felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

test(aa): update unit tests.

Browse source
This commit is contained in:
Alexandre Pujol 2024-05-25 22:16:31 +01:00
parent 656aa15836
commit 474481f1d3
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
3 changed files with 38 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

32
pkg/aa/data_test.go
View file

@ -71,13 +71,13 @@ var (
"flags": "rw, rbind", "flags": "rw, rbind",
} }
mount1 = &Mount{ mount1 = &Mount{
RuleBase: RuleBase{Comment: "failed perms check"}, RuleBase: RuleBase{Comment: " failed perms check"},
MountConditions: MountConditions{FsType: "overlay"}, MountConditions: MountConditions{FsType: "overlay"},
Source: "overlay", Source: "overlay",
MountPoint: "/var/lib/docker/overlay2/opaque-bug-check1209538631/merged/", MountPoint: "/var/lib/docker/overlay2/opaque-bug-check1209538631/merged/",
} }
mount2 = &Mount{ mount2 = &Mount{
RuleBase: RuleBase{Comment: "failed perms check"}, RuleBase: RuleBase{Comment: " failed perms check"},
MountConditions: MountConditions{Options: []string{"rw", "rbind"}}, MountConditions: MountConditions{Options: []string{"rw", "rbind"}},
Source: "/oldroot/dev/tty", Source: "/oldroot/dev/tty",
MountPoint: "/newroot/dev/tty", MountPoint: "/newroot/dev/tty",
@ -197,7 +197,7 @@ var (
"protocol": "0", "protocol": "0",
} }
unix1 = &Unix{ unix1 = &Unix{
Access: []string{"receive", "send"}, Access: []string{"send", "receive"},
Type: "stream", Type: "stream",
Protocol: "0", Protocol: "0",
Address: "none", Address: "none",
@ -290,4 +290,30 @@ var (
Path: "@{PROC}/4163/cgroup", Path: "@{PROC}/4163/cgroup",
Access: []string{"r"}, Access: []string{"r"},
} }
// Link
link1Log = map[string]string{
"apparmor": "ALLOWED",
"operation": "link",
"class": "file",
"profile": "mkinitcpio",
"name": "/tmp/mkinitcpio.QDWtza/early@{lib}/firmware/i915/dg1_dmc_ver2_02.bin.zst",
"comm": "cp",
"requested_mask": "l",
"denied_mask": "l",
"fsuid": "0",
"ouid": "0",
"target": "/tmp/mkinitcpio.QDWtza/root@{lib}/firmware/i915/dg1_dmc_ver2_02.bin.zst",
"FSUID": "root",
"OUID": "root",
}
link1 = &Link{
Path: "/tmp/mkinitcpio.QDWtza/early@{lib}/firmware/i915/dg1_dmc_ver2_02.bin.zst",
Target: "/tmp/mkinitcpio.QDWtza/root@{lib}/firmware/i915/dg1_dmc_ver2_02.bin.zst",
}
link2 = &File{
Owner: true,
Path: "@{user_config_dirs}/powerdevilrc{,.@{rand6}}",
Target: "@{user_config_dirs}/#@{int}",
}
) )

10
pkg/aa/rules_test.go
View file

@ -88,6 +88,12 @@ func TestRules_FromLog(t *testing.T) {
log: file1Log, log: file1Log,
want: file1, want: file1,
}, },
{
name: "link",
fromLog: newLinkFromLog,
log: link1Log,
want: link1,
},
} }
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {
@ -417,7 +423,7 @@ func TestRules_String(t *testing.T) {
{ {
name: "mount", name: "mount",
rule: mount1, rule: mount1,
want: "mount fstype=overlay overlay -> /var/lib/docker/overlay2/opaque-bug-check1209538631/merged/, #failed perms check", want: "mount fstype=overlay overlay -> /var/lib/docker/overlay2/opaque-bug-check1209538631/merged/, # failed perms check",
}, },
{ {
name: "pivot_root", name: "pivot_root",
@ -442,7 +448,7 @@ func TestRules_String(t *testing.T) {
{ {
name: "unix", name: "unix",
rule: unix1, rule: unix1,
want: "unix (receive send) type=stream protocol=0 addr=none peer=(label=dbus-daemon, addr=@/tmp/dbus-AaKMpxzC4k),", want: "unix (send receive) type=stream protocol=0 addr=none peer=(label=dbus-daemon, addr=@/tmp/dbus-AaKMpxzC4k),",
}, },
{ {
name: "dbus", name: "dbus",

2
pkg/aa/templates/rule/file.j2
View file

@ -34,7 +34,7 @@
{{- .Path -}} {{- .Path -}}
{{- " " -}} {{- " " -}}
{{- with .Target -}} {{- with .Target -}}
{{ " -> " }}{{ . }} {{ "-> " }}{{ . }}
{{- end -}} {{- end -}}
{{- "," -}} {{- "," -}}
{{- template "comment" . -}} {{- template "comment" . -}}