aboutsummaryrefslogtreecommitdiffstats
path: root/testing/apparmor
diff options
context:
space:
mode:
Diffstat (limited to 'testing/apparmor')
-rw-r--r--testing/apparmor/0001-Fix-linking-against-gettext-on-musl-libc.patch40
-rw-r--r--testing/apparmor/0002-utils-remove-vim-from-the-default-build.patch46
-rw-r--r--testing/apparmor/0003-parser-remove-specific-tests-for-rttime.patch73
-rw-r--r--testing/apparmor/0004-parser-remove-specific-tests-for-ofile.patch28
-rw-r--r--testing/apparmor/0005-utils-adjust-tests-to-match-the-Alpine-layout.patch38
-rw-r--r--testing/apparmor/0006-utils-adjust-rc-functions-for-aa-remove-unknown.patch28
-rw-r--r--testing/apparmor/0007-Remove-Locale-gettext-from-parser-tests.patch39
-rw-r--r--testing/apparmor/0008-Fix-profile-loading-in-busybox.patch27
-rw-r--r--testing/apparmor/0009-ensure-make-apparmor_parser-is-cached.patch135
-rw-r--r--testing/apparmor/0010-Revert-utils-test-network.py-fix-failing-testcase.patch26
-rw-r--r--testing/apparmor/0011-Generate-CAPABILITIES-in-a-script-due-to-make-4.3.patch104
-rw-r--r--testing/apparmor/APKBUILD234
-rw-r--r--testing/apparmor/apparmor.initd91
13 files changed, 0 insertions, 909 deletions
diff --git a/testing/apparmor/0001-Fix-linking-against-gettext-on-musl-libc.patch b/testing/apparmor/0001-Fix-linking-against-gettext-on-musl-libc.patch
deleted file mode 100644
index 4180cf65817..00000000000
--- a/testing/apparmor/0001-Fix-linking-against-gettext-on-musl-libc.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 183849ec988c7326bcb9bf729d087e262d121b67 Mon Sep 17 00:00:00 2001
-From: allgdante <allan.garret@gmail.com>
-Date: Wed, 4 Jul 2018 16:57:19 +0200
-Subject: [PATCH 1/7] Fix linking against gettext on musl libc
-
-Both parser and binutils must be linked against gettext
----
- binutils/Makefile | 2 +-
- parser/Makefile | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/binutils/Makefile b/binutils/Makefile
-index 7fb71813..52e55f70 100644
---- a/binutils/Makefile
-+++ b/binutils/Makefile
-@@ -52,7 +52,7 @@ SRCS = aa_enabled.c
- HDRS =
- TOOLS = aa-enabled aa-exec
-
--AALIB = -Wl,-Bstatic -lapparmor -Wl,-Bdynamic -lpthread
-+AALIB = -Wl,-Bstatic -lapparmor -Wl,-Bdynamic -lpthread -lintl
-
- ifdef USE_SYSTEM
- # Using the system libapparmor so Makefile dependencies can't be used
-diff --git a/parser/Makefile b/parser/Makefile
-index 5d799f6a..000540a3 100644
---- a/parser/Makefile
-+++ b/parser/Makefile
-@@ -90,7 +90,7 @@ AAREDIR= libapparmor_re
- AAREOBJECT = ${AAREDIR}/libapparmor_re.a
- AAREOBJECTS = $(AAREOBJECT)
- AARE_LDFLAGS = -static-libgcc -static-libstdc++ -L. $(LDFLAGS)
--AALIB = -Wl,-Bstatic -lapparmor -Wl,-Bdynamic -lpthread
-+AALIB = -Wl,-Bstatic -lapparmor -Wl,-Bdynamic -lpthread -lintl
-
- ifdef USE_SYSTEM
- # Using the system libapparmor so Makefile dependencies can't be used
---
-2.20.1
-
diff --git a/testing/apparmor/0002-utils-remove-vim-from-the-default-build.patch b/testing/apparmor/0002-utils-remove-vim-from-the-default-build.patch
deleted file mode 100644
index f3fa0bbc61b..00000000000
--- a/testing/apparmor/0002-utils-remove-vim-from-the-default-build.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 24aca47716b70c1d0e3b58a1fbd8e312fec70e07 Mon Sep 17 00:00:00 2001
-From: allgdante <allan.garret@gmail.com>
-Date: Wed, 4 Jul 2018 17:02:34 +0200
-Subject: [PATCH 2/7] utils: remove vim from the default build
-
-We will build the vim utils as a separate target
----
- utils/Makefile | 4 ----
- 1 file changed, 4 deletions(-)
-
-diff --git a/utils/Makefile b/utils/Makefile
-index 68f8c376..01604796 100644
---- a/utils/Makefile
-+++ b/utils/Makefile
-@@ -32,7 +32,6 @@ MANPAGES = ${TOOLS:=.8} logprof.conf.5
-
- all: docs
- $(MAKE) -C po all
-- $(MAKE) -C vim all
-
- .PHONY: docs
- docs: ${MANPAGES} ${HTMLMANPAGES}
-@@ -58,7 +57,6 @@ install: ${MANPAGES} ${HTMLMANPAGES}
- install -m 755 $(filter-out aa-easyprof, ${TOOLS}) ${BINDIR}
- $(MAKE) -C po install DESTDIR=${DESTDIR} NAME=${NAME}
- $(MAKE) install_manpages DESTDIR=${DESTDIR}
-- $(MAKE) -C vim install DESTDIR=${DESTDIR}
- ln -sf aa-status.8 ${DESTDIR}/${MANDIR}/man8/apparmor_status.8
- ${PYTHON} ${PYSETUP} install --prefix=${PYPREFIX} --root=${DESTDIR} --version=${VERSION}
-
-@@ -69,7 +67,6 @@ endif
- clean: pod_clean
- rm -f core core.* *.o *.s *.a *~
- $(MAKE) -C po clean
-- $(MAKE) -C vim clean
- $(MAKE) -C test clean
- rm -rf staging/ build/
- rm -f apparmor/*.pyc apparmor/rule/*.pyc
-@@ -100,4 +97,3 @@ check: check_severity_db check_pod_files
- $(PYFLAKES) $$i || exit 1; \
- done
- $(MAKE) -C test check
-- $(MAKE) -C vim check
---
-2.20.1
-
diff --git a/testing/apparmor/0003-parser-remove-specific-tests-for-rttime.patch b/testing/apparmor/0003-parser-remove-specific-tests-for-rttime.patch
deleted file mode 100644
index fe5ac45d4b9..00000000000
--- a/testing/apparmor/0003-parser-remove-specific-tests-for-rttime.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From 3e78593208264935ed2589d784cbcb69f750c274 Mon Sep 17 00:00:00 2001
-From: allgdante <allan.garret@gmail.com>
-Date: Wed, 4 Jul 2018 17:05:10 +0200
-Subject: [PATCH 3/7] parser: remove specific tests for rttime
-
-musl libc doesn't implement this feature, so the tests fail.
-We must find a way to skip those tests instead of removing them
----
- parser/tst/equality.sh | 18 +++++++++---------
- .../tst/simple_tests/rlimits/ok_rlimit_13.sd | 7 -------
- .../tst/simple_tests/rlimits/ok_rlimit_18.sd | 7 -------
- 3 files changed, 9 insertions(+), 23 deletions(-)
- delete mode 100644 parser/tst/simple_tests/rlimits/ok_rlimit_13.sd
- delete mode 100644 parser/tst/simple_tests/rlimits/ok_rlimit_18.sd
-
-diff --git a/parser/tst/equality.sh b/parser/tst/equality.sh
-index 029eec46..3b2f0f9f 100755
---- a/parser/tst/equality.sh
-+++ b/parser/tst/equality.sh
-@@ -525,15 +525,15 @@ verify_binary_equality "@{profile_name} is literal in peer with esc alt sequence
-
-
- # verify rlimit data conversions
--verify_binary_equality "set rlimit rttime <= 12 weeks" \
-- "/t { set rlimit rttime <= 12 weeks, }" \
-- "/t { set rlimit rttime <= $((12 * 7)) days, }" \
-- "/t { set rlimit rttime <= $((12 * 7 * 24)) hours, }" \
-- "/t { set rlimit rttime <= $((12 * 7 * 24 * 60)) minutes, }" \
-- "/t { set rlimit rttime <= $((12 * 7 * 24 * 60 * 60)) seconds, }" \
-- "/t { set rlimit rttime <= $((12 * 7 * 24 * 60 * 60 * 1000)) ms, }" \
-- "/t { set rlimit rttime <= $((12 * 7 * 24 * 60 * 60 * 1000 * 1000)) us, }" \
-- "/t { set rlimit rttime <= $((12 * 7 * 24 * 60 * 60 * 1000 * 1000)), }"
-+#verify_binary_equality "set rlimit rttime <= 12 weeks" \
-+# "/t { set rlimit rttime <= 12 weeks, }" \
-+# "/t { set rlimit rttime <= $((12 * 7)) days, }" \
-+# "/t { set rlimit rttime <= $((12 * 7 * 24)) hours, }" \
-+# "/t { set rlimit rttime <= $((12 * 7 * 24 * 60)) minutes, }" \
-+# "/t { set rlimit rttime <= $((12 * 7 * 24 * 60 * 60)) seconds, }" \
-+# "/t { set rlimit rttime <= $((12 * 7 * 24 * 60 * 60 * 1000)) ms, }" \
-+# "/t { set rlimit rttime <= $((12 * 7 * 24 * 60 * 60 * 1000 * 1000)) us, }" \
-+# "/t { set rlimit rttime <= $((12 * 7 * 24 * 60 * 60 * 1000 * 1000)), }"
-
- verify_binary_equality "set rlimit cpu <= 42 weeks" \
- "/t { set rlimit cpu <= 42 weeks, }" \
-diff --git a/parser/tst/simple_tests/rlimits/ok_rlimit_13.sd b/parser/tst/simple_tests/rlimits/ok_rlimit_13.sd
-deleted file mode 100644
-index 50b9a6f3..00000000
---- a/parser/tst/simple_tests/rlimits/ok_rlimit_13.sd
-+++ /dev/null
-@@ -1,7 +0,0 @@
--#
--#=DESCRIPTION simple rttime rlimit allows default units
--#=EXRESULT PASS
--
--profile rlimit {
-- set rlimit rttime <= 12,
--}
-diff --git a/parser/tst/simple_tests/rlimits/ok_rlimit_18.sd b/parser/tst/simple_tests/rlimits/ok_rlimit_18.sd
-deleted file mode 100644
-index f2747f10..00000000
---- a/parser/tst/simple_tests/rlimits/ok_rlimit_18.sd
-+++ /dev/null
-@@ -1,7 +0,0 @@
--#
--#=DESCRIPTION simple realtime time rlimit test
--#=EXRESULT PASS
--
--profile rlimit {
-- set rlimit rttime <= 60minutes,
--}
---
-2.20.1
-
diff --git a/testing/apparmor/0004-parser-remove-specific-tests-for-ofile.patch b/testing/apparmor/0004-parser-remove-specific-tests-for-ofile.patch
deleted file mode 100644
index 2847bc1df2a..00000000000
--- a/testing/apparmor/0004-parser-remove-specific-tests-for-ofile.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 7227f8c49cf74ff470248cdb946dd27872854979 Mon Sep 17 00:00:00 2001
-From: allgdante <allan.garret@gmail.com>
-Date: Wed, 4 Jul 2018 17:08:11 +0200
-Subject: [PATCH 4/7] parser: remove specific tests for ofile
-
-musl libc doesn't implement this feature, so the test fail.
-We must find a way to skip this test instead of removing it
----
- parser/tst/simple_tests/rlimits/ok_rlimit_09.sd | 7 -------
- 1 file changed, 7 deletions(-)
- delete mode 100644 parser/tst/simple_tests/rlimits/ok_rlimit_09.sd
-
-diff --git a/parser/tst/simple_tests/rlimits/ok_rlimit_09.sd b/parser/tst/simple_tests/rlimits/ok_rlimit_09.sd
-deleted file mode 100644
-index 6510ae72..00000000
---- a/parser/tst/simple_tests/rlimits/ok_rlimit_09.sd
-+++ /dev/null
-@@ -1,7 +0,0 @@
--#
--#=DESCRIPTION simple max open file (same as nofile) rlimit test
--#=EXRESULT PASS
--
--profile rlimit {
-- set rlimit ofile <= 1234,
--}
---
-2.20.1
-
diff --git a/testing/apparmor/0005-utils-adjust-tests-to-match-the-Alpine-layout.patch b/testing/apparmor/0005-utils-adjust-tests-to-match-the-Alpine-layout.patch
deleted file mode 100644
index bb904946261..00000000000
--- a/testing/apparmor/0005-utils-adjust-tests-to-match-the-Alpine-layout.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 1951d7c3535d46edbfe16b8a1b8d2176d96d4235 Mon Sep 17 00:00:00 2001
-From: allgdante <allan.garret@gmail.com>
-Date: Mon, 23 Mar 2020 16:12:36 +0000
-Subject: [PATCH 07/12] utils: adjust tests to match the Alpine layout
-
-Here we need to adjust several utilities path with the ones used by
-Alpine
----
- utils/test/test-aa.py | 10 ++++------
- 1 file changed, 4 insertions(+), 6 deletions(-)
-
-diff --git a/utils/test/test-aa.py b/utils/test/test-aa.py
-index b5221737..9d1d3ecc 100644
---- a/utils/test/test-aa.py
-+++ b/utils/test/test-aa.py
-@@ -157,15 +157,13 @@ class AaTest_get_interpreter_and_abstraction(AATest):
- tests = [
- ('#!/bin/bash', ('/bin/bash', 'abstractions/bash')),
- ('#!/bin/dash', ('/bin/dash', 'abstractions/bash')),
-- ('#!/bin/sh', ('/bin/sh', 'abstractions/bash')),
-- ('#! /bin/sh ', ('/bin/sh', 'abstractions/bash')),
-- ('#! /bin/sh -x ', ('/bin/sh', 'abstractions/bash')), # '-x' is not part of the interpreter path
-+ ('#!/bin/sh', ('/bin/sh', None)),
-+ ('#! /bin/sh ', ('/bin/sh', None)),
-+ ('#! /bin/sh -x ', ('/bin/sh', None)), # '-x' is not part of the interpreter path
- ('#!/usr/bin/perl', ('/usr/bin/perl', 'abstractions/perl')),
- ('#!/usr/bin/perl -w', ('/usr/bin/perl', 'abstractions/perl')), # '-w' is not part of the interpreter path
-- ('#!/usr/bin/python', ('/usr/bin/python', 'abstractions/python')),
-- ('#!/usr/bin/python2', ('/usr/bin/python2', 'abstractions/python')),
-- ('#!/usr/bin/python2.7', ('/usr/bin/python2.7', 'abstractions/python')),
- ('#!/usr/bin/python3', ('/usr/bin/python3', 'abstractions/python')),
-+ ('#!/usr/bin/python3.8', ('/usr/bin/python3.8', 'abstractions/python')),
- ('#!/usr/bin/python4', ('/usr/bin/python4', None)), # python abstraction is only applied to py2 and py3
- ('#!/usr/bin/ruby', ('/usr/bin/ruby', 'abstractions/ruby')),
- ('#!/usr/bin/ruby2.2', ('/usr/bin/ruby2.2', 'abstractions/ruby')),
---
-2.25.2
-
diff --git a/testing/apparmor/0006-utils-adjust-rc-functions-for-aa-remove-unknown.patch b/testing/apparmor/0006-utils-adjust-rc-functions-for-aa-remove-unknown.patch
deleted file mode 100644
index 14dddeae1e1..00000000000
--- a/testing/apparmor/0006-utils-adjust-rc-functions-for-aa-remove-unknown.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 72a3291fc94210401e5dac3b2fa328b2bb40998d Mon Sep 17 00:00:00 2001
-From: allgdante <allan.garret@gmail.com>
-Date: Thu, 5 Jul 2018 17:32:46 +0200
-Subject: [PATCH 6/7] utils: adjust rc functions for aa-remove-unknown
-
-Update the path to the rc.apparmor.functions file to the one we can find
-inside Alpine.
-No intended functional changes
----
- utils/aa-remove-unknown | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/utils/aa-remove-unknown b/utils/aa-remove-unknown
-index d3bd9144..0b9ead7d 100644
---- a/utils/aa-remove-unknown
-+++ b/utils/aa-remove-unknown
-@@ -15,7 +15,7 @@
- # along with this program. If not, see <http://www.gnu.org/licenses/>.
- # ----------------------------------------------------------------------
-
--APPARMOR_FUNCTIONS=/lib/apparmor/rc.apparmor.functions
-+APPARMOR_FUNCTIONS=/usr/libexec/apparmor/rc.apparmor.functions
- APPARMORFS=/sys/kernel/security/apparmor
- PROFILES="${APPARMORFS}/profiles"
- REMOVE="${APPARMORFS}/.remove"
---
-2.20.1
-
diff --git a/testing/apparmor/0007-Remove-Locale-gettext-from-parser-tests.patch b/testing/apparmor/0007-Remove-Locale-gettext-from-parser-tests.patch
deleted file mode 100644
index bad8cbe195a..00000000000
--- a/testing/apparmor/0007-Remove-Locale-gettext-from-parser-tests.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 05dd326460042c0f82234b7299a0327529c98d4f Mon Sep 17 00:00:00 2001
-From: allgdante <allan.garret@gmail.com>
-Date: Thu, 31 Jan 2019 13:36:34 +0000
-Subject: [PATCH 7/7] Remove Locale::gettext from parser tests
-
-The package for Alpine doesn't exists and it seems that the tests run ok
-without this
----
- parser/tst/gen-dbus.pl | 1 -
- parser/tst/gen-xtrans.pl | 1 -
- 2 files changed, 2 deletions(-)
-
-diff --git a/parser/tst/gen-dbus.pl b/parser/tst/gen-dbus.pl
-index 1fe58108..3fa5d0ce 100755
---- a/parser/tst/gen-dbus.pl
-+++ b/parser/tst/gen-dbus.pl
-@@ -17,7 +17,6 @@
- #
-
- use strict;
--use Locale::gettext;
- use POSIX;
-
- setlocale(LC_MESSAGES, "");
-diff --git a/parser/tst/gen-xtrans.pl b/parser/tst/gen-xtrans.pl
-index 8cf077f4..64219cef 100755
---- a/parser/tst/gen-xtrans.pl
-+++ b/parser/tst/gen-xtrans.pl
-@@ -1,7 +1,6 @@
- #!/usr/bin/perl
-
- use strict;
--use Locale::gettext;
- use POSIX;
-
- setlocale(LC_MESSAGES, "");
---
-2.20.1
-
diff --git a/testing/apparmor/0008-Fix-profile-loading-in-busybox.patch b/testing/apparmor/0008-Fix-profile-loading-in-busybox.patch
deleted file mode 100644
index 37d5f12a812..00000000000
--- a/testing/apparmor/0008-Fix-profile-loading-in-busybox.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 2a6a482eac7c6290d2e4349ff4bae1b9a749497f Mon Sep 17 00:00:00 2001
-From: allgdante <allan.garret@gmail.com>
-Date: Sun, 22 Mar 2020 17:30:20 +0000
-Subject: [PATCH 08/12] Fix profile loading in busybox
-
-Just apply the patch present in
-https://gitlab.com/apparmor/apparmor/-/issues/80
----
- parser/rc.apparmor.functions | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/parser/rc.apparmor.functions b/parser/rc.apparmor.functions
-index 22e8367f..8c1c57c5 100644
---- a/parser/rc.apparmor.functions
-+++ b/parser/rc.apparmor.functions
-@@ -140,7 +140,7 @@ force_complain() {
- local profile=$1
-
- # if profile not in complain mode
-- if ! egrep -q "^/.*[ \t]+flags[ \t]*=[ \t]*\([ \t]*complain[ \t]*\)[ \t]+{" $profile ; then
-+ if ! egrep -q '^/.*[ \t]+flags[ \t]*=[ \t]*\([ \t]*complain[ \t]*\)[ \t]+\{' $profile ; then
- local link="${PROFILE_DIR}/force-complain/`basename ${profile}`"
- if [ -e "$link" ] ; then
- aa_log_warning_msg "found $link, forcing complain mode"
---
-2.25.2
-
diff --git a/testing/apparmor/0009-ensure-make-apparmor_parser-is-cached.patch b/testing/apparmor/0009-ensure-make-apparmor_parser-is-cached.patch
deleted file mode 100644
index cb6a92cf82d..00000000000
--- a/testing/apparmor/0009-ensure-make-apparmor_parser-is-cached.patch
+++ /dev/null
@@ -1,135 +0,0 @@
-From 71bbc6a4ce79802ad037227382817c5998ffbb2e Mon Sep 17 00:00:00 2001
-From: Eric Chiang <ericchiang@google.com>
-Date: Thu, 17 Jan 2019 11:02:57 -0800
-Subject: [PATCH 09/12] *: ensure make apparmor_parser is cached
-
-This change updates parser/Makefile to respect target dependencies and
-not rebuild apparmor_parser if nothing's changed. The goal is to allow
-cross-compiled tests #17 to run on a target system without the tests
-attempting to rebuild the parser.
-
-Two changes were made:
-
-* Generate af_names.h in a script so the script timestamp is compared.
-* Use FORCE instead of PHONY for libapparmor_re/libapparmor_re.a
-
-Changes to list_af_names are intended to exactly replicate the old
-behavior.
-
-Signed-off-by: Eric Chiang <ericchiang@google.com>
----
- common/Make.rules | 21 ---------------------
- common/list_af_names.sh | 19 +++++++++++++++++++
- parser/Makefile | 13 +++++--------
- utils/vim/create-apparmor.vim.py | 2 +-
- 4 files changed, 25 insertions(+), 30 deletions(-)
- create mode 100755 common/list_af_names.sh
-
-diff --git a/common/Make.rules b/common/Make.rules
-index d2149fcd..357bdec8 100644
---- a/common/Make.rules
-+++ b/common/Make.rules
-@@ -87,27 +87,6 @@ CAPABILITIES=$(shell echo "\#include <linux/capability.h>" | cpp -dM | LC_ALL=C
- list_capabilities: /usr/include/linux/capability.h
- @echo "$(CAPABILITIES)"
-
--# =====================
--# generate list of network protocols based on
--# sys/socket.h for use in multiple locations in
--# the source tree
--# =====================
--
--# These are the families that it doesn't make sense for apparmor
--# to mediate. We use PF_ here since that is what is required in
--# bits/socket.h, but we will rewrite these as AF_.
--
--FILTER_FAMILIES=PF_UNIX
--
--__FILTER=$(shell echo $(strip $(FILTER_FAMILIES)) | sed -e 's/ /\\\|/g')
--
--# emits the AF names in a "AF_NAME NUMBER," pattern
--AF_NAMES=$(shell echo "\#include <sys/socket.h>" | cpp -dM | LC_ALL=C sed -n -e '/$(__FILTER)/d' -e 's/PF_LOCAL/PF_UNIX/' -e 's/^\#define[ \t]\+PF_\([A-Z0-9_]\+\)[ \t]\+\([0-9]\+\).*$$/AF_\1 \2,/p' | sort -n -k2)
--
--.PHONY: list_af_names
--list_af_names:
-- @echo "$(AF_NAMES)"
--
- # =====================
- # manpages
- # =====================
-diff --git a/common/list_af_names.sh b/common/list_af_names.sh
-new file mode 100755
-index 00000000..d7987537
---- /dev/null
-+++ b/common/list_af_names.sh
-@@ -0,0 +1,19 @@
-+#!/bin/bash -e
-+
-+# =====================
-+# generate list of network protocols based on
-+# sys/socket.h for use in multiple locations in
-+# the source tree
-+# =====================
-+
-+# It doesn't make sence for AppArmor to mediate PF_UNIX, filter it out. Search
-+# for "PF_" constants since that is what is required in bits/socket.h, but
-+# rewrite as "AF_".
-+
-+echo "#include <sys/socket.h>" | \
-+ cpp -dM | \
-+ LC_ALL=C sed -n \
-+ -e '/PF_UNIX/d' \
-+ -e 's/PF_LOCAL/PF_UNIX/' \
-+ -e 's/^#define[ \t]\+PF_\([A-Z0-9_]\+\)[ \t]\+\([0-9]\+\).*$/AF_\1 \2,/p' | \
-+ sort -n -k2
-diff --git a/parser/Makefile b/parser/Makefile
-index c1ca4b45..aa5ab730 100644
---- a/parser/Makefile
-+++ b/parser/Makefile
-@@ -281,10 +281,9 @@ parser_version.h: Makefile
- # as well as the filtering that occurs for network protocols that
- # apparmor should not mediate.
-
--.PHONY: af_names.h
--af_names.h:
-- echo "$(AF_NAMES)" | LC_ALL=C sed -n -e 's/[ \t]\?AF_MAX[ \t]\+[0-9]\+,//g' -e 's/[ \t]\+\?AF_\([A-Z0-9_]\+\)[ \t]\+\([0-9]\+\),/#ifndef AF_\1\n# define AF_\1 \2\n#endif\nAA_GEN_NET_ENT("\L\1", \UAF_\1)\n\n/pg' > $@
-- echo "$(AF_NAMES)" | LC_ALL=C sed -n -e 's/.*,[ \t]\+AF_MAX[ \t]\+\([0-9]\+\),\?.*/#define AA_AF_MAX \1\n/p' >> $@
-+af_names.h: ../common/list_af_names.sh
-+ ../common/list_af_names.sh | LC_ALL=C sed -n -e 's/[ \t]\?AF_MAX[ \t]\+[0-9]\+,//g' -e 's/[ \t]\+\?AF_\([A-Z0-9_]\+\)[ \t]\+\([0-9]\+\),/#ifndef AF_\1\n# define AF_\1 \2\n#endif\nAA_GEN_NET_ENT("\L\1", \UAF_\1)\n/pg' > $@
-+ ../common/list_af_names.sh | LC_ALL=C sed -n -e 's/AF_MAX[ \t]\+\([0-9]\+\),\?.*/\n#define AA_AF_MAX \1\n/p' >> $@
- # cat $@
-
- cap_names.h: /usr/include/linux/capability.h
-@@ -304,10 +303,7 @@ tests: apparmor_parser ${TESTS}
- sh -e -c 'for test in ${TESTS} ; do echo "*** running $${test}" && ./$${test}; done'
- $(Q)$(MAKE) -s -C tst tests
-
--# always need to rebuild.
--.SILENT: $(AAREOBJECT)
--.PHONY: $(AAREOBJECT)
--$(AAREOBJECT):
-+$(AAREOBJECT): FORCE
- $(MAKE) -C $(AAREDIR) CFLAGS="$(EXTRA_CXXFLAGS)"
-
- .PHONY: install-rhel4
-@@ -408,3 +404,4 @@ clean: pod_clean
- $(MAKE) -s -C po clean
- $(MAKE) -s -C tst clean
-
-+FORCE:
-diff --git a/utils/vim/create-apparmor.vim.py b/utils/vim/create-apparmor.vim.py
-index 10bd5b8d..fea134f6 100644
---- a/utils/vim/create-apparmor.vim.py
-+++ b/utils/vim/create-apparmor.vim.py
-@@ -57,7 +57,7 @@ for cap in capabilities:
- benign_caps.append(cap)
-
- # get network protos list
--(rc, output) = cmd(['make', '-s', '--no-print-directory', 'list_af_names'])
-+(rc, output) = cmd(['../../common/list_af_names.sh'])
- if rc != 0:
- sys.stderr.write("make list_af_names failed: " + output)
- exit(rc)
---
-2.25.2
-
diff --git a/testing/apparmor/0010-Revert-utils-test-network.py-fix-failing-testcase.patch b/testing/apparmor/0010-Revert-utils-test-network.py-fix-failing-testcase.patch
deleted file mode 100644
index b3c8a7215c1..00000000000
--- a/testing/apparmor/0010-Revert-utils-test-network.py-fix-failing-testcase.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 03baa934e415e4181bb43e466e09af2ec1f512f0 Mon Sep 17 00:00:00 2001
-From: allgdante <allan.garret@gmail.com>
-Date: Mon, 23 Mar 2020 16:17:59 +0000
-Subject: [PATCH 10/12] Revert "utils/test-network.py: fix failing testcase"
-
-This reverts commit 0c65b9aeb925297b95e249caa57d33221295d5ea.
----
- utils/test/test-network.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/utils/test/test-network.py b/utils/test/test-network.py
-index 8605786d..73a6b9d1 100644
---- a/utils/test/test-network.py
-+++ b/utils/test/test-network.py
-@@ -31,7 +31,7 @@ exp = namedtuple('exp', ['audit', 'allow_keyword', 'deny', 'comment',
-
- class NetworkKeywordsTest(AATest):
- def test_network_keyword_list(self):
-- rc, output = cmd(['make', '-s', '--no-print-directory', 'list_af_names'])
-+ rc, output = cmd('../../common/list_af_names.sh')
- self.assertEqual(rc, 0)
-
- af_names = []
---
-2.25.2
-
diff --git a/testing/apparmor/0011-Generate-CAPABILITIES-in-a-script-due-to-make-4.3.patch b/testing/apparmor/0011-Generate-CAPABILITIES-in-a-script-due-to-make-4.3.patch
deleted file mode 100644
index 14cc0b272b8..00000000000
--- a/testing/apparmor/0011-Generate-CAPABILITIES-in-a-script-due-to-make-4.3.patch
+++ /dev/null
@@ -1,104 +0,0 @@
-From e23c66c45436833046a0f7bdd80ad41fc6ebd050 Mon Sep 17 00:00:00 2001
-From: allgdante <allan.garret@gmail.com>
-Date: Mon, 23 Mar 2020 15:09:15 +0000
-Subject: [PATCH 11/12] Generate CAPABILITIES in a script due to make 4.3
-
-This way we could generate the capabilities in a way that works with
-every version of make.
-Changes to list_capabilities are intended to exactly replicate the old
-behavior.
----
- common/Make.rules | 13 -------------
- common/list_capabilities.sh | 14 ++++++++++++++
- parser/Makefile | 2 +-
- utils/Makefile | 2 +-
- utils/vim/create-apparmor.vim.py | 2 +-
- 5 files changed, 17 insertions(+), 16 deletions(-)
- create mode 100755 common/list_capabilities.sh
-
-diff --git a/common/Make.rules b/common/Make.rules
-index 357bdec8..ecc6181a 100644
---- a/common/Make.rules
-+++ b/common/Make.rules
-@@ -74,19 +74,6 @@ endif
- pod_clean:
- -rm -f ${MANPAGES} *.[0-9].gz ${HTMLMANPAGES} pod2htm*.tmp
-
--# =====================
--# generate list of capabilities based on
--# /usr/include/linux/capabilities.h for use in multiple locations in
--# the source tree
--# =====================
--
--# emits defined capabilities in a simple list, e.g. "CAP_NAME CAP_NAME2"
--CAPABILITIES=$(shell echo "\#include <linux/capability.h>" | cpp -dM | LC_ALL=C sed -n -e '/CAP_EMPTY_SET/d' -e 's/^\#define[ \t]\+CAP_\([A-Z0-9_]\+\)[ \t]\+\([0-9xa-f]\+\)\(.*\)$$/CAP_\1/p' | LC_ALL=C sort)
--
--.PHONY: list_capabilities
--list_capabilities: /usr/include/linux/capability.h
-- @echo "$(CAPABILITIES)"
--
- # =====================
- # manpages
- # =====================
-diff --git a/common/list_capabilities.sh b/common/list_capabilities.sh
-new file mode 100755
-index 00000000..4e37cda7
---- /dev/null
-+++ b/common/list_capabilities.sh
-@@ -0,0 +1,14 @@
-+#!/bin/bash -e
-+
-+# =====================
-+# generate list of capabilities based on
-+# /usr/include/linux/capabilities.h for use in multiple locations in
-+# the source tree
-+# =====================
-+
-+echo "#include <linux/capability.h>" | \
-+ cpp -dM | \
-+ LC_ALL=C sed -n \
-+ -e '/CAP_EMPTY_SET/d' \
-+ -e 's/^\#define[ \t]\+CAP_\([A-Z0-9_]\+\)[ \t]\+\([0-9xa-f]\+\)\(.*\)$/CAP_\1/p' | \
-+ LC_ALL=C sort
-diff --git a/parser/Makefile b/parser/Makefile
-index aa5ab730..1df7c143 100644
---- a/parser/Makefile
-+++ b/parser/Makefile
-@@ -287,7 +287,7 @@ af_names.h: ../common/list_af_names.sh
- # cat $@
-
- cap_names.h: /usr/include/linux/capability.h
-- echo "$(CAPABILITIES)" | LC_ALL=C sed -n -e "s/[ \\t]\\?CAP_\\([A-Z0-9_]\\+\\)/\{\"\\L\\1\", \\UCAP_\\1\},\\n/pg" > $@
-+ ../common/list_capabilities.sh | LC_ALL=C sed -n -e "s/[ \\t]\\?CAP_\\([A-Z0-9_]\\+\\)/\{\"\\L\\1\", \\UCAP_\\1\},\\n/pg" > $@
-
- tst_lib: lib.c parser.h $(filter-out lib.o, ${TEST_OBJECTS})
- $(CXX) $(TEST_CFLAGS) -o $@ $< $(filter-out $(<:.c=.o), ${TEST_OBJECTS}) $(TEST_LDFLAGS) $(TEST_LDLIBS)
-diff --git a/utils/Makefile b/utils/Makefile
-index 01604796..16248083 100644
---- a/utils/Makefile
-+++ b/utils/Makefile
-@@ -77,7 +77,7 @@ clean: pod_clean
- .SILENT: check_severity_db
- check_severity_db: /usr/include/linux/capability.h severity.db
- # The sed statement is based on the one in the parser's makefile
-- RC=0 ; for cap in ${CAPABILITIES} ; do \
-+ RC=0 ; for cap in $(shell ../common/list_capabilities.sh) ; do \
- if ! grep -q -w $${cap} severity.db ; then \
- echo "Warning! capability $${cap} not found in severity.db" ; \
- RC=1 ; \
-diff --git a/utils/vim/create-apparmor.vim.py b/utils/vim/create-apparmor.vim.py
-index fea134f6..6a5f02a2 100644
---- a/utils/vim/create-apparmor.vim.py
-+++ b/utils/vim/create-apparmor.vim.py
-@@ -45,7 +45,7 @@ def cmd(command, input=None, stderr=subprocess.STDOUT, stdout=subprocess.PIPE, s
- return [sp.returncode, out + outerr]
-
- # get capabilities list
--(rc, output) = cmd(['make', '-s', '--no-print-directory', 'list_capabilities'])
-+(rc, output) = cmd(['../../common/list_capabilities.sh'])
- if rc != 0:
- sys.stderr.write("make list_capabilities failed: " + output)
- exit(rc)
---
-2.25.2
-
diff --git a/testing/apparmor/APKBUILD b/testing/apparmor/APKBUILD
deleted file mode 100644
index 29cc9636e03..00000000000
--- a/testing/apparmor/APKBUILD
+++ /dev/null
@@ -1,234 +0,0 @@
-# Contributor: Allan Garret <allan.garret@gmail.com>
-# Maintainer: Allan Garret <allan.garret@gmail.com>
-pkgname=apparmor
-pkgver=2.13.4
-pkgrel=0
-pkgdesc="Linux application security framework - mandatory access control for programs"
-url="https://gitlab.com/apparmor/apparmor/wikis/home"
-arch="all"
-license="GPL-2.0-only"
-depends="bash"
-makedepends="sed python3 autoconf automake libtool bison flex perl-dev swig
- gettext-dev python3-dev linux-pam-dev linux-headers"
-checkdepends="dejagnu py3-pyflakes"
-
-subpackages="
- libapparmor:_libapparmor
- libapparmor-doc:_libapparmor_doc
- libapparmor-dev:_libapparmor_dev
- py3-$pkgname:_py3_apparmor
- perl-$pkgname:_perl_apparmor
- $pkgname-utils:_apparmor_utils
- $pkgname-utils-doc:_apparmor_utils_doc
- $pkgname-utils-lang:_apparmor_utils_lang
- $pkgname-profiles:_apparmor_profiles:noarch
- $pkgname-pam:_apparmor_pam
- $pkgname-vim:_apparmor_vim:noarch
- $pkgname-openrc
- $pkgname-doc
- $pkgname-lang
- "
-source="
- https://gitlab.com/apparmor/apparmor/-/archive/v$pkgver/apparmor-v$pkgver.tar.gz
-
- apparmor.initd
-
- 0001-Fix-linking-against-gettext-on-musl-libc.patch
- 0002-utils-remove-vim-from-the-default-build.patch
- 0003-parser-remove-specific-tests-for-rttime.patch
- 0004-parser-remove-specific-tests-for-ofile.patch
- 0005-utils-adjust-tests-to-match-the-Alpine-layout.patch
- 0006-utils-adjust-rc-functions-for-aa-remove-unknown.patch
- 0007-Remove-Locale-gettext-from-parser-tests.patch
- 0008-Fix-profile-loading-in-busybox.patch
- 0009-ensure-make-apparmor_parser-is-cached.patch
- 0010-Revert-utils-test-network.py-fix-failing-testcase.patch
- 0011-Generate-CAPABILITIES-in-a-script-due-to-make-4.3.patch
- "
-
-builddir="$srcdir"/$pkgname-v$pkgver
-
-build() {
- export PYTHON_VERSION=3
- export PYTHON_VERSIONS=python3
- export PYTHON=/usr/bin/python3
-
- cd "$builddir"/libraries/libapparmor
- msg "Building: libapparmor"
- ./autogen.sh
- ./configure --prefix=/usr --with-python --with-perl
- make
-
- cd "$builddir"
- msg "Building: apparmor parser"
- make -C parser
-
- msg "Building: apparmor-binutils"
- make -C binutils
-
- msg "Building: apparmor-utils"
- make -C utils
-
- msg "Building: apparmor-profiles"
- make -C profiles
-
- msg "Building: apparmor-pam"
- make -C changehat/pam_apparmor
-
- msg "Building: apparmor-vim"
- make -C utils/vim
-}
-
-check() {
- cd "$builddir"/libraries/libapparmor
- make check
-
- cd "$builddir"
- make -C parser check
- make -C binutils check
- make -j1 -e PYFLAKES=pyflakes-3 -C utils check
-}
-
-package() {
- make -C parser install DESTDIR="$pkgdir"
- mv "$pkgdir"/lib "$pkgdir"/usr/lib
- mkdir -p "$pkgdir"/usr/libexec/apparmor
- mv "$pkgdir"/usr/lib/apparmor/rc.apparmor.functions \
- "$pkgdir"/usr/libexec/apparmor/
- rmdir "$pkgdir"/usr/lib/apparmor
- install -Dm755 "$srcdir"/apparmor.initd \
- "$pkgdir"/etc/init.d/apparmor
-}
-
-_libapparmor() {
- pkgdesc="AppArmor library"
- depends="bash sed"
-
- cd "$builddir"
- make -C libraries/libapparmor install DESTDIR="$subpkgdir"
-
- # Move development files
- mkdir -p "$subpkgdir"-dev/usr
- mv "$subpkgdir"/usr/include "$subpkgdir"-dev/usr/
- mkdir -p "$subpkgdir"-dev/usr/lib
- mv "$subpkgdir"/usr/lib/libapparmor.a "$subpkgdir"-dev/usr/lib/
- mv "$subpkgdir"/usr/lib/pkgconfig "$subpkgdir"-dev/usr/lib/
-
- # Move python3 files
- mkdir -p "$subpkgdir"/../py3-$pkgname/usr/lib
- mv "$subpkgdir"/usr/lib/python3.* "$subpkgdir"/../py3-$pkgname/usr/lib
-
- # Move perl files
- mkdir -p "$subpkgdir"/../perl-$pkgname/usr/lib
- mv "$subpkgdir"/usr/lib/perl5 "$subpkgdir"/../perl-$pkgname/usr/lib
-
- # Move doc files
- mkdir -p "$subpkgdir-doc"/usr/share
- mv "$subpkgdir"/usr/share/man "$subpkgdir-doc"/usr/share/
-}
-
-_libapparmor_doc() {
- pkgdesc="AppArmor Library (doc files)"
-
- cd "$builddir"
- for i in 2 3; do
- find "$subpkgdir"/usr/share/man/man"$i" -type f -exec gzip -9v {} +
- done
-}
-
-_libapparmor_dev() {
- pkgdesc="AppArmor Library (development files)"
-}
-
-_py3_apparmor() {
- pkgdesc="Python3 module for apparmor"
- depends="libapparmor python3"
-}
-
-_perl_apparmor() {
- pkgdesc="Perl module for apparmor"
- depends="libapparmor perl"
-}
-
-_apparmor_utils() {
- pkgdesc="AppArmor userspace utilities"
- depends="py3-apparmor libapparmor perl python3 bash"
-
- cd "$builddir"
- make -C utils install DESTDIR="$subpkgdir" BINDIR="$subpkgdir"/usr/bin
-
- cd "$builddir"
- make -C binutils install DESTDIR="$subpkgdir" BINDIR="$subpkgdir"/usr/bin
-
- mkdir -p "$subpkgdir"-doc/usr/share
- mv "$subpkgdir"/usr/share/man "$subpkgdir"-doc/usr/share/
-
- mkdir -p "$subpkgdir"-lang/usr/share
- mv "$subpkgdir"/usr/share/locale "$subpkgdir"-lang/usr/share/
-}
-
-_apparmor_utils_doc() {
- pkgdesc="AppArmor userspace utilites (doc files)"
-
- cd "$builddir"
- for i in 1 5 8; do
- find "$subpkgdir"/usr/share/man/man"$i" -type f -exec gzip -9v {} +
- done
- cd "$subpkgdir"/usr/share/man/man8
- rm apparmor_status.8
- ln -s aa-status.8.gz apparmor_status.8.gz
-}
-
-_apparmor_utils_lang() {
- pkgdesc="Languages for package $subpkgname"
-}
-
-_apparmor_profiles() {
- pkgdesc="AppArmor sample pre-made profiles"
- depends="apparmor"
-
- cd "$builddir"
- make -C profiles install DESTDIR="$subpkgdir"
-}
-
-_apparmor_pam() {
- pkgdesc="AppArmor PAM library"
- depends="libapparmor linux-pam"
-
- cd "$builddir"
- make -C changehat/pam_apparmor install DESTDIR="$subpkgdir"/usr
-}
-
-_apparmor_pam_doc() {
- pkgdesc="AppArmor PAM library (doc files)"
-
- cd "$builddir"
- mkdir -p "$subpkgdir"/usr/share/doc/apparmor
- install -Dm644 changehat/pam_apparmor/README \
- "$subpkgdir"/usr/share/doc/apparmor/README.pam_apparmor
-}
-
-_apparmor_vim() {
- pkgdesc="AppArmor VIM support"
- depends="vim"
-
- cd "$builddir"/utils/vim
- install -Dm644 apparmor.vim \
- "$subpkgdir"/usr/share/vim/vimfiles/syntax/apparmor.vim
-}
-
-
-
-sha512sums="a3800abc736da725fba3f831d4f26f2ce00179c1c8ad46fc5f27a068dc99c610031979c401cb9f86921bbea9dcb5c33dd2dac0536627040e0068c906c3cda942 apparmor-v2.13.4.tar.gz
-1a57cc577ba3aedfbe10ef6148c1e8f5d0bbf65c99e60eec80c52409c9dab59ae002024500c6e4fd0e01e8c7aeb0c85e3e6b41cacee08c17fdd869d31bca614e apparmor.initd
-e94f44427ed3c6f64462170939ffc92ce9ac1a58c61c7c7c3483fe16fe8e1c419daade9d56cdd342132e4d823dcac1963a86ad889f10bf71fd52b7f54c4694ed 0001-Fix-linking-against-gettext-on-musl-libc.patch
-20817633590c40eb5f6132c11396cf0bbd532b6e436aa90b6ccc61d7c914794d868ec981b91406f6c11f550102aa25a32982610445cc8e5e703ee90697233263 0002-utils-remove-vim-from-the-default-build.patch
-568e10bda27745ac6e1b9495bb6863e93466ee1c387912393c2c7396bcedd7400b13ee233dd953f82460328e3aae45dd2f7aba92962edef31330d6b4dbc9951b 0003-parser-remove-specific-tests-for-rttime.patch
-3a84fb3b2b19ccf52e179190e98ec0da2469727eaaa73d0094b0e9c85b80738c9cb9da9242d17a472a649e6042933bedb5f78c3f574d555369a4ece38a1d8a8a 0004-parser-remove-specific-tests-for-ofile.patch
-ebe2494e0023d45a41623038f8126fd5366606507d7c1caadf776253a5a64e2979ed157b00d2240556945c414fd3a6dff3d5ce971a5c975033dfb53db60abecc 0005-utils-adjust-tests-to-match-the-Alpine-layout.patch
-38ebb30a0185f8eabd9103925959da365f64ef485f66ffb10180ac596fc172f9c98df39baec0b035138e9ab32056148e69a066faba9faebf9e92bf7a09c150c0 0006-utils-adjust-rc-functions-for-aa-remove-unknown.patch
-093c2f216776c5cc67294a134af6ef788dd5a82477592093abbdd244d65591006890a7c911d4f72d7c0ceac5d3ee33927b055a6d3731284701057b35372e7265 0007-Remove-Locale-gettext-from-parser-tests.patch
-017de8d6632204b0bdf025d25ef94be639adf742281693dc028eca428171409dcf86c7547f61ad6c4c7f4175480940eaca3e3ad888e5a9649946f56eafc50e40 0008-Fix-profile-loading-in-busybox.patch
-4e8dc9e0ca8c68b13a5a6c8c0eb1c8fb11fc1d59741753a0fd55a80f1b7f8e6d73c7c13a53a855f374d7555389ca7853adf2e3ee273b084967141a4b30d58fab 0009-ensure-make-apparmor_parser-is-cached.patch
-3ffb2927fbdab331bc70391eaae8ed56026245ec7e91a2d88a5a480a344b22b17ce7f45f43e1ff6be531d2c87f0c4b19d73014d7bcfe4d86ff888e2a2fb9fd83 0010-Revert-utils-test-network.py-fix-failing-testcase.patch
-938ebb8c88e8d567f434cd849db283fa8aa6184249db7bb4dee0be77d0ddd2362ac1f6d457f822073e0e135520c330f251de36b0d98539cea5ad8816d5c1cb12 0011-Generate-CAPABILITIES-in-a-script-due-to-make-4.3.patch"
diff --git a/testing/apparmor/apparmor.initd b/testing/apparmor/apparmor.initd
deleted file mode 100644
index 15058f28953..00000000000
--- a/testing/apparmor/apparmor.initd
+++ /dev/null
@@ -1,91 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2013 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-description="Load all configured profiles for the AppArmor security module."
-description_reload="Reload all profiles"
-
-extra_started_commands="reload"
-
-aa_action() {
- local arg=$1
- local return
-
- shift
- $*
- return=$?
-
- if [ ${return} -eq 0 ]; then
- aa_log_success_msg $arg
- else
- aa_log_failure_msg arg
- fi
-
- return $return
-}
-
-aa_log_action_start() {
- ebegin $1
-}
-
-aa_log_action_end() {
- eend $1
-}
-
-aa_log_success_msg() {
- einfo $1
-}
-
-aa_log_warning_msg() {
- ewarn $1
-}
-
-aa_log_failure_msg() {
- eerror $1
-}
-
-aa_log_skipped_msg() {
- einfo $1
-}
-
-aa_log_daemon_msg() {
- einfo $1
-}
-
-aa_log_end_msg() {
- eend $1
-}
-
-. /usr/libexec/apparmor/rc.apparmor.functions
-
-start() {
- ebegin "Starting AppArmor"
- eindent
-
- if ! is_apparmor_loaded ; then
- load_module
- if [ $? -ne 0 ]; then
- eerror "AppArmor kernel support is not present"
- eend 1
- return 1
- fi
- fi
-
- parse_profiles load
-
- eoutdent
-}
-
-stop() {
- ebegin "Stopping AppArmor"
- eindent
- apparmor_stop
- eoutdent
-}
-
-reload() {
- # todo: split out clean_profiles into its own function upstream
- # so we can do parse_profiles reload && clean_profiles
- # and do a proper reload instead of restart
- apparmor_restart
-}