On 2015-05-29 01:39:13, John Johansen wrote: > Rename require_features to require_kernel_features and > have_features to kernel_features > > to indicate they are tests for kernel features, as now there are tests > for parser features and in the future there might be library features > as well. > > Signed-off-by: John Johansen <[email protected]>
Acked-by: Tyler Hicks <[email protected]> > --- > tests/regression/apparmor/capabilities.sh | 8 ++++---- > tests/regression/apparmor/dbus_eavesdrop.sh | 2 +- > tests/regression/apparmor/dbus_message.sh | 2 +- > tests/regression/apparmor/dbus_service.sh | 2 +- > tests/regression/apparmor/dbus_unrequested_reply.sh | 2 +- > tests/regression/apparmor/deleted.sh | 2 +- > tests/regression/apparmor/mount.sh | 2 +- > tests/regression/apparmor/named_pipe.sh | 2 +- > tests/regression/apparmor/pivot_root.sh | 2 +- > tests/regression/apparmor/prologue.inc | 6 +++--- > tests/regression/apparmor/ptrace.sh | 2 +- > tests/regression/apparmor/socketpair.sh | 2 +- > tests/regression/apparmor/tcp.sh | 2 +- > tests/regression/apparmor/unix_fd_server.sh | 4 ++-- > tests/regression/apparmor/unix_socket_abstract.sh | 4 ++-- > tests/regression/apparmor/unix_socket_pathname.sh | 6 +++--- > tests/regression/apparmor/unix_socket_unnamed.sh | 4 ++-- > 17 files changed, 27 insertions(+), 27 deletions(-) > > diff --git a/tests/regression/apparmor/capabilities.sh > b/tests/regression/apparmor/capabilities.sh > index 1b50445..74a3c90 100644 > --- a/tests/regression/apparmor/capabilities.sh > +++ b/tests/regression/apparmor/capabilities.sh > @@ -97,7 +97,7 @@ for TEST in ${TESTS} ; do > > # no capabilities allowed > genprofile ${my_entries} > - if [ "${TEST}" == "syscall_ptrace" -a "$(have_features ptrace)" == > "true" ] ; then > + if [ "${TEST}" == "syscall_ptrace" -a "$(kernel_features ptrace)" == > "true" ] ; then > # ptrace between profiles confining tasks of same pid is controlled > by the ptrace rule > # capability + ptrace rule needed between pids > runchecktest "${TEST} -- no caps" pass ${my_arg} > @@ -113,7 +113,7 @@ for TEST in ${TESTS} ; do > for cap in ${CAPABILITIES} ; do > if [ "X$(eval echo \${${TEST}_${cap}})" == "XTRUE" ] ; then > expected_result=pass > - elif [ "${TEST}" == "syscall_ptrace" -a "$(have_features > ptrace)" == "true" ]; then > + elif [ "${TEST}" == "syscall_ptrace" -a "$(kernel_features > ptrace)" == "true" ]; then > expected_result=pass > else > expected_result=fail > @@ -126,7 +126,7 @@ for TEST in ${TESTS} ; do > # a subprofile. > settest ${testwrapper} > genprofile hat:$bin/${TEST} addimage:${bin}/${TEST} ${my_entries} > - if [ "${TEST}" == "syscall_ptrace" -a "$(have_features ptrace)" == > "true" ] ; then > + if [ "${TEST}" == "syscall_ptrace" -a "$(kernel_features ptrace)" == > "true" ] ; then > # ptrace between profiles confining tasks of same pid is controlled > by the ptrace rule > # capability + ptrace rule needed between pids > runchecktest "${TEST} changehat -- no caps" pass $bin/${TEST} > ${my_arg} > @@ -141,7 +141,7 @@ for TEST in ${TESTS} ; do > for cap in ${CAPABILITIES} ; do > if [ "X$(eval echo \${${TEST}_${cap}})" == "XTRUE" ] ; then > expected_result=pass > - elif [ "${TEST}" == "syscall_ptrace" -a "$(have_features > ptrace)" == "true" ]; then > + elif [ "${TEST}" == "syscall_ptrace" -a "$(kernel_features > ptrace)" == "true" ]; then > expected_result=pass > else > expected_result=fail > diff --git a/tests/regression/apparmor/dbus_eavesdrop.sh > b/tests/regression/apparmor/dbus_eavesdrop.sh > index 2792900..a7f2155 100755 > --- a/tests/regression/apparmor/dbus_eavesdrop.sh > +++ b/tests/regression/apparmor/dbus_eavesdrop.sh > @@ -18,7 +18,7 @@ pwd=`cd $pwd ; /bin/pwd` > bin=$pwd > > . $bin/prologue.inc > -requires_features dbus > +requires_kernel_features dbus > requires_parser_support "dbus," > . $bin/dbus.inc > > diff --git a/tests/regression/apparmor/dbus_message.sh > b/tests/regression/apparmor/dbus_message.sh > index cc52745..27807c4 100755 > --- a/tests/regression/apparmor/dbus_message.sh > +++ b/tests/regression/apparmor/dbus_message.sh > @@ -18,7 +18,7 @@ pwd=`cd $pwd ; /bin/pwd` > bin=$pwd > > . $bin/prologue.inc > -requires_features dbus > +requires_kernel_features dbus > requires_parser_support "dbus," > . $bin/dbus.inc > > diff --git a/tests/regression/apparmor/dbus_service.sh > b/tests/regression/apparmor/dbus_service.sh > index 322853b..5cd698a 100755 > --- a/tests/regression/apparmor/dbus_service.sh > +++ b/tests/regression/apparmor/dbus_service.sh > @@ -17,7 +17,7 @@ pwd=`cd $pwd ; /bin/pwd` > bin=$pwd > > . $bin/prologue.inc > -requires_features dbus > +requires_kernel_features dbus > requires_parser_support "dbus," > . $bin/dbus.inc > > diff --git a/tests/regression/apparmor/dbus_unrequested_reply.sh > b/tests/regression/apparmor/dbus_unrequested_reply.sh > index e91f3ad..e69c8b4 100644 > --- a/tests/regression/apparmor/dbus_unrequested_reply.sh > +++ b/tests/regression/apparmor/dbus_unrequested_reply.sh > @@ -17,7 +17,7 @@ pwd=`cd $pwd ; /bin/pwd` > bin=$pwd > > . $bin/prologue.inc > -requires_features dbus > +requires_kernel_features dbus > requires_parser_support "dbus," > . $bin/dbus.inc > > diff --git a/tests/regression/apparmor/deleted.sh > b/tests/regression/apparmor/deleted.sh > index 8d4c5b4..9ca937f 100755 > --- a/tests/regression/apparmor/deleted.sh > +++ b/tests/regression/apparmor/deleted.sh > @@ -65,7 +65,7 @@ okperm=rwl > badperm=wl > af_unix="" > > -if [ "$(have_features network/af_unix)" == "true" -a "$(parser_supports > 'unix,')" == "true" ]; then > +if [ "$(kernel_features network/af_unix)" == "true" -a "$(parser_supports > 'unix,')" == "true" ]; then > af_unix="unix:create" > fi > > diff --git a/tests/regression/apparmor/mount.sh > b/tests/regression/apparmor/mount.sh > index 0840199..8dc1a88 100755 > --- a/tests/regression/apparmor/mount.sh > +++ b/tests/regression/apparmor/mount.sh > @@ -102,7 +102,7 @@ runchecktest "UMOUNT (confined no perm)" fail umount > ${loop_device} ${mount_poin > remove_mnt > > > -if [ "$(have_features mount)" != "true" -o "$(parser_supports 'mount,')" != > "true" ] ; then > +if [ "$(kernel_features mount)" != "true" -o "$(parser_supports 'mount,')" > != "true" ] ; then > genprofile capability:sys_admin > runchecktest "MOUNT (confined cap)" pass mount ${loop_device} > ${mount_point} > remove_mnt > diff --git a/tests/regression/apparmor/named_pipe.sh > b/tests/regression/apparmor/named_pipe.sh > index 52037e5..72bc736 100755 > --- a/tests/regression/apparmor/named_pipe.sh > +++ b/tests/regression/apparmor/named_pipe.sh > @@ -38,7 +38,7 @@ badchild=r > # Add genprofile params that are common to all hats here > common="" > > -if [ "$(have_features signal)" == "true" -a "$(parser_supports 'signal,')" > == "true" ] ; then > +if [ "$(kernel_features signal)" == "true" -a "$(parser_supports 'signal,')" > == "true" ] ; then > # Allow send/receive of all signals > common="${common} signal:ALL" > fi > diff --git a/tests/regression/apparmor/pivot_root.sh > b/tests/regression/apparmor/pivot_root.sh > index faea755..b68f6cf 100755 > --- a/tests/regression/apparmor/pivot_root.sh > +++ b/tests/regression/apparmor/pivot_root.sh > @@ -106,7 +106,7 @@ do_test "unconfined, bad context" fail "$put_old" > "$new_root" "$bad" > genprofile > do_test "no perms" fail "$put_old" "$new_root" "$test" > > -if [ "$(have_features mount)" != "true" -o "$(parser_supports 'mount,')" != > "true" ] ; then > +if [ "$(kernel_features mount)" != "true" -o "$(parser_supports 'mount,')" > != "true" ] ; then > # pivot_root mediation isn't supported by this kernel/parser, so verify > that > # capability sys_admin is sufficient and skip the remaining tests > genprofile $cur $cap > diff --git a/tests/regression/apparmor/prologue.inc > b/tests/regression/apparmor/prologue.inc > index bcbe7ea..f6707ab 100755 > --- a/tests/regression/apparmor/prologue.inc > +++ b/tests/regression/apparmor/prologue.inc > @@ -22,7 +22,7 @@ > # For this file, functions are first, entry point code is at end, see "MAIN" > > #use $() to retreive the failure message or "true" if success > -have_features() > +kernel_features() > { > if [ ! -e "/sys/kernel/security/apparmor/features/" ] ; then > echo "Kernel feature masks not supported." > @@ -40,9 +40,9 @@ have_features() > return 0; > } > > -requires_features() > +requires_kernel_features() > { > - local res=$(have_features $@) > + local res=$(kernel_features $@) > if [ "$res" != "true" ] ; then > echo "$res. Skipping tests ..." > exit 0 > diff --git a/tests/regression/apparmor/ptrace.sh > b/tests/regression/apparmor/ptrace.sh > index 17771d0..c336347 100755 > --- a/tests/regression/apparmor/ptrace.sh > +++ b/tests/regression/apparmor/ptrace.sh > @@ -52,7 +52,7 @@ runchecktest "test 2 -h prog" pass -h -n 100 $helper > /bin/true > runchecktest "test 2 -hc prog" pass -h -c -n 100 $helper /bin/true > > > -if [ "$(have_features ptrace)" == "true" -a "$(parser_supports 'ptrace,')" > == "true" ] ; then > +if [ "$(kernel_features ptrace)" == "true" -a "$(parser_supports 'ptrace,')" > == "true" ] ; then > . $bin/ptrace_v6.inc > else > . $bin/ptrace_v5.inc > diff --git a/tests/regression/apparmor/socketpair.sh > b/tests/regression/apparmor/socketpair.sh > index 4e56707..423a51d 100755 > --- a/tests/regression/apparmor/socketpair.sh > +++ b/tests/regression/apparmor/socketpair.sh > @@ -34,7 +34,7 @@ af_unix_create="" > af_unix_create_label="" > af_unix_inherit="" > > -if [ "$(have_features network/af_unix)" == "true" -a "$(parser_supports > 'unix,')" == "true" ]; then > +if [ "$(kernel_features network/af_unix)" == "true" -a "$(parser_supports > 'unix,')" == "true" ]; then > # AppArmor requires that the process inheriting the sock file > # descriptors have send,receive perms in its profile > af_unix_create="unix:(create,getopt)" > diff --git a/tests/regression/apparmor/tcp.sh > b/tests/regression/apparmor/tcp.sh > index 73eff1b..076ca00 100755 > --- a/tests/regression/apparmor/tcp.sh > +++ b/tests/regression/apparmor/tcp.sh > @@ -15,7 +15,7 @@ pwd=`cd $pwd ; /bin/pwd` > bin=$pwd > > . $bin/prologue.inc > -requires_features network > +requires_kernel_features network > > port=34567 > ip="127.0.0.1" > diff --git a/tests/regression/apparmor/unix_fd_server.sh > b/tests/regression/apparmor/unix_fd_server.sh > index fc2b947..0bba807 100755 > --- a/tests/regression/apparmor/unix_fd_server.sh > +++ b/tests/regression/apparmor/unix_fd_server.sh > @@ -27,7 +27,7 @@ okperm=rw > badperm=w > af_unix="" > > -if [ "$(have_features network/af_unix)" == "true" -a "$(parser_supports > 'unix,')" == "true" ]; then > +if [ "$(kernel_features network/af_unix)" == "true" -a "$(parser_supports > 'unix,')" == "true" ]; then > af_unix="unix:create" > fi > > @@ -137,7 +137,7 @@ runchecktest "fd passing; confined -> confined (no perm)" > fail $file $socket $fd > sleep 1 > rm -f ${socket} > > -if [ "$(have_features policy/versions/v6)" == "true" -a "$(parser_supports > 'unix,')" == "true" ] ; then > +if [ "$(kernel_features policy/versions/v6)" == "true" -a "$(parser_supports > 'unix,')" == "true" ] ; then > # FAIL - confined client, no access to the socket file > > genprofile $file:$okperm $af_unix $socket:rw $fd_client:px -- > image=$fd_client $file:$okperm $af_unix > diff --git a/tests/regression/apparmor/unix_socket_abstract.sh > b/tests/regression/apparmor/unix_socket_abstract.sh > index 6a949c1..21c35e2 100644 > --- a/tests/regression/apparmor/unix_socket_abstract.sh > +++ b/tests/regression/apparmor/unix_socket_abstract.sh > @@ -28,8 +28,8 @@ bin=$pwd > > . $bin/prologue.inc > . $bin/unix_socket.inc > -requires_features policy/versions/v7 > -requires_features network/af_unix > +requires_kernel_features policy/versions/v7 > +requires_kernel_features network/af_unix > requires_parser_support "unix," > > settest unix_socket > diff --git a/tests/regression/apparmor/unix_socket_pathname.sh > b/tests/regression/apparmor/unix_socket_pathname.sh > index be3631d..c14ac9c 100755 > --- a/tests/regression/apparmor/unix_socket_pathname.sh > +++ b/tests/regression/apparmor/unix_socket_pathname.sh > @@ -27,7 +27,7 @@ pwd=`cd $pwd ; /bin/pwd` > bin=$pwd > > . $bin/prologue.inc > -requires_features policy/versions/v6 > +requires_kernel_features policy/versions/v6 > > settest unix_socket > > @@ -41,7 +41,7 @@ > message=4a0c83d87aaa7afa2baab5df3ee4df630f0046d5bfb7a3080c550b721f401b3b\ > okserver=w > badserver1=r > badserver2= > -if [ "$(have_features policy/versions/v7)" == "true" ] ; then > +if [ "$(kernel_features policy/versions/v7)" == "true" ] ; then > okserver=rw > badserver2=w > fi > @@ -52,7 +52,7 @@ fi > # af_unix support requires 'unix getattr' to call getsockname() > af_unix_okserver= > af_unix_okclient= > -if [ "$(have_features network/af_unix)" == "true" -a "$(parser_supports > 'unix,')" == "true" ] ; then > +if [ "$(kernel_features network/af_unix)" == "true" -a "$(parser_supports > 'unix,')" == "true" ] ; then > af_unix_okserver="create,setopt" > af_unix_okclient="create,getopt,setopt,getattr" > fi > diff --git a/tests/regression/apparmor/unix_socket_unnamed.sh > b/tests/regression/apparmor/unix_socket_unnamed.sh > index b834888..66bea0a 100644 > --- a/tests/regression/apparmor/unix_socket_unnamed.sh > +++ b/tests/regression/apparmor/unix_socket_unnamed.sh > @@ -28,8 +28,8 @@ bin=$pwd > > . $bin/prologue.inc > . $bin/unix_socket.inc > -requires_features policy/versions/v7 > -requires_features network/af_unix > +requires_kernel_features policy/versions/v7 > +requires_kernel_features network/af_unix > requires_parser_support "unix," > > settest unix_socket > -- > 2.1.4 > > > -- > AppArmor mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
