
| test-include.py | ||
| test-libapparmor-test_multi.py | ||
| test-logparser.py | ||
| test-mount_parse.py | ||
| test-network.py | ||
| test-notify.py | ||
| test-parser-simple-tests.py | ||
| test-pivot_root_parse.py | ||
| test-profile-list.py | ||
| test-profile-storage.py | ||
| test-ptrace.py | ||
| test-regex_matches.py | ||
| test-rlimit.py | ||
| test-severity.py | ||
| test-signal.py | ||
| test-translations.py | ||
| test-unix_parse.py | ||
| test-variable.py | ||
Running individual tests
Python's unittest allows individual tests to be executed by specifying the class name and the test on the command line. When running tests individually, the unittest framework executes the "setUp" and "tearDown" methods automatically. For more information, refer to the unittest documentation.
Make sure to set the environment variables pointing to the in-tree apparmor modules, and the in-tree libapparmor and its python wrapper:
$ export PYTHONPATH=..:../../libraries/libapparmor/swig/python/build/$(/usr/bin/python3 ../../libraries/libapparmor/swig/python/test/buildpath.py)
$ export __AA_CONFDIR=.
To execute the test individually, run:
$ python3 ./test-tile.py ClassFoo.test_bar