On 02/09/2015 04:06 PM, Tyler Hicks wrote: > There are two things that I missed, mentioned below. I've made these > changes locally. > Arguable whether the profile change was needed, but I'm not arguing against making the change.
It looks good, thanks Acked-by: John Johansen <[email protected]> > On 2015-02-09 16:37:59, Tyler Hicks wrote: >> Signed-off-by: Tyler Hicks <[email protected]> >> --- >> tests/regression/apparmor/pivot_root.c | 30 +++++++++++++++--------------- >> tests/regression/apparmor/socketpair.c | 26 +++++++++++++------------- >> 2 files changed, 28 insertions(+), 28 deletions(-) >> >> diff --git a/tests/regression/apparmor/pivot_root.c >> b/tests/regression/apparmor/pivot_root.c >> index 1b6ac94..6a1d4eb 100644 >> --- a/tests/regression/apparmor/pivot_root.c >> +++ b/tests/regression/apparmor/pivot_root.c >> @@ -31,7 +31,7 @@ >> struct clone_arg { >> const char *put_old; >> const char *new_root; >> - const char *expected_con; >> + const char *expected_label; >> }; >> >> static int _pivot_root(const char *new_root, const char *put_old) >> @@ -44,12 +44,12 @@ static int _pivot_root(const char *new_root, const char >> *put_old) >> #endif >> } >> >> -static int pivot_and_verify_con(void *arg) >> +static int pivot_and_verify_label(void *arg) >> { >> const char *put_old = ((struct clone_arg *)arg)->put_old; >> const char *new_root = ((struct clone_arg *)arg)->new_root; >> - const char *expected_con = ((struct clone_arg *)arg)->expected_con; >> - char *con; >> + const char *expected_label = ((struct clone_arg *)arg)->expected_label; >> + char *label; >> int rc; >> >> rc = chdir(new_root); >> @@ -64,19 +64,19 @@ static int pivot_and_verify_con(void *arg) >> exit(101); >> } >> >> - rc = aa_getcon(&con, NULL); >> + rc = aa_getcon(&label, NULL); >> if (rc < 0) { >> perror("FAIL - aa_getcon"); >> exit(102); >> } >> >> - if (strcmp(expected_con, con)) { >> - fprintf(stderr, "FAIL - expected_con (%s) != con (%s)\n", >> - expected_con, con); >> + if (strcmp(expected_label, label)) { >> + fprintf(stderr, "FAIL - expected_label (%s) != label (%s)\n", >> + expected_label, label); >> exit(103); >> } >> >> - free(con); >> + free(label); >> exit(0); >> } >> >> @@ -86,10 +86,10 @@ static pid_t _clone(int (*fn)(void *), void *arg) >> void *stack = alloca(stack_size); >> >> #ifdef __ia64__ >> - return __clone2(pivot_and_verify_con, stack, stack_size, >> + return __clone2(pivot_and_verify_label, stack, stack_size, >> CLONE_NEWNS | SIGCHLD, arg); >> #else >> - return clone(pivot_and_verify_con, stack + stack_size, >> + return clone(pivot_and_verify_label, stack + stack_size, >> CLONE_NEWNS | SIGCHLD, arg); >> #endif >> } >> @@ -105,19 +105,19 @@ int main(int argc, char **argv) >> "FAIL - usage: %s <PUT_OLD> <NEW_ROOT> <PROFILE>\n\n" > > I missed changing <PROFILE> to <LABEL> here. > > Tyler > >> " <PUT_OLD>\t\tThe put_old param of pivot_root()\n" >> " <NEW_ROOT>\t\tThe new_root param of pivot_root()\n" >> - " <PROFILE>\t\tThe expected AA context after >> pivoting\n\n" >> + " <LABEL>\t\tThe expected AA label after pivoting\n\n" >> "This program clones itself in a new mount namespace, >> \n" >> "does a pivot and then calls aa_getcon(). The test >> fails \n" >> - "if <PROFILE> does not match the context returned by \n" >> + "if <PROFILE> does not match the label returned by \n" >> "aa_getcon().\n", argv[0]); >> exit(1); >> } >> >> arg.put_old = argv[1]; >> arg.new_root = argv[2]; >> - arg.expected_con = argv[3]; >> + arg.expected_label = argv[3]; >> >> - child = _clone(pivot_and_verify_con, &arg); >> + child = _clone(pivot_and_verify_label, &arg); >> if (child < 0) { >> perror("FAIL - clone"); >> exit(2); >> diff --git a/tests/regression/apparmor/socketpair.c >> b/tests/regression/apparmor/socketpair.c >> index 9a64ba7..06125d5 100644 >> --- a/tests/regression/apparmor/socketpair.c >> +++ b/tests/regression/apparmor/socketpair.c >> @@ -51,13 +51,13 @@ static int get_socketpair(int pair[2]) >> } >> >> static int verify_confinement_context(int fd, const char *fd_name, >> - const char *expected_con, >> + const char *expected_label, >> const char *expected_mode) >> { >> - char *con, *mode; >> + char *label, *mode; >> int rc; >> >> - rc = aa_getpeercon(fd, &con, &mode); >> + rc = aa_getpeercon(fd, &label, &mode); >> if (rc < 0) { >> fprintf(stderr, "FAIL - %s: aa_getpeercon(%d, , ): %m", >> fd_name, fd); >> @@ -67,10 +67,10 @@ static int verify_confinement_context(int fd, const char >> *fd_name, >> if (!mode) >> mode = NO_MODE; >> >> - if (strcmp(con, expected_con)) { >> + if (strcmp(label, expected_label)) { >> fprintf(stderr, >> - "FAIL - %s: con \"%s\" != expected_con \"%s\"\n", >> - fd_name, con, expected_con); >> + "FAIL - %s: label \"%s\" != expected_label \"%s\"\n", >> + fd_name, label, expected_label); >> rc = 2; >> goto out; >> } >> @@ -85,7 +85,7 @@ static int verify_confinement_context(int fd, const char >> *fd_name, >> >> rc = 0; >> out: >> - free(con); >> + free(label); >> return rc; >> } >> >> @@ -133,17 +133,17 @@ static int reexec(int pair[2], int argc, char **argv) >> >> int main(int argc, char **argv) >> { >> - char *expected_con, *expected_mode; >> + char *expected_label, *expected_mode; >> int pair[2], rc; >> >> if (argc < 3) { >> fprintf(stderr, >> "FAIL - usage: %s <CON> <MODE> [<CHANGE_ONEXEC> >> ...]\n\n" > > I missed changing <CON> to <LABEL> here. > >> - " <CON>\t\tThe expected confinement context\n" >> + " <LABEL>\t\tThe expected confinement label\n" >> " <MODE>\tThe expected confinement mode\n" >> " <CHANGE_ONEXEC>\tThe profile to change to on >> exec\n\n" >> "This program gets a socket pair and then verifies \n" >> - "the confinement context and mode of each file \n" >> + "the confinement label and mode of each file \n" >> "descriptor. If there is no expected mode string, \n" >> "<MODE> should be \"%s\".\n\n" >> "Multiple <CHANGE_ONEXEC> profiles can be specified \n" >> @@ -162,17 +162,17 @@ int main(int argc, char **argv) >> if (get_socketpair(pair)) >> exit(2); >> >> - expected_con = argv[1]; >> + expected_label = argv[1]; >> expected_mode = argv[2]; >> >> if (verify_confinement_context(pair[0], "pair[0]", >> - expected_con, expected_mode)) { >> + expected_label, expected_mode)) { >> rc = 3; >> goto out; >> } >> >> if (verify_confinement_context(pair[1], "pair[1]", >> - expected_con, expected_mode)) { >> + expected_label, expected_mode)) { >> rc = 4; >> goto out; >> } >> -- >> 2.1.0 >> >> >> -- >> AppArmor mailing list >> [email protected] >> Modify settings or unsubscribe at: >> https://lists.ubuntu.com/mailman/listinfo/apparmor >> >> -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
