Merge MountRule: check for unknown fstype and options keywords, and fix issues uncovered by that

* **MountRule: sync flags_keywords with parser code**

    ... based on /mount.cc mnt_opts_table

    Several keywords and aliases were missing in flags_keywords:
    - B
    - M
    - make-private
    - make-rprivate
    - make-rshared
    - make-rslave
    - make-runbindable
    - make-shared
    - make-slave
    - make-unbindable
    - r
    - R
    - read-only
    - w

    Also sort the keywords in the same order as in mount.cc.

    Note: AARE handling is still a TODO.

    After that, update the list of known parsing failures:
    - several valid profiles are now correctly parsed
    - some `"make-*" mount opt and an invalid src` bad profiles are no
      longer detected as being invalid

* **test-mount.py: fix MountRule instance creation**

    If fstype or options is a str, it has to be exactly one keyword, because
    \__init__() / check_and_split_list() won't parse a str.

    Our "normal" code already honors this, and only hands over fstype and
    options as sets or a single-keyword str.

    However, a few tests (wrongly) handed over a str that would need further
    parsing. Adjust the tests to no longer do this.

* **MountRule: check for unknown fstype and options**

    ... now that the previous commits fixed issues that ended up as unknown
    keywords.

    Also add mount/ok_12.sd as known-failing test. It uses fstype=AARE which
    MountRule doesn't support (yet?).

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1169
Approved-by: Georgia Garcia <georgia.garcia@canonical.com>
Merged-by: Georgia Garcia <georgia.garcia@canonical.com>

utils/test/test-mount.py

@@ -88,20 +88,28 @@ class MountTestParseInvalid(AATest):
 
     def test_diff_non_mountrule(self):
         exp = namedtuple('exp', ('audit', 'deny'))
-        obj = MountRule('mount',("=", '(ext4)'), MountRule.ALL,  MountRule.ALL, MountRule.ALL)
+        obj = MountRule('mount',("=", 'ext4'), MountRule.ALL,  MountRule.ALL, MountRule.ALL)
         with self.assertRaises(AppArmorBug):
             obj.is_equal(exp(False, False), False)
 
     def test_diff_invalid_fstype_equals_or_in(self):
         with self.assertRaises(AppArmorBug):
-            MountRule('mount', ('ext3', '(ext4)'), MountRule.ALL, MountRule.ALL, MountRule.ALL)  # fstype[0] should be '=' or 'in'
+            MountRule('mount', ('ext3', 'ext4'), MountRule.ALL, MountRule.ALL, MountRule.ALL)  # fstype[0] should be '=' or 'in'
+
+    def test_diff_invalid_fstype_keyword(self):
+        with self.assertRaises(AppArmorException):
+            MountRule('mount', ('=', 'invalidfs'), MountRule.ALL, MountRule.ALL, MountRule.ALL)  # fstype[0] should be '=' or 'in'
 
     def test_diff_invalid_options_equals_or_in(self):
         with self.assertRaises(AppArmorBug):
-            MountRule('mount', MountRule.ALL, ('rbind', '(rw)'),  MountRule.ALL, MountRule.ALL)  # fstype[0] should be '=' or 'in'
+            MountRule('mount', MountRule.ALL, ('rbind', 'rw'),  MountRule.ALL, MountRule.ALL)  # fstype[0] should be '=' or 'in'
+
+    def test_diff_invalid_options_keyword(self):
+        with self.assertRaises(AppArmorException):
+            MountRule('mount', MountRule.ALL, ('=', 'invalid'),  MountRule.ALL, MountRule.ALL)  # fstype[0] should be '=' or 'in'
 
     def test_diff_fstype(self):
-        obj1 = MountRule('mount',("=", '(ext4)'), MountRule.ALL,  MountRule.ALL, MountRule.ALL)
+        obj1 = MountRule('mount',("=", 'ext4'), MountRule.ALL,  MountRule.ALL, MountRule.ALL)
         obj2 = MountRule('mount',MountRule.ALL, MountRule.ALL,  MountRule.ALL, MountRule.ALL)
         self.assertFalse(obj1.is_equal(obj2, False))
 
@@ -204,7 +212,7 @@ class MountIsCoveredTest(AATest):
         obj = MountRule("mount", ("=", ('ext3', 'ext4')), ("=", ('ro')), "/foo/b*", "/b*")
         tests = [
             ("mount",   ("in", ('ext3', 'ext4')),   ("=", ('ro')),  "/foo/bar",     "/bar"      ),
-            ("mount",   ("=", ('procfs, ext4')),    ("=", ('ro')),  "/foo/bar",     "/bar"      ),
+            ("mount",   ("=", ('procfs', 'ext4')),  ("=", ('ro')),  "/foo/bar",     "/bar"      ),
             ("mount",   ("=", ('ext3')),            ("=", ('rw')),  "/foo/bar",     "/bar"      ),
             ("mount",   ("=", ('ext3', 'ext4')),    MountRule.ALL,  "/foo/b*",      "/bar"      ),
             ("mount",   MountRule.ALL,              ("=", ('ro')),  "/foo/b*",      "/bar"      ),