[pkg-apparmor] [PATCH 3/6] Test that apparmor is able to parse the profiles.
Felix Geyer
fgeyer at debian.org
Sat Aug 30 19:24:49 UTC 2014
On 30.08.2014 20:47, intrigeri wrote:
> Felix Geyer wrote (29 Aug 2014 21:19:22 GMT) :
>> +override_dh_auto_test:
>> + mkdir -p tests/local
>> + set -ex && for profile in $(PROFILES); do \
>> + touch tests/local/`basename $$profile`; \
>> + apparmor_parser -aKQ -I profiles -I tests $$profile; \
>> + done
>
> I'm curious whether this works on a system that hasn't AppArmor
> enabled. Does it?
Yes, it only parses the profiles but doesn't load them into the kernel.
It prints some warnings when /sys/kernel/security/apparmor doesn't exist
as it can't query the kernel AppArmor features.
That doesn't affect the tests though except some noise in the log.
> In any case, I'd rather see long option names instead of short ones.
> I certainly can change this after merging, but I wouldn't mind an
> additional commit on top of this patch series.
I'll add another commit.
The options are --add --skip-cache --skip-kernel-load
Cheers,
Felix
More information about the pkg-apparmor-team
mailing list