tests(check): add support for '#aa:lint ignore' inline directive to disable linting.

2025-07-21 22:22:13 +02:00 · 2025-07-21 22:22:13 +02:00 · b2910ae593
commit b2910ae593
parent f6914a8730
2 changed files with 19 additions and 1 deletions
--- a/pkg/prebuild/directive/core.go
+++ b/pkg/prebuild/directive/core.go
@ -106,6 +106,9 @@ func Run(file *paths.Path, profile string) (string, error) {
 		opt := NewOption(file, match)
 		drtv, ok := Directives[opt.Name]
 		if !ok {
+			if opt.Name == "lint" {
+				continue
+			}
 			return "", fmt.Errorf("unknown directive '%s' in %s", opt.Name, opt.File)
 		}
 		profile, err = drtv.Apply(opt, profile)
--- a/tests/check.sh
+++ b/tests/check.sh
@ -51,12 +51,24 @@ _wait() {
    fi
 }

+readonly _IGNORE_LINT="#aa:lint ignore"
+_ignore_lint() {
+    local line="$1"
+    if [[ "$line" == *"$_IGNORE_LINT"* ]]; then
+        return 0
+    fi
+    return 1
+}
+
 _check() {
    local file="$1"
    local line_number=0

    while IFS= read -r line; do
        line_number=$((line_number + 1))
+        if _ignore_lint "$line"; then
+            continue
+        fi

        # Rules checks
        _check_abstractions
@ -339,7 +351,10 @@ check_sbin() {
    jobs=0
    for name in "${sbin[@]}"; do
        (
-            mapfile -t files < <(grep --line-number --recursive -E "(^|[[:space:]])@{bin}/$name([[:space:]]|$)" apparmor.d | cut -d: -f1,2)
+            mapfile -t files < <(
+                grep --line-number --recursive -P "(^|[[:space:]])@{bin}/$name([[:space:]]|$)(?!.*$_IGNORE_LINT)" apparmor.d |
+                    cut -d: -f1,2
+            )
            for file in "${files[@]}"; do
                _err compatibility "$file" "contains '@{bin}/$name' instead of '@{sbin}/$name'"
            done