mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-03 15:55:46 +00:00
Code Issues Releases Wiki Activity

regression tests: switch from bashism == to posix str comparison =

Browse Source 
the == string comparison is a bashism. switch to posix supported =

Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen
2023-03-31 20:34:21 -07:00
parent f47d5c70a3
commit 1fc38dbd2a
19 changed files with 26 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tests/regression/apparmor/aa_exec_wrapper.sh
View File

@@ -16,7 +16,7 @@ fi
out=$($1 -- cat /proc/self/attr/current 2>&1) out=$($1 -- cat /proc/self/attr/current 2>&1)
rc=$? rc=$?
if [ $rc -eq 0 ] && [ "$out" == "$2" ]; then if [ $rc -eq 0 ] && [ "$out" = "$2" ]; then
echo PASS echo PASS
exit 0 exit 0
elif [ $rc -ne 0 ]; then elif [ $rc -ne 0 ]; then

2
tests/regression/apparmor/attach_disconnected.sh
View File

@@ -55,7 +55,7 @@ fi
# MS_PRIVATE temporarily. # MS_PRIVATE temporarily.
FINDMNT=/bin/findmnt FINDMNT=/bin/findmnt
if [ -x "${FINDMNT}" ] && ${FINDMNT} -no PROPAGATION / > /dev/null 2>&1 ; then if [ -x "${FINDMNT}" ] && ${FINDMNT} -no PROPAGATION / > /dev/null 2>&1 ; then
if [ "$(${FINDMNT} -no PROPAGATION /)" == "shared" ] ; then if [ "$(${FINDMNT} -no PROPAGATION /)" = "shared" ] ; then
root_was_shared="yes" root_was_shared="yes"
fi fi
elif [ "$(ps hp1 -ocomm)" = "systemd" ] ; then elif [ "$(ps hp1 -ocomm)" = "systemd" ] ; then

12
tests/regression/apparmor/capabilities.sh
View File

@@ -97,7 +97,7 @@ for TEST in ${TESTS} ; do
# no capabilities allowed # no capabilities allowed
genprofile ${my_entries} genprofile ${my_entries}
if [ "${TEST}" == "syscall_ptrace" -a "$(kernel_features ptrace)" == "true" ] ; then if [ "${TEST}" = "syscall_ptrace" -a "$(kernel_features ptrace)" = "true" ] ; then
# ptrace between profiles confining tasks of same pid is controlled by the ptrace rule # ptrace between profiles confining tasks of same pid is controlled by the ptrace rule
# capability + ptrace rule needed between pids # capability + ptrace rule needed between pids
runchecktest "${TEST} -- no caps" pass ${my_arg} runchecktest "${TEST} -- no caps" pass ${my_arg}
@@ -111,9 +111,9 @@ for TEST in ${TESTS} ; do
# iterate through each of the capabilities # iterate through each of the capabilities
for cap in ${CAPABILITIES} ; do for cap in ${CAPABILITIES} ; do
if [ "X$(eval echo \${${TEST}_${cap}})" == "XTRUE" ] ; then if [ "X$(eval echo \${${TEST}_${cap}})" = "XTRUE" ] ; then
expected_result=pass expected_result=pass
elif [ "${TEST}" == "syscall_ptrace" -a "$(kernel_features ptrace)" == "true" ]; then elif [ "${TEST}" = "syscall_ptrace" -a "$(kernel_features ptrace)" = "true" ]; then
expected_result=pass expected_result=pass
else else
expected_result=fail expected_result=fail
@@ -126,7 +126,7 @@ for TEST in ${TESTS} ; do
# a subprofile. # a subprofile.
settest ${testwrapper} settest ${testwrapper}
genprofile hat:$bin/${TEST} addimage:${bin}/${TEST} ${my_entries} genprofile hat:$bin/${TEST} addimage:${bin}/${TEST} ${my_entries}
if [ "${TEST}" == "syscall_ptrace" -a "$(kernel_features ptrace)" == "true" ] ; then if [ "${TEST}" = "syscall_ptrace" -a "$(kernel_features ptrace)" = "true" ] ; then
# ptrace between profiles confining tasks of same pid is controlled by the ptrace rule # ptrace between profiles confining tasks of same pid is controlled by the ptrace rule
# capability + ptrace rule needed between pids # capability + ptrace rule needed between pids
runchecktest "${TEST} changehat -- no caps" pass $bin/${TEST} ${my_arg} runchecktest "${TEST} changehat -- no caps" pass $bin/${TEST} ${my_arg}
@@ -139,9 +139,9 @@ for TEST in ${TESTS} ; do
runchecktest "${TEST} changehat -- all caps" pass $bin/${TEST} ${my_arg} runchecktest "${TEST} changehat -- all caps" pass $bin/${TEST} ${my_arg}
for cap in ${CAPABILITIES} ; do for cap in ${CAPABILITIES} ; do
if [ "X$(eval echo \${${TEST}_${cap}})" == "XTRUE" ] ; then if [ "X$(eval echo \${${TEST}_${cap}})" = "XTRUE" ] ; then
expected_result=pass expected_result=pass
elif [ "${TEST}" == "syscall_ptrace" -a "$(kernel_features ptrace)" == "true" ]; then elif [ "${TEST}" = "syscall_ptrace" -a "$(kernel_features ptrace)" = "true" ]; then
expected_result=pass expected_result=pass
else else
expected_result=fail expected_result=fail

2
tests/regression/apparmor/changeprofile.sh
View File

@@ -47,7 +47,7 @@ runchecktest "NO CHANGEPROFILE (access parent file)" pass nochange $file
runchecktest "NO CHANGEPROFILE (access sub file)" fail nochange $subfile runchecktest "NO CHANGEPROFILE (access sub file)" fail nochange $subfile
errno=EACCES errno=EACCES
if [ "$(kernel_features domain/stack)" == "true" ]; then if [ "$(kernel_features domain/stack)" = "true" ]; then
# The returned errno changed in the set of kernel patches that # The returned errno changed in the set of kernel patches that
# introduced AppArmor profile stacking # introduced AppArmor profile stacking
errno=ENOENT errno=ENOENT

2
tests/regression/apparmor/coredump.sh
View File

@@ -18,7 +18,7 @@ cleancorefile()
checkcorefile() checkcorefile()
{ {
# global _testdesc _pfmode _known outfile # global _testdesc _pfmode _known outfile
if [ ${1:0:1} == "x" ] ; then if [ ${1:0:1} = "x" ] ; then
requirement=${1#x} requirement=${1#x}
_known=" (known problem)" _known=" (known problem)"
else else

2
tests/regression/apparmor/e2e.sh
View File

@@ -41,7 +41,7 @@ load_and_verify() {
local matching=0 local matching=0
for binary_policy in /sys/kernel/security/apparmor/policy/profiles/$prof*/raw_data; do for binary_policy in /sys/kernel/security/apparmor/policy/profiles/$prof*/raw_data; do
kernel_md5=$(cat $binary_policy | md5sum | awk '{ print $1 }') kernel_md5=$(cat $binary_policy | md5sum | awk '{ print $1 }')
if [ $kernel_md5 == $cache_md5 ]; then if [ $kernel_md5 = $cache_md5 ]; then
matching=1 matching=1
break break
fi fi

2
tests/regression/apparmor/exec_qual.sh
View File

@@ -57,7 +57,7 @@ local_runchecktest()
checktestbg checktestbg
if [ "$teststatus" == "pass" -a -n "$actual_confinement" -a "$actual_confinement" != "$expected_confinement" ] if [ "$teststatus" = "pass" -a -n "$actual_confinement" -a "$actual_confinement" != "$expected_confinement" ]
then then
echo "Error: ${testname} failed. Test '${_testdesc}' actual confinement '$actual_confinement' differed from expected confinement '$expected_confinement'" echo "Error: ${testname} failed. Test '${_testdesc}' actual confinement '$actual_confinement' differed from expected confinement '$expected_confinement'"
testfailed testfailed

2
tests/regression/apparmor/exec_stack.sh
View File

@@ -51,7 +51,7 @@ touch $file $otherfile $sharedfile $thirdfile
# meaning the below conditional check has the wrong results for those # meaning the below conditional check has the wrong results for those
# kernels. Since this test is not about testing mmap just always add # kernels. Since this test is not about testing mmap just always add
# the mmap perm # the mmap perm
#if [ "$(kernel_features domain/fix_binfmt_elf_mmap)" == "true" ]; then #if [ "$(kernel_features domain/fix_binfmt_elf_mmap)" = "true" ]; then
# elfmmap="m" # elfmmap="m"
#else #else
# elfmmap="" # elfmmap=""

2
tests/regression/apparmor/named_pipe.sh
View File

@@ -38,7 +38,7 @@ badchild=r
# Add genprofile params that are common to all hats here # Add genprofile params that are common to all hats here
common="" common=""
if [ "$(kernel_features signal)" == "true" -a "$(parser_supports 'signal,')" == "true" ] ; then if [ "$(kernel_features signal)" = "true" -a "$(parser_supports 'signal,')" = "true" ] ; then
# Allow send/receive of all signals # Allow send/receive of all signals
common="${common} signal:ALL" common="${common} signal:ALL"
fi fi

4
tests/regression/apparmor/nfs.sh
View File

@@ -72,8 +72,8 @@ genprofile $file2:$fileperm
sync; echo 3 > /proc/sys/vm/drop_caches sync; echo 3 > /proc/sys/vm/drop_caches
runchecktest "OPEN RW (nfs file create after cache drop) " xpass $file2 runchecktest "OPEN RW (nfs file create after cache drop) " xpass $file2
if [ "$(kernel_features network)" == "true" -o \ if [ "$(kernel_features network)" = "true" -o \
"$(kernel_features network_v8)" == "true" ]; then "$(kernel_features network_v8)" = "true" ]; then
# PASS TEST # PASS TEST
# Allowing network streams and file access should pass regardless # Allowing network streams and file access should pass regardless
genprofile "network:inet stream" $file3:$fileperm genprofile "network:inet stream" $file3:$fileperm

2
tests/regression/apparmor/onexec.sh
View File

@@ -44,7 +44,7 @@ do_test()
shift 4 shift 4
desc="ONEXEC $desc ($prof -> $target_prof)" desc="ONEXEC $desc ($prof -> $target_prof)"
if [ "$target_prof" == "nochange" ] ; then if [ "$target_prof" = "nochange" ] ; then
runchecktest "$desc" $res -l "$prof" -- "$@" runchecktest "$desc" $res -l "$prof" -- "$@"
else else
runchecktest "$desc" $res -O "$target_prof" -l "$prof" -L "$target_prof" -- "$@" runchecktest "$desc" $res -O "$target_prof" -l "$prof" -L "$target_prof" -- "$@"

2
tests/regression/apparmor/pivot_root.sh
View File

@@ -55,7 +55,7 @@ fi
# MS_PRIVATE temporarily. # MS_PRIVATE temporarily.
FINDMNT=/bin/findmnt FINDMNT=/bin/findmnt
if [ -x "${FINDMNT}" ] && ${FINDMNT} -no PROPAGATION / > /dev/null 2>&1 ; then if [ -x "${FINDMNT}" ] && ${FINDMNT} -no PROPAGATION / > /dev/null 2>&1 ; then
if [ "$(${FINDMNT} -no PROPAGATION /)" == "shared" ] ; then if [ "$(${FINDMNT} -no PROPAGATION /)" = "shared" ] ; then
root_was_shared="yes" root_was_shared="yes"
fi fi
elif [ "$(ps hp1 -ocomm)" = "systemd" ] ; then elif [ "$(ps hp1 -ocomm)" = "systemd" ] ; then

2
tests/regression/apparmor/posix_mq.sh
View File

@@ -77,7 +77,7 @@ do_tests()
for username in "root" "$userid" ; do for username in "root" "$userid" ; do
if [ $username == "root" ] ; then if [ $username = "root" ] ; then
usercmd="" usercmd=""
else else
usercmd="-u $userid" usercmd="-u $userid"

2
tests/regression/apparmor/ptrace.sh
View File

@@ -55,7 +55,7 @@ runchecktest "test 2 -h prog" pass -h -n 100 $helper ${bin_true}
runchecktest "test 2 -hc prog" pass -h -c -n 100 $helper ${bin_true} runchecktest "test 2 -hc prog" pass -h -c -n 100 $helper ${bin_true}
if [ "$(kernel_features ptrace)" == "true" -a "$(parser_supports 'ptrace,')" == "true" ] ; then if [ "$(kernel_features ptrace)" = "true" -a "$(parser_supports 'ptrace,')" = "true" ] ; then
. $bin/ptrace_v6.inc . $bin/ptrace_v6.inc
else else
. $bin/ptrace_v5.inc . $bin/ptrace_v5.inc

4
tests/regression/apparmor/query_label.sh
View File

@@ -93,7 +93,7 @@ querytest()
runchecktest "$desc" "$pf" "$expect" "$label" "$perms" $* runchecktest "$desc" "$pf" "$expect" "$label" "$perms" $*
} }
if [ "$(kernel_features dbus)" == "true" ]; then if [ "$(kernel_features dbus)" = "true" ]; then
# Check querying of a label that the kernel doesn't know about # Check querying of a label that the kernel doesn't know about
# aa_query_label() should return an error # aa_query_label() should return an error
expect anything expect anything
@@ -227,7 +227,7 @@ fi
genqueryprofile "file," genqueryprofile "file,"
expect allow expect allow
perms file exec,write,read,append,create,delete,setattr,getattr,chmod,chown,link,linksubset,lock,exec_mmap perms file exec,write,read,append,create,delete,setattr,getattr,chmod,chown,link,linksubset,lock,exec_mmap
if [ "$(kernel_features query/label/multi_transaction)" == "true" ] ; then if [ "$(kernel_features query/label/multi_transaction)" = "true" ] ; then
querytest "QUERY file (all base perms #1)" pass /anything querytest "QUERY file (all base perms #1)" pass /anything
querytest "QUERY file (all base perms #2)" pass /everything querytest "QUERY file (all base perms #2)" pass /everything
else else

2
tests/regression/apparmor/socketpair.sh
View File

@@ -37,7 +37,7 @@ af_unix_create_label=""
af_unix_inherit="" af_unix_inherit=""
aa_enabled="/sys/module/apparmor/parameters/enabled:r" aa_enabled="/sys/module/apparmor/parameters/enabled:r"
if [ "$(kernel_features network/af_unix)" == "true" -a "$(parser_supports 'unix,')" == "true" ]; then if [ "$(kernel_features network/af_unix)" = "true" -a "$(parser_supports 'unix,')" = "true" ]; then
# AppArmor requires that the process inheriting the sock file # AppArmor requires that the process inheriting the sock file
# descriptors have send,receive perms in its profile # descriptors have send,receive perms in its profile
af_unix_create="unix:(create,getopt)" af_unix_create="unix:(create,getopt)"

2
tests/regression/apparmor/swap.sh
View File

@@ -29,7 +29,7 @@ bin=$pwd
# check if we can run the test at all # check if we can run the test at all
fstype=$(stat -f --format '%T' "${tmpdir}") fstype=$(stat -f --format '%T' "${tmpdir}")
if [ "${fstype}" == "tmpfs" ] ; then if [ "${fstype}" = "tmpfs" ] ; then
echo "ERROR: tmpdir '${tmpdir}' is of type tmpfs; can't mount a swapfile on it" 1>&2 echo "ERROR: tmpdir '${tmpdir}' is of type tmpfs; can't mount a swapfile on it" 1>&2
echo "ERROR: skipping swap tests" 1>&2 echo "ERROR: skipping swap tests" 1>&2
num_testfailures=1 num_testfailures=1

2
tests/regression/apparmor/sysv_mq.sh
View File

@@ -66,7 +66,7 @@ do_tests()
} }
for username in "root" "$userid" ; do for username in "root" "$userid" ; do
if [ $username == "root" ] ; then if [ $username = "root" ] ; then
usercmd="" usercmd=""
else else
usercmd="-u $userid" usercmd="-u $userid"

2
tests/regression/apparmor/unix_fd_server.sh
View File

@@ -139,7 +139,7 @@ runchecktest "fd passing; confined -> confined (no perm)" fail $file $fd_client
sleep 1 sleep 1
rm -f ${socket} rm -f ${socket}
if [ "$(kernel_features policy/network/af_unix)" = "true" -a "$(parser_supports 'unix,')" == "true" ] ; then if [ "$(kernel_features policy/network/af_unix)" = "true" -a "$(parser_supports 'unix,')" = "true" ] ; then
# FAIL - confined client, no access to the socket file # FAIL - confined client, no access to the socket file
genprofile $file:$okperm $af_unix $socket:rw $fd_client:px -- image=$fd_client $file:$okperm $af_unix genprofile $file:$okperm $af_unix $socket:rw $fd_client:px -- image=$fd_client $file:$okperm $af_unix