From cf99938ea541a86226f500c64d2d16548377e664 Mon Sep 17 00:00:00 2001 From: Philipp Bartsch Date: Fri, 9 Jan 2026 13:51:03 +0100 Subject: [PATCH] nixosTests.apparmor: adapt test to new pathname style Since https://github.com/NixOS/nixpkgs/pull/443245 file rules are written with the pathname first. Also somehow the sorting was strange. --- nixos/tests/apparmor/default.nix | 6 +- nixos/tests/apparmor/makeExpectedPolicies.nix | 144 +++++++++--------- 2 files changed, 75 insertions(+), 75 deletions(-) diff --git a/nixos/tests/apparmor/default.nix b/nixos/tests/apparmor/default.nix index e2667df8ec80..be35cec0da38 100644 --- a/nixos/tests/apparmor/default.nix +++ b/nixos/tests/apparmor/default.nix @@ -83,13 +83,13 @@ in pkgs.writeText "expected.rules" (import ./makeExpectedPolicies.nix { inherit pkgs; }) } ${ pkgs.runCommand "actual.rules" { preferLocalBuild = true; } '' - ${getExe pkgs.gnused} -e 's:^[^ ]* ${builtins.storeDir}/[^,/-]*-\([^/,]*\):\1 \0:' ${ + ${getExe pkgs.gnused} -e 's:^${builtins.storeDir}/[^,/-]*-\([^/, ]*\):\1 \0:' ${ pkgs.apparmorRulesFromClosure { name = "ping"; - additionalRules = [ "x $path/foo/**" ]; + additionalRules = [ "$path/foo/** x" ]; } [ pkgs.libcap ] } | - ${getExe' pkgs.coreutils "sort"} -n -k1 | + LC_ALL=C ${getExe' pkgs.coreutils "sort"} | ${getExe pkgs.gnused} -e 's:^[^ ]* ::' >$out '' }" diff --git a/nixos/tests/apparmor/makeExpectedPolicies.nix b/nixos/tests/apparmor/makeExpectedPolicies.nix index f8cf7a82860e..728005213173 100644 --- a/nixos/tests/apparmor/makeExpectedPolicies.nix +++ b/nixos/tests/apparmor/makeExpectedPolicies.nix @@ -1,75 +1,75 @@ { pkgs }: '' - ixr ${pkgs.bashNonInteractive}/libexec/**, - mr ${pkgs.bashNonInteractive}/lib/**.so*, - mr ${pkgs.bashNonInteractive}/lib64/**.so*, - mr ${pkgs.bashNonInteractive}/share/**, - r ${pkgs.bashNonInteractive}, - r ${pkgs.bashNonInteractive}/etc/**, - r ${pkgs.bashNonInteractive}/lib/**, - r ${pkgs.bashNonInteractive}/lib64/**, - x ${pkgs.bashNonInteractive}/foo/**, - ixr ${pkgs.glibc}/libexec/**, - mr ${pkgs.glibc}/lib/**.so*, - mr ${pkgs.glibc}/lib64/**.so*, - mr ${pkgs.glibc}/share/**, - r ${pkgs.glibc}, - r ${pkgs.glibc}/etc/**, - r ${pkgs.glibc}/lib/**, - r ${pkgs.glibc}/lib64/**, - x ${pkgs.glibc}/foo/**, - ixr ${pkgs.libcap}/libexec/**, - mr ${pkgs.libcap}/lib/**.so*, - mr ${pkgs.libcap}/lib64/**.so*, - mr ${pkgs.libcap}/share/**, - r ${pkgs.libcap}, - r ${pkgs.libcap}/etc/**, - r ${pkgs.libcap}/lib/**, - r ${pkgs.libcap}/lib64/**, - x ${pkgs.libcap}/foo/**, - ixr ${pkgs.libcap.lib}/libexec/**, - mr ${pkgs.libcap.lib}/lib/**.so*, - mr ${pkgs.libcap.lib}/lib64/**.so*, - mr ${pkgs.libcap.lib}/share/**, - r ${pkgs.libcap.lib}, - r ${pkgs.libcap.lib}/etc/**, - r ${pkgs.libcap.lib}/lib/**, - r ${pkgs.libcap.lib}/lib64/**, - x ${pkgs.libcap.lib}/foo/**, - ixr ${pkgs.libidn2.out}/libexec/**, - mr ${pkgs.libidn2.out}/lib/**.so*, - mr ${pkgs.libidn2.out}/lib64/**.so*, - mr ${pkgs.libidn2.out}/share/**, - r ${pkgs.libidn2.out}, - r ${pkgs.libidn2.out}/etc/**, - r ${pkgs.libidn2.out}/lib/**, - r ${pkgs.libidn2.out}/lib64/**, - x ${pkgs.libidn2.out}/foo/**, - ixr ${pkgs.libunistring}/libexec/**, - mr ${pkgs.libunistring}/lib/**.so*, - mr ${pkgs.libunistring}/lib64/**.so*, - mr ${pkgs.libunistring}/share/**, - r ${pkgs.libunistring}, - r ${pkgs.libunistring}/etc/**, - r ${pkgs.libunistring}/lib/**, - r ${pkgs.libunistring}/lib64/**, - x ${pkgs.libunistring}/foo/**, - ixr ${pkgs.tzdata}/libexec/**, - mr ${pkgs.tzdata}/lib/**.so*, - mr ${pkgs.tzdata}/lib64/**.so*, - mr ${pkgs.tzdata}/share/**, - r ${pkgs.tzdata}, - r ${pkgs.tzdata}/etc/**, - r ${pkgs.tzdata}/lib/**, - r ${pkgs.tzdata}/lib64/**, - x ${pkgs.tzdata}/foo/**, - ixr ${pkgs.glibc.libgcc}/libexec/**, - mr ${pkgs.glibc.libgcc}/lib/**.so*, - mr ${pkgs.glibc.libgcc}/lib64/**.so*, - mr ${pkgs.glibc.libgcc}/share/**, - r ${pkgs.glibc.libgcc}, - r ${pkgs.glibc.libgcc}/etc/**, - r ${pkgs.glibc.libgcc}/lib/**, - r ${pkgs.glibc.libgcc}/lib64/**, - x ${pkgs.glibc.libgcc}/foo/**, + ${pkgs.bashNonInteractive} r, + ${pkgs.bashNonInteractive}/etc/** r, + ${pkgs.bashNonInteractive}/foo/** x, + ${pkgs.bashNonInteractive}/lib/** r, + ${pkgs.bashNonInteractive}/lib/**.so* mr, + ${pkgs.bashNonInteractive}/lib64/** r, + ${pkgs.bashNonInteractive}/lib64/**.so* mr, + ${pkgs.bashNonInteractive}/libexec/** ixr, + ${pkgs.bashNonInteractive}/share/** mr, + ${pkgs.glibc} r, + ${pkgs.glibc}/etc/** r, + ${pkgs.glibc}/foo/** x, + ${pkgs.glibc}/lib/** r, + ${pkgs.glibc}/lib/**.so* mr, + ${pkgs.glibc}/lib64/** r, + ${pkgs.glibc}/lib64/**.so* mr, + ${pkgs.glibc}/libexec/** ixr, + ${pkgs.glibc}/share/** mr, + ${pkgs.libcap} r, + ${pkgs.libcap}/etc/** r, + ${pkgs.libcap}/foo/** x, + ${pkgs.libcap}/lib/** r, + ${pkgs.libcap}/lib/**.so* mr, + ${pkgs.libcap}/lib64/** r, + ${pkgs.libcap}/lib64/**.so* mr, + ${pkgs.libcap}/libexec/** ixr, + ${pkgs.libcap}/share/** mr, + ${pkgs.libcap.lib} r, + ${pkgs.libcap.lib}/etc/** r, + ${pkgs.libcap.lib}/foo/** x, + ${pkgs.libcap.lib}/lib/** r, + ${pkgs.libcap.lib}/lib/**.so* mr, + ${pkgs.libcap.lib}/lib64/** r, + ${pkgs.libcap.lib}/lib64/**.so* mr, + ${pkgs.libcap.lib}/libexec/** ixr, + ${pkgs.libcap.lib}/share/** mr, + ${pkgs.libidn2.out} r, + ${pkgs.libidn2.out}/etc/** r, + ${pkgs.libidn2.out}/foo/** x, + ${pkgs.libidn2.out}/lib/** r, + ${pkgs.libidn2.out}/lib/**.so* mr, + ${pkgs.libidn2.out}/lib64/** r, + ${pkgs.libidn2.out}/lib64/**.so* mr, + ${pkgs.libidn2.out}/libexec/** ixr, + ${pkgs.libidn2.out}/share/** mr, + ${pkgs.libunistring} r, + ${pkgs.libunistring}/etc/** r, + ${pkgs.libunistring}/foo/** x, + ${pkgs.libunistring}/lib/** r, + ${pkgs.libunistring}/lib/**.so* mr, + ${pkgs.libunistring}/lib64/** r, + ${pkgs.libunistring}/lib64/**.so* mr, + ${pkgs.libunistring}/libexec/** ixr, + ${pkgs.libunistring}/share/** mr, + ${pkgs.tzdata} r, + ${pkgs.tzdata}/etc/** r, + ${pkgs.tzdata}/foo/** x, + ${pkgs.tzdata}/lib/** r, + ${pkgs.tzdata}/lib/**.so* mr, + ${pkgs.tzdata}/lib64/** r, + ${pkgs.tzdata}/lib64/**.so* mr, + ${pkgs.tzdata}/libexec/** ixr, + ${pkgs.tzdata}/share/** mr, + ${pkgs.glibc.libgcc} r, + ${pkgs.glibc.libgcc}/etc/** r, + ${pkgs.glibc.libgcc}/foo/** x, + ${pkgs.glibc.libgcc}/lib/** r, + ${pkgs.glibc.libgcc}/lib/**.so* mr, + ${pkgs.glibc.libgcc}/lib64/** r, + ${pkgs.glibc.libgcc}/lib64/**.so* mr, + ${pkgs.glibc.libgcc}/libexec/** ixr, + ${pkgs.glibc.libgcc}/share/** mr, ''