lp:~sbeattie/apparmor/apparmor-2.9-utils_update
- Get this branch:
- bzr branch lp:~sbeattie/apparmor/apparmor-2.9-utils_update
Branch merges
Branch information
Recent revisions
- 2904. By Christian Boltz
-
utils: simplify serialize_
parse_profile_ start()
Merge from trunk revision 3001Change serialize_
parse_profile_ start() to use parse_profile_ start()
instead of using duplicated code.The behaviour is mostly kept, with the exception that the function is
more strict now and raises exceptions instead of ignoring errors.In practise, this won't change anything because the profiles are parsed
with parse_profile() (which calls parse_profile_start() ) - and that
already errors out.The tests are updated to match the more strict behaviour.
The next step would be to drop serialize_
parse_profile_ start()
completely, but this isn't urgent and can/should be done when we have
test coverage for serialize_profile_ from_old_ profile( ) one day ;-) Acked-by: Steve Beattie <email address hidden>
- 2903. By Christian Boltz
-
utils: fix is_skippable_dir() and add tests
Merge from trunk revision 3000Fix is_skippable_dir() - the regex also matched things like
/etc/apparmor.d/dont_ disable, while it should match on the full
directory name.Also add some tests based on a real-world aa-logprof run (with "print (path)"
in is_skippable_dir()) and some additional "funny"[tm] dirs.Needless to say that the tests
('dont_ disable' , False),
('/etc/ apparmor. d/cache_ foo', False),
will fail with the old is_skippable_dir().Acked-by: Steve Beattie <email address hidden>
- 2902. By Christian Boltz
-
utils: replace RE_PROFILE_START
Merge from trunk revision 2999Replace RE_PROFILE_START with RE_PROFILE_START_2 and adjust all
code sections that used RE_PROFILE_START_2.The only real change is that test_get_
flags_invalid_ 01 and
test_get_flags_invalid_ 02 now expect AppArmorException instead of
AppArmorBug.Acked-by: Steve Beattie <email address hidden> for trunk
- 2901. By Christian Boltz
-
utils: implement attachment handling after rewriting set_profile_flags()
to use write_header(), and making set_profile_flags
more strict.Merge from trunk revisions 2996, 2997, and 2998.
Changes in set_profile_
flags() :
- rewrite set_profile_flags to use parse_profile_start_line( ) and
write_header().
- replace the silent failure for non-existing files with a proper
exception (using lazy programming - the check is done by removing the
"if os.path.isfile()" check, open_file_read then raises the
exception ;-)
- comment out regex_hat_flag and the code that was supposed to handle
hat flags, which were totally broken. We'll need another patch to fix
it, and we also need to decide if we want to do that because it
introduces a behaviour change (currently, aa-complain etc. don't
change hat flags).The tests for set_profile_flags() are also updated:
- prepend a space to comments because write_header always adds a space
between '{' and the comment
- remove a test with superfluous quotes that are no longer kept
(that's
just a profile cleanup, so dropping that test is the easiest way)
- update test_set_flags_10 and test_set_flags_12 to use the correct
profile name
- enable the tests for invalid (empty) flags
- update the test for a non-existing filethis patch makes set_profile_flags more strict:
- raise AppArmorBug if newflags contains only whitespace
- raise AppArmorBug if the file doesn't contain the specified profile or
no profile at allThe tests are adjusted to expect AppArmorBug instead of a silent
failure. Also, some tests are added for profile=None, which means to
change the flags for all profiles in a file.
- test_set_flags_08 is now test_set_flags_invalid_ 04
- test_set_flags_invalid_ 03 is changed to only contain one reason for
a failure, not two ;-)Finally implement attachment handling
This patch implements attachment handling - aa-logprof now works with
profiles that have an attachment defined, instead of ignoring audit.log
entries for those profiles.Changes:
- parse_profile_start_line( ): remove workaround that merged the
attachment into the profile name
- parse_profile_data(): store attachment when parsing a profile
- update test_parse_profile_ start_03,
test_serialize_ parse_profile_ start_03,
test_set_flags_ nochange_ 09 and some parse_profile_ start_line( ) tests -
they now expect correct attachment handlingAcked-by: Steve Beattie <email address hidden>
- 2900. By Christian Boltz
-
utils: rewrite parse_profile_
start()
Merge from trunk revision 2990Rewrite parse_profile_
start() in aa.py to a more readable version.
The behaviour remains unchanged (and is covered by tests).Acked-by: Kshitij Gupta <email address hidden>
- 2899. By Christian Boltz
-
utils: add tests for RE_PROFILE_START_2 and parse_profile_
start_line( )
Merge from trunk revision 2989Also add AANamedRegexTest class that can be used to test a regex with
named match groups.Acked-by: Steve Beattie <email address hidden>
- 2898. By Christian Boltz
-
utils: test new parameters of write_header()
Merge from trunk revision 2988Change the write_header tests so that the 'profile_keyword' and
'header_comment' parameters can be (and are) tested:
- add a None for both to the existing tests
- add some tests that come with the profile keyword and/or a commentAcked-by: Steve Beattie <email address hidden>
- 2897. By Christian Boltz
-
utils: extend and partially rewrite write_header()
Merge from trunk revision 2987- add support for prof_data[
'header_ comment' ] (comment after '{')
and prof_data['profile_ keyword' ] (to force the 'profile' keyword, even
if it isn't needed) to write_header().
(set_profile_ flags() will be the only user of these two for now) - fix a crash if depth is not an integer - for example,
len(' ')/2 # 3 spaces = 1.5
would cause a crash.
Also add a test for 1.5 and 1.3 spaces.- rewrite the handling of flags to avoid we have to maintain two
different template lines.- update the tests to set 'profile_keyword' and 'header_comment' to None.
This avoids big changes in the test code. I'll send another patch that
makes sure profile_keyword and header_comment are tested ;-)Acked-by: Steve Beattie <email address hidden>
- 2896. By Christian Boltz
-
utils: add attachment to parse_profile_
start() return values
Merge from trunk revision 2986Add the attachment to the parse_profile_
start() and
serialize_parse_profile_ start() return values, and adjust the functions
calling the *parse_profile_ start() functions to save the attachment in
the "attachment" variable (which isn't used yet).Also adjust the tests for the added return value.
(Sorry for not getting the resultset right from the beginning!)
Acked-by: Steve Beattie <email address hidden>
- 2895. By Christian Boltz
-
utils: Add support for attachments to write_header()
Merge from trunk revision 2985Also fix a little bug that added the profile keyword if the path needed
quotes (profile "/foo bar" - but "/foo bar" is enough). This was caused
by a regex that always matched on quoted paths (hint: "/ matches
^[^/] ;-)Also add some tests with attachments and update the test for the bugfix
mentioned above.Now the remaining part is to make sure that prof_data[
'attachment' ] gets
set when parsing the profiles :-)Acked-by: Steve Beattie <email address hidden>
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:apparmor/2.12