jeans/supervisor
jeans/supervisor
1
0
Fork 0
mirror of https://github.com/home-assistant/supervisor.git synced 2025-04-29 23:57:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
remove-password-requirements
supervisor/tests/utils/test_apparmor.py
Mike Degatano 0f79ba5a3d
AppArmor tests and fix profile name in flag ()
2023-01-20 23:19:33 +01:00

72 lines
2.1 KiB
Python
Raw Permalink Blame History

"""Tests for apparmor utility."""
from pathlib import Path
import pytest
from supervisor.exceptions import AppArmorInvalidError
from supervisor.utils.apparmor import adjust_profile, validate_profile
from tests.common import get_fixture_path
TEST_PROFILE = """
#include <tunables/global>
profile test flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
# Capabilities
file,
signal (send) set=(kill,term,int,hup,cont),
# Start new profile for service
/usr/bin/my_program cx -> my_program,
profile my_program flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
}
}
""".strip()
async def test_valid_apparmor_file():
"""Test a valid apparmor file."""
assert validate_profile("example", get_fixture_path("apparmor_valid.txt"))
async def test_apparmor_missing_profile(caplog: pytest.LogCaptureFixture):
"""Test apparmor file missing profile."""
with pytest.raises(AppArmorInvalidError):
validate_profile("example", get_fixture_path("apparmor_no_profile.txt"))
assert (
"Missing AppArmor profile inside file: apparmor_no_profile.txt" in caplog.text
)
async def test_apparmor_multiple_profiles(caplog: pytest.LogCaptureFixture):
"""Test apparmor file with too many profiles."""
with pytest.raises(AppArmorInvalidError):
validate_profile("example", get_fixture_path("apparmor_multiple_profiles.txt"))
assert (
"Too many AppArmor profiles inside file: apparmor_multiple_profiles.txt"
in caplog.text
)
async def test_apparmor_profile_adjust(tmp_path: Path):
"""Test apparmor profile adjust."""
profile_out = tmp_path / "apparmor_out.txt"
adjust_profile("test", get_fixture_path("apparmor_valid.txt"), profile_out)
assert profile_out.read_text(encoding="utf-8") == TEST_PROFILE
async def test_apparmor_profile_adjust_mediate(tmp_path: Path):
"""Test apparmor profile adjust when name matches a flag."""
profile_out = tmp_path / "apparmor_out.txt"
adjust_profile("test", get_fixture_path("apparmor_valid_mediate.txt"), profile_out)
assert profile_out.read_text(encoding="utf-8") == TEST_PROFILE
Reference in New Issue View Git Blame Copy Permalink