AppArmor testing

Registered by Marc Deslauriers

Discuss AppArmor upstream test suite, and Ubuntu integration testing.

Blueprint information

Status:
Not started
Approver:
Jamie Strandboge
Priority:
Medium
Drafter:
Steve Beattie
Direction:
Approved
Assignee:
Steve Beattie
Definition:
Approved
Series goal:
Accepted for quantal
Implementation:
Deferred
Milestone target:
None

Related branches

Sprints

Whiteboard

Upstream Tests scripts
- parser parsing regression
- unit tests within various tools
  - parser custom unit tests
  - libapparmor (gnat)
 - aa-easy prof regression testing is pyunit
- functionality regression test suite - this is the one we mostly want to focus on
  - home rolled bash
    - brittle
    - hard to add new tests to

pyunit has some advantages
- people on team using it
- some tools are being written in it which makes it easy to test them
- supports inheritence, etc

pyunit drawbacks:
- setup/teardown could be slow dependending on how its down
- each test isn't necessarily a unit test per se, so the model doesn't fix perfectly

Decisions:
- use pyunit
- anything new should be pyunit
- start with moving some things over to start to flesh out the infrastructure
- split tests up somehow and not monolithic
- should use python3

apparmor-utils
- move to pyunit for the python tools and python-apparmor as they are written
- this is critically important for aa-genprof/aa-logropf, etc and getting them tested

kernel level stress
- focus on other areas first
- need to be able to tell the kernel stress testsuite to stop after a while
- various change_hat transitions are not currently tested under stress

What isn't being tested that we like to test:
- unit testing for compiler from userspace
 - dfa matching
 - make matching routines in the kernel available in the libraries as well
 - initscript testing
  - boot regression tests are in qrt
  - can we merge the Ubuntu changes for the initscript back to upstream? yes-- because most of the upstream stuff is crufty

(?)

Work Items

Work items:
[sbeattie] implement base infrastructure in pyunit so we can start moving things over (high) (2): POSTPONED
[jjohansen] review regression tests (medium) (1): POSTPONED
[jjohansen] lxc testing, serge has some tests to look at (high) (1): POSTPONED

This blueprint contains Public information 
Everyone can see this information.