Open roddhjav opened 2 days ago
I have the following draft: https://gist.github.com/nobody43/7a21f518dbebdd48a3c2e7af7934a63b Is it needed? Tested on Ubuntu 24.04.
Q: Why python?
A: libapparmor
could be utilized
Q: Why reimplement?
A: libapparmor
is too tightly coupled with actually loading the profiles
Q: Is it on par with apparmor_parser
?
A: No, even libapparmor
does not claim 1:1 compatibility
Q: What's implemented?
A: grep reason profile_tests.py
Q: What's not implemented? A: Mutually exclusive abstractions, dangerous file access, missing owner, tunables expansion, file rules to abstraction comparison, etc
Q: Is it reliable? A: Not tested thoroughly yet
This issue aims to present and discuss the various tests applied to the profiles as well as their current stage of deployment.
Current Status
[x] Build:
make
@{exec_path}
) is defined.[x] Checks:
make check
Check basic style of profiles:[ ] Integration Tests:
make bats
Integration tests for core cli profiles.go run ./tests/cmd -b
to generate them. They are basic, but they serve as a good starting point.Plan
For more complex software suite, more integration tests need to be done. The plan is to run existing integration suite from these very software in an environment with apparmor.d profiles.
[ ] Systemd
[ ] Gnome