def test_audit(self):
# Set test profile to audit mode and check if it was correctly set
str(subprocess.check_output('%s ./../aa-audit --no-reload -d %s %s' % (python_interpreter, self.profile_dir, self.test_path), shell=True))
self.assertEqual(apparmor.get_profile_flags(self.local_profilename, self.test_path), 'audit',
'Audit flag could not be set in profile %s' % self.local_profilename)
# Remove audit mode from test profile and check if it was correctly removed
subprocess.check_output('%s ./../aa-audit --no-reload -d %s -r %s' % (python_interpreter, self.profile_dir, self.test_path), shell=True)
self.assertEqual(apparmor.get_profile_flags(self.local_profilename, self.test_path), None,
'Audit flag could not be removed in profile %s' % self.local_profilename)
def test_audit(self):
# Set test profile to audit mode and check if it was correctly set
str(subprocess.check_output('%s ./../aa-audit --no-reload -d %s %s' % (python_interpreter, self.profile_dir, self.test_path), shell=True))
self.assertEqual(apparmor.get_profile_flags(self.local_profilename, self.test_path), 'audit',
'Audit flag could not be set in profile %s' % self.local_profilename)
# Remove audit mode from test profile and check if it was correctly removed
subprocess.check_output('%s ./../aa-audit --no-reload -d %s -r %s' % (python_interpreter, self.profile_dir, self.test_path), shell=True)
self.assertEqual(apparmor.get_profile_flags(self.local_profilename, self.test_path), None,
'Audit flag could not be removed in profile %s' % self.local_profilename)
def test_complain(self):
# Set test profile to complain mode and check if it was correctly set
subprocess.check_output('%s ./../aa-complain --no-reload -d %s %s' % (python_interpreter, self.profile_dir, self.test_path), shell=True)
# "manually" create a force-complain symlink (will be deleted by aa-enforce later)
force_complain_dir = '%s/force-complain' % self.profile_dir
if not os.path.isdir(force_complain_dir):
os.mkdir(force_complain_dir)
os.symlink(self.local_profilename, '%s/%s' % (force_complain_dir, os.path.basename(self.local_profilename)))
self.assertEqual(os.path.islink('%s/%s' % (force_complain_dir, os.path.basename(self.local_profilename))), True,
'Failed to create a symlink for %s in force-complain' % self.local_profilename)
self.assertEqual(apparmor.get_profile_flags(self.local_profilename, self.test_path), 'complain',
'Complain flag could not be set in profile %s'%self.local_profilename)
# Set test profile to enforce mode and check if it was correctly set
subprocess.check_output('%s ./../aa-enforce --no-reload -d %s %s'%(python_interpreter, self.profile_dir, self.test_path), shell=True)
self.assertEqual(os.path.islink('%s/%s' % (force_complain_dir, os.path.basename(self.local_profilename))), False,
'Failed to remove symlink for %s from force-complain'%self.local_profilename)
self.assertEqual(os.path.islink('%s/disable/%s' % (self.profile_dir, os.path.basename(self.local_profilename))), False,
'Failed to remove symlink for %s from disable'%self.local_profilename)
self.assertEqual(apparmor.get_profile_flags(self.local_profilename, self.test_path), None,
'Complain flag could not be removed in profile %s'%self.local_profilename)
# Set audit flag and then complain flag in a profile
subprocess.check_output('%s ./../aa-audit --no-reload -d %s %s'%(python_interpreter, self.profile_dir, self.test_path), shell=True)
subprocess.check_output('%s ./../aa-complain --no-reload -d %s %s'%(python_interpreter, self.profile_dir, self.test_path), shell=True)
# "manually" create a force-complain symlink (will be deleted by aa-enforce later)
os.symlink(self.local_profilename, '%s/%s'% (force_complain_dir, os.path.basename(self.local_profilename)))
self.assertEqual(os.path.islink('%s/%s' % (force_complain_dir, os.path.basename(self.local_profilename))), True,
'Failed to create a symlink for %s in force-complain'%self.local_profilename)
self.assertEqual(apparmor.get_profile_flags(self.local_profilename, self.test_path), 'audit,complain',
'Complain flag could not be set in profile %s'%self.local_profilename)
#Remove complain flag first i.e. set to enforce mode
subprocess.check_output('%s ./../aa-enforce --no-reload -d %s %s'%(python_interpreter, self.profile_dir, self.test_path), shell=True)
self.assertEqual(os.path.islink('%s/%s' % (force_complain_dir, os.path.basename(self.local_profilename))), False,
'Failed to remove symlink for %s from force-complain'%self.local_profilename)
self.assertEqual(os.path.islink('%s/disable/%s' % (self.profile_dir, os.path.basename(self.local_profilename))), False,
'Failed to remove symlink for %s from disable'%self.local_profilename)
self.assertEqual(apparmor.get_profile_flags(self.local_profilename, self.test_path), 'audit',
'Complain flag could not be removed in profile %s'%self.local_profilename)
#Remove audit flag
subprocess.check_output('%s ./../aa-audit --no-reload -d %s -r %s'%(python_interpreter, self.profile_dir, self.test_path), shell=True)
def test_complain(self):
# Set test profile to complain mode and check if it was correctly set
subprocess.check_output('%s ./../aa-complain --no-reload -d %s %s' % (python_interpreter, self.profile_dir, self.test_path), shell=True)
# "manually" create a force-complain symlink (will be deleted by aa-enforce later)
force_complain_dir = '%s/force-complain' % self.profile_dir
if not os.path.isdir(force_complain_dir):
os.mkdir(force_complain_dir)
os.symlink(self.local_profilename, '%s/%s' % (force_complain_dir, os.path.basename(self.local_profilename)))
self.assertEqual(os.path.islink('%s/%s' % (force_complain_dir, os.path.basename(self.local_profilename))), True,
'Failed to create a symlink for %s in force-complain' % self.local_profilename)
self.assertEqual(apparmor.get_profile_flags(self.local_profilename, self.test_path), 'complain',
'Complain flag could not be set in profile %s'%self.local_profilename)
# Set test profile to enforce mode and check if it was correctly set
subprocess.check_output('%s ./../aa-enforce --no-reload -d %s %s'%(python_interpreter, self.profile_dir, self.test_path), shell=True)
self.assertEqual(os.path.islink('%s/%s' % (force_complain_dir, os.path.basename(self.local_profilename))), False,
'Failed to remove symlink for %s from force-complain'%self.local_profilename)
self.assertEqual(os.path.islink('%s/disable/%s' % (self.profile_dir, os.path.basename(self.local_profilename))), False,
'Failed to remove symlink for %s from disable'%self.local_profilename)
self.assertEqual(apparmor.get_profile_flags(self.local_profilename, self.test_path), None,
'Complain flag could not be removed in profile %s'%self.local_profilename)
# Set audit flag and then complain flag in a profile
subprocess.check_output('%s ./../aa-audit --no-reload -d %s %s'%(python_interpreter, self.profile_dir, self.test_path), shell=True)
subprocess.check_output('%s ./../aa-complain --no-reload -d %s %s'%(python_interpreter, self.profile_dir, self.test_path), shell=True)
# "manually" create a force-complain symlink (will be deleted by aa-enforce later)
os.symlink(self.local_profilename, '%s/%s'% (force_complain_dir, os.path.basename(self.local_profilename)))
self.assertEqual(os.path.islink('%s/%s' % (force_complain_dir, os.path.basename(self.local_profilename))), True,
'Failed to create a symlink for %s in force-complain'%self.local_profilename)
self.assertEqual(apparmor.get_profile_flags(self.local_profilename, self.test_path), 'audit,complain',
'Complain flag could not be set in profile %s'%self.local_profilename)
#Remove complain flag first i.e. set to enforce mode
subprocess.check_output('%s ./../aa-enforce --no-reload -d %s %s'%(python_interpreter, self.profile_dir, self.test_path), shell=True)
self.assertEqual(os.path.islink('%s/%s' % (force_complain_dir, os.path.basename(self.local_profilename))), False,
'Failed to remove symlink for %s from force-complain'%self.local_profilename)
self.assertEqual(os.path.islink('%s/disable/%s' % (self.profile_dir, os.path.basename(self.local_profilename))), False,
'Failed to remove symlink for %s from disable'%self.local_profilename)
self.assertEqual(apparmor.get_profile_flags(self.local_profilename, self.test_path), 'audit',
'Complain flag could not be removed in profile %s'%self.local_profilename)
#Remove audit flag
subprocess.check_output('%s ./../aa-audit --no-reload -d %s -r %s'%(python_interpreter, self.profile_dir, self.test_path), shell=True)
def test_enforce(self):
# Set test profile to enforce mode and check if it was correctly set
subprocess.check_output('%s ./../aa-enforce --no-reload -d %s %s'%(python_interpreter, self.profile_dir, self.test_path), shell=True)
self.assertEqual(os.path.islink('%s/force-complain/%s' % (self.profile_dir, os.path.basename(self.local_profilename))), False,
'Failed to remove symlink for %s from force-complain'%self.local_profilename)
self.assertEqual(os.path.islink('%s/disable/%s' % (self.profile_dir, os.path.basename(self.local_profilename))), False,
'Failed to remove symlink for %s from disable'%self.local_profilename)
self.assertEqual(apparmor.get_profile_flags(self.local_profilename, self.test_path), None,
'Complain flag could not be removed in profile %s'%self.local_profilename)
def test_enforce(self):
# Set test profile to enforce mode and check if it was correctly set
subprocess.check_output('%s ./../aa-enforce --no-reload -d %s %s'%(python_interpreter, self.profile_dir, self.test_path), shell=True)
self.assertEqual(os.path.islink('%s/force-complain/%s' % (self.profile_dir, os.path.basename(self.local_profilename))), False,
'Failed to remove symlink for %s from force-complain'%self.local_profilename)
self.assertEqual(os.path.islink('%s/disable/%s' % (self.profile_dir, os.path.basename(self.local_profilename))), False,
'Failed to remove symlink for %s from disable'%self.local_profilename)
self.assertEqual(apparmor.get_profile_flags(self.local_profilename, self.test_path), None,
'Complain flag could not be removed in profile %s'%self.local_profilename)
def _test_get_flags(self, profile_header, expected_flags):
file = write_file(self.tmpdir, 'profile', '%s {\n}\n' % profile_header)
flags = get_profile_flags(file, '/foo')
self.assertEqual(flags, expected_flags)
def _test_get_flags(self, profile_header, expected_flags):
file = write_file(self.tmpdir, 'profile', '%s {\n}\n' % profile_header)
flags = get_profile_flags(file, '/foo')
self.assertEqual(flags, expected_flags)