-
Steve Beattie authored
Merge from trunk commits 2909, 2910, 2911, and 2912 BugLink: http://bugs.launchpad.net/bugs/1433829 The apparmor_parser fails to compile deny rules with only link permissions. Eg. deny /f l, deny l /f, deny link /f -> /d, Will all fail to compile with the following assert apparmor_parser: aare_rules.cc:99: Node* convert_file_perms(int, uint32_t, uint32_t, bool): Assertion `perms != 0' failed. NOTE: this is a minimal patch a bigger patch that cleans-up and separates and reorganizes file, link, exec, and change_profile rules is needed parser: Expand Equality tests This adds several new equality tests and turned up a couple of more bugs https://launchpad.net/bugs/1433829 https://launchpad.net/bugs/1434018 - add link/link subset tests - add pix, Pix, cix, Cix, pux, Pux, cux, Cux and specified profile transitions (/f px -> b ...) - test equality of leading and trailing permission file rules ie. /foo rw, == rw /foo, - test that specific x match overrides generic x rule. ie. /** ix, /foo px, is different than /** ix, /foo ix, - test that deny removes permission /f[abc] r, deny /fb r, is differnt than /f[abc] r, In addition to adding the new tests, it changes the output of the equality tests, so that if the $verbose variable is not set successful tests only output a period, with failed tests outputing the full info. If verbose is set the full test info is output as before. It also does: - make the verbose output of equality.sh honor whether or not the environment variable VERBOSE is set - thereby making the output verbose when 'make check V=1' or 'make check VERBOSE=1' is given from within the parser/ directory. This will make distribution packagers happy when diagnosing build failures caused by test failures. - if verbose output is not emitted and the tests were successful, emit a newline before printing PASS. - verify audit and audit allow is equal - verify audit differs from deny and audit deny - verify deny differs from audit deny - make the verbose text a little more useful for some cases - correct overlap exec tests to substitute in looped perms Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: Seth Arnold <seth.arnold@canonical.com>
0ec6ce96