nathan/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2026-06-05 21:03:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

nixosTests.apparmor: adapt test to new pathname style

Browse Source 
Since https://github.com/NixOS/nixpkgs/pull/443245 file rules are
written with the pathname first.

Also somehow the sorting was strange.
This commit is contained in:
Philipp Bartsch
2026-01-09 13:51:03 +01:00
parent 23c33c9331
commit cf99938ea5
2 changed files with 75 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
nixos/tests/apparmor/default.nix
View File

@@ -83,13 +83,13 @@ in
pkgs.writeText "expected.rules" (import ./makeExpectedPolicies.nix { inherit pkgs; })
} ${
pkgs.runCommand "actual.rules" { preferLocalBuild = true; } ''
${getExe pkgs.gnused} -e 's:^[^ ]* ${builtins.storeDir}/[^,/-]*-\([^/,]*\):\1 \0:' ${
${getExe pkgs.gnused} -e 's:^${builtins.storeDir}/[^,/-]*-\([^/, ]*\):\1 \0:' ${
pkgs.apparmorRulesFromClosure {
name = "ping";
additionalRules = [ "x $path/foo/**" ];
additionalRules = [ "$path/foo/** x" ];
} [ pkgs.libcap ]
} |
${getExe' pkgs.coreutils "sort"} -n -k1 |
LC_ALL=C ${getExe' pkgs.coreutils "sort"} |
${getExe pkgs.gnused} -e 's:^[^ ]* ::' >$out
''
}"

144
nixos/tests/apparmor/makeExpectedPolicies.nix
View File

@@ -1,75 +1,75 @@
{ pkgs }:
''
ixr ${pkgs.bashNonInteractive}/libexec/**,
mr ${pkgs.bashNonInteractive}/lib/**.so*,
mr ${pkgs.bashNonInteractive}/lib64/**.so*,
mr ${pkgs.bashNonInteractive}/share/**,
r ${pkgs.bashNonInteractive},
r ${pkgs.bashNonInteractive}/etc/**,
r ${pkgs.bashNonInteractive}/lib/**,
r ${pkgs.bashNonInteractive}/lib64/**,
x ${pkgs.bashNonInteractive}/foo/**,
ixr ${pkgs.glibc}/libexec/**,
mr ${pkgs.glibc}/lib/**.so*,
mr ${pkgs.glibc}/lib64/**.so*,
mr ${pkgs.glibc}/share/**,
r ${pkgs.glibc},
r ${pkgs.glibc}/etc/**,
r ${pkgs.glibc}/lib/**,
r ${pkgs.glibc}/lib64/**,
x ${pkgs.glibc}/foo/**,
ixr ${pkgs.libcap}/libexec/**,
mr ${pkgs.libcap}/lib/**.so*,
mr ${pkgs.libcap}/lib64/**.so*,
mr ${pkgs.libcap}/share/**,
r ${pkgs.libcap},
r ${pkgs.libcap}/etc/**,
r ${pkgs.libcap}/lib/**,
r ${pkgs.libcap}/lib64/**,
x ${pkgs.libcap}/foo/**,
ixr ${pkgs.libcap.lib}/libexec/**,
mr ${pkgs.libcap.lib}/lib/**.so*,
mr ${pkgs.libcap.lib}/lib64/**.so*,
mr ${pkgs.libcap.lib}/share/**,
r ${pkgs.libcap.lib},
r ${pkgs.libcap.lib}/etc/**,
r ${pkgs.libcap.lib}/lib/**,
r ${pkgs.libcap.lib}/lib64/**,
x ${pkgs.libcap.lib}/foo/**,
ixr ${pkgs.libidn2.out}/libexec/**,
mr ${pkgs.libidn2.out}/lib/**.so*,
mr ${pkgs.libidn2.out}/lib64/**.so*,
mr ${pkgs.libidn2.out}/share/**,
r ${pkgs.libidn2.out},
r ${pkgs.libidn2.out}/etc/**,
r ${pkgs.libidn2.out}/lib/**,
r ${pkgs.libidn2.out}/lib64/**,
x ${pkgs.libidn2.out}/foo/**,
ixr ${pkgs.libunistring}/libexec/**,
mr ${pkgs.libunistring}/lib/**.so*,
mr ${pkgs.libunistring}/lib64/**.so*,
mr ${pkgs.libunistring}/share/**,
r ${pkgs.libunistring},
r ${pkgs.libunistring}/etc/**,
r ${pkgs.libunistring}/lib/**,
r ${pkgs.libunistring}/lib64/**,
x ${pkgs.libunistring}/foo/**,
ixr ${pkgs.tzdata}/libexec/**,
mr ${pkgs.tzdata}/lib/**.so*,
mr ${pkgs.tzdata}/lib64/**.so*,
mr ${pkgs.tzdata}/share/**,
r ${pkgs.tzdata},
r ${pkgs.tzdata}/etc/**,
r ${pkgs.tzdata}/lib/**,
r ${pkgs.tzdata}/lib64/**,
x ${pkgs.tzdata}/foo/**,
ixr ${pkgs.glibc.libgcc}/libexec/**,
mr ${pkgs.glibc.libgcc}/lib/**.so*,
mr ${pkgs.glibc.libgcc}/lib64/**.so*,
mr ${pkgs.glibc.libgcc}/share/**,
r ${pkgs.glibc.libgcc},
r ${pkgs.glibc.libgcc}/etc/**,
r ${pkgs.glibc.libgcc}/lib/**,
r ${pkgs.glibc.libgcc}/lib64/**,
x ${pkgs.glibc.libgcc}/foo/**,
${pkgs.bashNonInteractive} r,
${pkgs.bashNonInteractive}/etc/** r,
${pkgs.bashNonInteractive}/foo/** x,
${pkgs.bashNonInteractive}/lib/** r,
${pkgs.bashNonInteractive}/lib/**.so* mr,
${pkgs.bashNonInteractive}/lib64/** r,
${pkgs.bashNonInteractive}/lib64/**.so* mr,
${pkgs.bashNonInteractive}/libexec/** ixr,
${pkgs.bashNonInteractive}/share/** mr,
${pkgs.glibc} r,
${pkgs.glibc}/etc/** r,
${pkgs.glibc}/foo/** x,
${pkgs.glibc}/lib/** r,
${pkgs.glibc}/lib/**.so* mr,
${pkgs.glibc}/lib64/** r,
${pkgs.glibc}/lib64/**.so* mr,
${pkgs.glibc}/libexec/** ixr,
${pkgs.glibc}/share/** mr,
${pkgs.libcap} r,
${pkgs.libcap}/etc/** r,
${pkgs.libcap}/foo/** x,
${pkgs.libcap}/lib/** r,
${pkgs.libcap}/lib/**.so* mr,
${pkgs.libcap}/lib64/** r,
${pkgs.libcap}/lib64/**.so* mr,
${pkgs.libcap}/libexec/** ixr,
${pkgs.libcap}/share/** mr,
${pkgs.libcap.lib} r,
${pkgs.libcap.lib}/etc/** r,
${pkgs.libcap.lib}/foo/** x,
${pkgs.libcap.lib}/lib/** r,
${pkgs.libcap.lib}/lib/**.so* mr,
${pkgs.libcap.lib}/lib64/** r,
${pkgs.libcap.lib}/lib64/**.so* mr,
${pkgs.libcap.lib}/libexec/** ixr,
${pkgs.libcap.lib}/share/** mr,
${pkgs.libidn2.out} r,
${pkgs.libidn2.out}/etc/** r,
${pkgs.libidn2.out}/foo/** x,
${pkgs.libidn2.out}/lib/** r,
${pkgs.libidn2.out}/lib/**.so* mr,
${pkgs.libidn2.out}/lib64/** r,
${pkgs.libidn2.out}/lib64/**.so* mr,
${pkgs.libidn2.out}/libexec/** ixr,
${pkgs.libidn2.out}/share/** mr,
${pkgs.libunistring} r,
${pkgs.libunistring}/etc/** r,
${pkgs.libunistring}/foo/** x,
${pkgs.libunistring}/lib/** r,
${pkgs.libunistring}/lib/**.so* mr,
${pkgs.libunistring}/lib64/** r,
${pkgs.libunistring}/lib64/**.so* mr,
${pkgs.libunistring}/libexec/** ixr,
${pkgs.libunistring}/share/** mr,
${pkgs.tzdata} r,
${pkgs.tzdata}/etc/** r,
${pkgs.tzdata}/foo/** x,
${pkgs.tzdata}/lib/** r,
${pkgs.tzdata}/lib/**.so* mr,
${pkgs.tzdata}/lib64/** r,
${pkgs.tzdata}/lib64/**.so* mr,
${pkgs.tzdata}/libexec/** ixr,
${pkgs.tzdata}/share/** mr,
${pkgs.glibc.libgcc} r,
${pkgs.glibc.libgcc}/etc/** r,
${pkgs.glibc.libgcc}/foo/** x,
${pkgs.glibc.libgcc}/lib/** r,
${pkgs.glibc.libgcc}/lib/**.so* mr,
${pkgs.glibc.libgcc}/lib64/** r,
${pkgs.glibc.libgcc}/lib64/**.so* mr,
${pkgs.glibc.libgcc}/libexec/** ixr,
${pkgs.glibc.libgcc}/share/** mr,
''