Click Apparmor

Merge lp:~jdstrand/click-apparmor/click-apparmor.lstat into lp:click-apparmor

  1. click-apparmor.lstat
  2. Merge into trunk
Proposed by Jamie Strandboge
Status: Merged
Approved by: Jamie Strandboge
Approved revision: 104
Merged at revision: 97
Proposed branch: lp:~jdstrand/click-apparmor/click-apparmor.lstat
Merge into: lp:click-apparmor
Diff against target: 101 lines (+60/-2)
4 files modified
apparmor/click.py (+9/-2)
debian/changelog (+9/-0)
debian/control (+3/-0)
test-clicktool.py (+39/-0)
To merge this branch: bzr merge lp:~jdstrand/click-apparmor/click-apparmor.lstat
Reviewer Review Type Date Requested Status
Steve Beattie Pending
Review via email: mp+210728@code.launchpad.net

This proposal supersedes a proposal from 2014-03-13.

Commit message

regenerate policy if hook symlink is newer than the profile (LP: #1291549)
debian/control: update for CI Train
- Set X-Auto-Uploader to no-rewrite-version
- Set Vcs-Bzr to the new target branch

Description of the change

High priority fix for bug #1291549. In essence, apps that were installed via the store had policy generated using CLICK_DIR="/top/click.ubuntu.com". Then when a preinstalled app used the same version in the store, click did not update the symlinks in the hooks directory to point to /usr/share/click/preinstalled. Click was then updated to update the symlinks to prefer the lowest overlay (practically speaking, to use /usr/share/click/preinstalled when it and /opt/click.ubuntu.com have the same version). However, while click was updated to update the symlinks, click-apparmor did not check to see if the hook symlink was newer than the generated profile. This branch fixes that.

Checklist:
 * Is your branch in sync with latest trunk (e.g. bzr pull lp:click-apparmor -> no changes): yes

 * Did you build your software in a clean sbuild/pbuilder chroot or ppa? yes

 * Did you build your software in a clean sbuild/pbuilder chroot or ppa on armhf? yes

 * Does the package's autopkgtests pass with exit status '0'? yes

 * Has your component TestPlan been executed successfully on emulator/supported device? yes

 * Has a 5 minute exploratory testing run been executed on emulator/supported device? yes

 * If you changed the packaging (debian), did you subscribe a core-dev to this MP? n/a

 * What components might get impacted by your changes? none

 * Have you requested review by the teams of these owning components? n/a

To post a comment you must log in.
Revision history for this message
Steve Beattie (sbeattie) wrote : Posted in a previous version of this proposal

This change looks correct. Thanks!

review: Approve
Revision history for this message
Jamie Strandboge (jdstrand) wrote : Posted in a previous version of this proposal

Set to approved based on Steve's review.

Revision history for this message
Jamie Strandboge (jdstrand) wrote : Posted in a previous version of this proposal

MP Review Checklist
 * Are any changes against your component pending/needed to land the MP under review in a functional state and are those called out explicitly by the submitter? no

 * Did you do exploratory testing related to the component you own with the MP changeset included? yes

 * Has the submitter requested review by all the relevant teams/reviewers? yes

 * If you are the reviewer owning the component the MP is against, have you checked that submitter has accurately filled out the submitter checklist and has taken no shortcut? I requested and reviewed. I doubled checked I didn't miss anything

Revision history for this message
Jamie Strandboge (jdstrand) wrote : Posted in a previous version of this proposal

Note, I plan to update the comment in the test script to not reference symlinks since it isn't actually creating them, but I will do that in click-apparmor 0.2 rather than here to not delay on re-testing.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'apparmor/click.py'
--- apparmor/click.py 2014-02-05 22:39:37 +0000
+++ apparmor/click.py 2014-03-13 02:16:52 +0000
@@ -570,8 +570,15 @@
570 result = []570 result = []
571 for hook in os.listdir(hooksdir):571 for hook in os.listdir(hooksdir):
572 name = AppName(click_name=hook)572 name = AppName(click_name=hook)
573 if not os.path.exists(os.path.join(profilesdir,573 profile = os.path.join(profilesdir, name.profile_filename)
574 name.profile_filename)):574 hook_full = os.path.join(hooksdir, hook)
575 if not os.path.exists(profile):
576 # If profile doesn't exist, we need to generate it
577 result.append(name.click_name)
578 elif os.lstat(hook_full).st_mtime > os.stat(profile).st_mtime:
579 # If the profile exists, but the hook symlink is newer, we need to
580 # regenerate it. Click may update the symlink from time to time, so
581 # we need to handle this (LP: #1291549)
575 result.append(name.click_name)582 result.append(name.click_name)
576 return result583 return result
577584
578585
=== modified file 'debian/changelog'
--- debian/changelog 2014-02-05 22:39:37 +0000
+++ debian/changelog 2014-03-13 02:16:52 +0000
@@ -1,3 +1,12 @@
1click-apparmor (0.1.15.3) UNRELEASED; urgency=low
2
3 * regenerate policy if hook symlink is newer than the profile (LP: #1291549)
4 * debian/control: update for CI Train
5 - Set X-Auto-Uploader to no-rewrite-version
6 - Set Vcs-Bzr to the new target branch
7
8 -- Jamie Strandboge <jamie@ubuntu.com> Wed, 12 Mar 2014 20:16:48 -0500
9
1click-apparmor (0.1.14) trusty; urgency=medium10click-apparmor (0.1.14) trusty; urgency=medium
211
3 * implement autopkgtests12 * implement autopkgtests
413
=== modified file 'debian/control'
--- debian/control 2014-02-05 22:39:37 +0000
+++ debian/control 2014-03-13 02:16:52 +0000
@@ -12,6 +12,9 @@
12 libnih-dbus1,12 libnih-dbus1,
13 apparmor-easyprof-ubuntu13 apparmor-easyprof-ubuntu
14Standards-Version: 3.9.414Standards-Version: 3.9.4
15Vcs-Bzr: https://code.launchpad.net/~ubuntu-security/click-apparmor/trunk
16Vcs-Browser: http://bazaar.launchpad.net/~ubuntu-security/click-apparmor/trunk/files
17X-Auto-Uploader: no-rewrite-version
15X-Python3-Version: >= 3.318X-Python3-Version: >= 3.3
16XS-Testsuite: autopkgtest19XS-Testsuite: autopkgtest
1720
1821
=== modified file 'test-clicktool.py'
--- test-clicktool.py 2014-02-05 22:39:37 +0000
+++ test-clicktool.py 2014-03-13 02:16:52 +0000
@@ -1347,6 +1347,45 @@
1347 self.assertEquals(expected, result,1347 self.assertEquals(expected, result,
1348 "Expected to get no click hooks, got %s" % (result))1348 "Expected to get no click hooks, got %s" % (result))
13491349
1350 def test_two_equal_directories_new_symlink(self):
1351 '''Test two equal directories with new symlink (LP: #1291549)'''
1352 c = self.clickstate
1353 clicks = ["alpha_beta_gamma", "click_click_version",
1354 "wat_no-really_wat"]
1355 for cname in clicks:
1356 with open(os.path.join(c.click_dir, '%s.json' %
1357 (cname)), 'w+') as f:
1358 f.write('invalid json here')
1359 with open(os.path.join(c.profiles_dir, 'click_%s' %
1360 (cname)), 'w+') as f:
1361 f.write('profile %s { }' % (cname))
1362
1363 # No symlinks update yet, so everything should be the same
1364 expected = []
1365 result = click.get_missing_profiles(c.click_dir, c.profiles_dir)
1366 self.assertEquals(expected, result,
1367 "Expected to get no profiles, got %s" % (result))
1368 result = click.get_missing_clickhooks(c.click_dir, c.profiles_dir)
1369 self.assertEquals(expected, result,
1370 "Expected to get no click hooks, got %s" % (result))
1371
1372 time.sleep(1)
1373 clicks = ["alpha_beta_gamma", "click_click_version"]
1374 for cname in clicks:
1375 with open(os.path.join(c.click_dir, '%s.json' %
1376 (cname)), 'w+') as f:
1377 f.write('invalid json here')
1378
1379 expected = []
1380 result = click.get_missing_clickhooks(c.click_dir, c.profiles_dir)
1381 self.assertEquals(expected, result,
1382 "Expected to get no click hooks, got %s" % (result))
1383 expected = len(clicks)
1384 result = click.get_missing_profiles(c.click_dir, c.profiles_dir)
1385 self.assertEquals(expected, len(result),
1386 "Expected to get %d profiles, got %s:\n" %
1387 (expected, len(result)))
1388
13501389
1351class AppArmorPolicyModificationTests(unittest.TestCase):1390class AppArmorPolicyModificationTests(unittest.TestCase):
13521391

Subscribers

People subscribed via source and target branches