mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-23 02:27:12 +00:00
Code Issues Releases Wiki Activity

Merge regression: fix test suite runs on older Ubuntu releases

Browse Source 
This involves replacing `command -v` with `which` (again), since the `command` shell builtin isn't recognized by older versions of Make, as well as skipping tests that require the `linux/mount.h` header on older systems that lack it.

Signed-off-by: Ryan Lee <ryan.lee@canonical.com>

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1578
Approved-by: Zygmunt Krynicki <me@zygoon.pl>
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>
This commit is contained in:
John Johansen 2025-03-22 01:06:48 +00:00
commit 07eef2823f
5 changed files with 31 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.image-garden.mk
View File

@ -79,6 +79,7 @@ packages:
- python311 - python311
- python311-devel - python311-devel
- swig - swig
- which
endef endef
define FEDORA_CLOUD_INIT_USER_DATA_TEMPLATE define FEDORA_CLOUD_INIT_USER_DATA_TEMPLATE

2
common/Make.rules
View File

@ -35,7 +35,7 @@ VERSION=$(shell cat $(COMMONDIR)/Version)
pathsearch = $(firstword $(wildcard $(addsuffix /$(1),$(subst :, ,$(PATH))))) pathsearch = $(firstword $(wildcard $(addsuffix /$(1),$(subst :, ,$(PATH)))))
map = $(foreach a,$(2),$(call $(1),$(a))) map = $(foreach a,$(2),$(call $(1),$(a)))
AWK?=$(or $(shell command -v awk),$(error awk utility required for build but not available)) AWK?=$(or $(shell which awk),$(error awk utility required for build but not available))
define nl define nl

19
tests/regression/apparmor/Makefile
View File

@ -27,7 +27,7 @@ manually, or build against in-tree libapparmor.${nl}\
endif # LIBAPPARMOR not set endif # LIBAPPARMOR not set
LDLIBS += $(LIBAPPARMOR) LDLIBS += $(LIBAPPARMOR)
AA_EXEC = $(shell command -v aa-exec) AA_EXEC = $(shell which aa-exec)
ifeq ($(AA_EXEC),) ifeq ($(AA_EXEC),)
AA_EXEC_ERROR_MESSAGE = $(error ${nl}\ AA_EXEC_ERROR_MESSAGE = $(error ${nl}\
************************************************************************${nl}\ ************************************************************************${nl}\
@ -85,6 +85,9 @@ endif
SYSCTL_INCLUDE="\#include <sys/sysctl.h>" SYSCTL_INCLUDE="\#include <sys/sysctl.h>"
USE_SYSCTL:=$(shell echo $(SYSCTL_INCLUDE) | cpp -dM >/dev/null 2>/dev/null && echo true) USE_SYSCTL:=$(shell echo $(SYSCTL_INCLUDE) | cpp -dM >/dev/null 2>/dev/null && echo true)
LINUX_MOUNT_INCLUDE="\#include <linux/mount.h>"
HAVE_LINUX_MOUNT_H:=$(shell echo $(LINUX_MOUNT_INCLUDE) | cpp -dM >/dev/null 2>/dev/null && echo true)
CFLAGS += -g -O0 $(EXTRA_WARNINGS) CFLAGS += -g -O0 $(EXTRA_WARNINGS)
SRC=access.c \ SRC=access.c \
@ -125,7 +128,6 @@ SRC=access.c \
mmap.c \ mmap.c \
mkdir.c \ mkdir.c \
mount.c \ mount.c \
move_mount.c \
named_pipe.c \ named_pipe.c \
net_inet_rcv.c \ net_inet_rcv.c \
net_inet_snd.c \ net_inet_snd.c \
@ -174,6 +176,11 @@ ifneq (,$(findstring $(shell uname -i),i386 i486 i586 i686 x86 x86_64))
SRC+=syscall_ioperm.c syscall_iopl.c SRC+=syscall_ioperm.c syscall_iopl.c
endif endif
#only do move_mount test if we have linux/mount.h
ifeq ($(HAVE_LINUX_MOUNT_H),true)
SRC+=move_mount.c
endif
#only do sysctl syscall test if defines installed and OR supported by the #only do sysctl syscall test if defines installed and OR supported by the
# kernel # kernel
ifeq ($(USE_SYSCTL),true) ifeq ($(USE_SYSCTL),true)
@ -181,7 +188,7 @@ SRC+=syscall_sysctl.c
endif endif
# Only do xattrs_profile test if we have the required setfattr binary # Only do xattrs_profile test if we have the required setfattr binary
ifneq (,$(shell command -v setfattr)) ifneq (,$(shell which setfattr > /dev/null && echo TRUE))
SRC+=xattrs_profile.c SRC+=xattrs_profile.c
else else
$(warning ${nl}\ $(warning ${nl}\
@ -192,7 +199,7 @@ Install attr or equivalent package to build and run this test${nl}\
endif endif
# Only do overlayfs_fuse test if we have the required fuse-overlayfs binary # Only do overlayfs_fuse test if we have the required fuse-overlayfs binary
ifeq (,$(shell command -v fuse-overlayfs)) ifeq (,$(shell which fuse-overlayfs > /dev/null && echo TRUE))
$(warning ${nl}\ $(warning ${nl}\
************************************************************************${nl}\ ************************************************************************${nl}\
No fuse-overlayfs skipping overlayfs_fuse tests ...${nl}\ No fuse-overlayfs skipping overlayfs_fuse tests ...${nl}\
@ -321,12 +328,12 @@ TESTS=aa_exec \
nfs nfs
# Only do overlayfs_fuse test if we have the required fuse-overlayfs binary # Only do overlayfs_fuse test if we have the required fuse-overlayfs binary
ifneq (,$(shell command -v fuse-overlayfs)) ifneq (,$(shell which fuse-overlayfs > /dev/null && echo TRUE))
TESTS+=overlayfs_fuse TESTS+=overlayfs_fuse
endif endif
# Only do xattrs_profile test if we have the required setfattr binary # Only do xattrs_profile test if we have the required setfattr binary
ifneq (,$(shell command -v setfattr)) ifneq (,$(shell which setfattr > /dev/null && echo TRUE))
TESTS+=xattrs_profile TESTS+=xattrs_profile
endif endif

2
tests/regression/apparmor/complain.sh
View File

@ -29,5 +29,5 @@ runchecktest "Complain mode profile (file exec no permission entry)" pass exec e
# This test will fail on a kernel that doesn't have # This test will fail on a kernel that doesn't have
# https://lists.ubuntu.com/archives/apparmor/2024-August/013338.html applied # https://lists.ubuntu.com/archives/apparmor/2024-August/013338.html applied
genprofile -C $(command -v echo):cx genprofile -C $(which echo):cx
runchecktest "Complain mode profile (file exec cx permission entry)" pass exec echo PASS runchecktest "Complain mode profile (file exec cx permission entry)" pass exec echo PASS

15
tests/regression/apparmor/mount.sh
View File

@ -305,6 +305,11 @@ open_tree_tests() {
mnt_target=$2 mnt_target=$2
fsname=$3 fsname=$3
settest move_mount settest move_mount
if [ ! -f "$bin/move_mount" ]; then
echo " WARNING: move_mount binary was not built, skipping open_tree_tests ..."
return
fi
# TODO: check for move_mount syscall support # TODO: check for move_mount syscall support
# TODO: check that parser supports detached # TODO: check that parser supports detached
# eg. move_mount tmpfs /tmp/move_mount_test tmpfs # eg. move_mount tmpfs /tmp/move_mount_test tmpfs
@ -377,6 +382,11 @@ fsmount_tests() {
mnt_target=$2 mnt_target=$2
fsname=$3 fsname=$3
settest move_mount settest move_mount
if [ ! -f "$bin/move_mount" ]; then
echo " WARNING: move_mount binary was not built, skipping fsmount_tests ..."
return
fi
# TODO: check for move_mount syscall support # TODO: check for move_mount syscall support
# TODO: check that parser supports detached # TODO: check that parser supports detached
# eg. move_mount tmpfs /tmp/move_mount_test tmpfs # eg. move_mount tmpfs /tmp/move_mount_test tmpfs
@ -423,6 +433,11 @@ all_rule() {
runchecktest "MOUNT (confined allow all remount)" pass mount ${loop_device} ${mount_point} -o remount runchecktest "MOUNT (confined allow all remount)" pass mount ${loop_device} ${mount_point} -o remount
remove_mnt remove_mnt
if [ ! -f "$bin/move_mount" ]; then
echo " WARNING: move_mount binary was not built, skipping all_rule move_mount tests ..."
return
fi
settest move_mount settest move_mount
genprofile "all" genprofile "all"