lp://qastaging/~osomon/apparmor/newer-nvidia-abstraction-trunk
- Get this branch:
- bzr branch lp://qastaging/~osomon/apparmor/newer-nvidia-abstraction-trunk
Branch merges
- Tyler Hicks: Approve
- Jamie Strandboge: Approve
-
Diff: 21 lines (+5/-2)1 file modifiedprofiles/apparmor.d/abstractions/nvidia (+5/-2)
Related bugs
Related blueprints
Branch information
Recent revisions
- 3644. By Christian Boltz
-
Fix regressions caused by init_aa()
With the init_aa() patch series commited, minitools_test.py showed
several test failures - which effectively means the -d option of
aa-complain, aa-cleanprof etc. was broken.These failures were caused by
- calling init_aa() too late in tools.py - _after_ setting the
profiledir, which then got overwritten by init_aa()
- calling init_aa() twice (because apparmor.aa gets imported in two
modules used by aa-cleanprof), which overwrote the manually set values
on the second runThis patch fixes the call order in tools.py and adds a check to
init_aa() so that it only runs once and ignores additional calls.Acked-by: Tyler Hicks <email address hidden>
Acked-by: Seth Arnold <email address hidden> - 3643. By Christian Boltz
-
test-parser-
simple- tests.py: No longer skip testing generated_ perms_leading profiles FileRule understands leading permissions, so the reason to skip those
(generated) test profiles in test-parser-simple- tests.py is gone. However, the gen-xtrans.pl script generates profiles with a not-so-valid
mix of uppercase and lowercase, for example "Pux" and "Cux". The parser
accepts this, but the tools complain about such rules. Therefore add the
affected profiles to the exception list.In total, this means we now test 319 of the 380 generated_
perms_leading
test profiles.The patch also moves some lines around to get the \-escaped profiles
out of the mixed uppercase/lowercase exec rule section.Acked-by: Seth Arnold <email address hidden>
- 3642. By Tyler Hicks
-
utils: Fix apparmor.easyprof import in test-aa-easyprof.py
The test-aa-easyprof.py script was attempting to do its own special
setup to import the in-tree easyprof module. However, this proved to be
very flaky and resulted in the test periodically failing due to an
AttributeError the first time easyprof.parse_args( ) was called. This patch removes the flakiness by trusting that PYTHONPATH is set up
appropriately before the test script is ran. PYTHONPATH is already
initialized appropriately by utils/test/Makefile according to the
USE_SYSTEM make variable.Signed-off-by: Tyler Hicks <email address hidden>
Acked-by: Seth Arnold <email address hidden>
Acked-by: Christian Boltz <email address hidden> - 3641. By Tyler Hicks
-
utils: Set parser executable path according to USE_SYSTEM make variable
if USE_SYSTEM is not set, the utils make check target will instruct
test-aa-easyprof.py to provide the path of the in-tree parser executable
to aa-easyprof.If USE_SYSTEM is set, the default parser path (/sbin/
apparmor_ parser or
the result of `which apparmor_parser`) is used.The test-aa-easyprof.py script receives the parser path by checking the
__AA_PARSER environment variable. This environment variable is strictly
used by the test script and not any user-facing code so two leading
underscores were used.Signed-off-by: Tyler Hicks <email address hidden>
Acked-by: Christian Boltz <email address hidden>
Acked-by: Seth Arnold <email address hidden> - 3640. By Tyler Hicks
-
utils: Add option to aa-easyprof to specify the apparmor_parser path
When testing against a clean system without the apparmor_parser binary
installed, the test-aa-easyprof.py script ends up skipping profile
verification because it can't find the parser binary. This even causes a
test failure due to the test_genpolicy_invalid_ template_ policy test. Adding a --parser option to aa-easyprof is the first step in addressing
this problem.Signed-off-by: Tyler Hicks <email address hidden>
Acked-by: Christian Boltz <email address hidden>
Acked-by: Seth Arnold <email address hidden> - 3639. By Tyler Hicks
-
utils: Set parser base path according to USE_SYSTEM make variable
If USE_SYSTEM is not set, the utils make check target will instruct
test-aa-easyprof.py to provide the path of the in-tree
profiles/apparmor.d directory to aa-easyprof as the parser base
directory.If USE_SYSTEM is set, the default base directory (/etc/apparmor.d) is
used.The test-aa-easyprof.py script receives the base path by checking the
__AA_BASEDIR environment variable. This environment variable is strictly
used by the test script and not any user-facing code so two leading
underscores were used.Signed-off-by: Tyler Hicks <email address hidden>
Acked-by: Christian Boltz <email address hidden>
Acked-by: Seth Arnold <email address hidden> - 3638. By Tyler Hicks
-
utils: Accept parser base and include options in aa-easyprof
https:/
/launchpad. net/bugs/ 1521031 aa-easyprof accepts a list of abstractions to include and, by default,
execs apparmor_parser to verify the generated profile including any
abstractions. However, aa-easyprof didn't provide the same flexibility
as apparmor_parser when it came to where in the filesystem the
abstraction files could exist.The parser supports --base (defaulting to /etc/apparmor.d) and --Include
(defaulting to unset) options to specify the search paths for
abstraction files. This patch adds the same options to aa-easyprof to
aide in two different situations:1) Some Ubuntu packages use aa-easyprof to generate AppArmor profiles
at build time. Something that has been previously needed is a way
for those packages to ship their own abstractions file(s) that are
#included in the easyprof-generated profile. That's not been
possible since the abstraction file(s) have not yet been installed
during the package build.2) The test-aa-easyprof.py script contains some tests that specify
abstractions that should be #included. Without the ability to
specify a different --base or --Include directory, the abstractions
were required to be present in /etc/apparmor.d/abstractions/ or the
tests would fail. This prevents the Python utils from being able to
strictly test against in-tree code/profiles/etc.I don't like the names of the command line options --base and --Include.
They're not particularly descriptive and the capital 'I' is not user
friendly. However, I decided to preserve the name of the options from
apparmor_parser.Signed-off-by: Tyler Hicks <email address hidden>
Acked-by: Christian Boltz <email address hidden>
Acked-by: Seth Arnold <email address hidden> - 3637. By Tyler Hicks
-
utils: Require apparmor.aa users to call init_aa()
Introduce an apparmor.
aa.init_ aa() method and move the initialization
code of the apparmor.aa module into it. Note that this change will break
any external users of apparmor.aa because global variables that were
previously initialized when importing apparmor.aa will not be
initialized unless a call to the new apparmor.aa.init_ aa() method is
made.The main purpose of this change is to allow the utils tests to be able
to set a non-default location for configuration files. Instead of
hard-coding the location of logprof.conf and other utils related
configuration files to /etc/apparmor/, this patch allows it to be
configured by calling apparmor.aa.init_ aa(confdir= PATH). This allows for the make check target to use the in-tree config file,
profiles, and parser by default. A helper method, setup_aa(), is added
to common_test.py that checks for an environment variable containing a
non-default configuration directory path prior to calling
apparmor.aa.init_ aa(). All test scripts that use apparmor.aa are updated
to call setup_aa().Signed-off-by: Tyler Hicks <email address hidden>
Suggested-by: Christian Boltz <email address hidden>
Acked-by: Seth Arnold <email address hidden>
Acked-by: Christian Boltz <email address hidden>
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://qastaging/apparmor/2.12