[lxc-devel] [lxd/master] tests: Skip apparmor tests when no kernel support

[stgraber on Github]

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 354 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20170707/5ee2f945/attachment.bin>
-------------- next part --------------
From 8b2e1085fe152ed6cec062edb55bb2cb2c5f76e2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Thu, 6 Jul 2017 18:28:08 -0400
Subject: [PATCH] tests: Skip apparmor tests when no kernel support
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 test/suites/basic.sh | 44 ++++++++++++++++++++++++--------------------
 1 file changed, 24 insertions(+), 20 deletions(-)

diff --git a/test/suites/basic.sh b/test/suites/basic.sh
index 2811ecfc2..e3ad787a5 100644
--- a/test/suites/basic.sh
+++ b/test/suites/basic.sh
@@ -333,29 +333,33 @@ test_basic_usage() {
   # cleanup
   lxc delete foo -f
 
-  # check that an apparmor profile is created for this container, that it is
-  # unloaded on stop, and that it is deleted when the container is deleted
-  lxc launch testimage lxd-apparmor-test
-
-  MAJOR=0
-  MINOR=0
-  if [ -f /sys/kernel/security/apparmor/features/domain/version ]; then
-    MAJOR=$(awk -F. '{print $1}' < /sys/kernel/security/apparmor/features/domain/version)
-    MINOR=$(awk -F. '{print $2}' < /sys/kernel/security/apparmor/features/domain/version)
-  fi
+  if [ -e /sys/module/apparmor/ ]; then
+    # check that an apparmor profile is created for this container, that it is
+    # unloaded on stop, and that it is deleted when the container is deleted
+    lxc launch testimage lxd-apparmor-test
+
+    MAJOR=0
+    MINOR=0
+    if [ -f /sys/kernel/security/apparmor/features/domain/version ]; then
+      MAJOR=$(awk -F. '{print $1}' < /sys/kernel/security/apparmor/features/domain/version)
+      MINOR=$(awk -F. '{print $2}' < /sys/kernel/security/apparmor/features/domain/version)
+    fi
 
-  if [ "${MAJOR}" -gt "1" ] || ([ "${MAJOR}" = "1" ] && [ "${MINOR}" -ge "2" ]); then
-    aa_namespace="lxd-lxd-apparmor-test_<$(echo "${LXD_DIR}" | sed -e 's/\//-/g' -e 's/^.//')>"
-    aa-status | grep ":${aa_namespace}://unconfined"
-    lxc stop lxd-apparmor-test --force
-    ! aa-status | grep -q ":${aa_namespace}:"
+    if [ "${MAJOR}" -gt "1" ] || ([ "${MAJOR}" = "1" ] && [ "${MINOR}" -ge "2" ]); then
+      aa_namespace="lxd-lxd-apparmor-test_<$(echo "${LXD_DIR}" | sed -e 's/\//-/g' -e 's/^.//')>"
+      aa-status | grep ":${aa_namespace}://unconfined"
+      lxc stop lxd-apparmor-test --force
+      ! aa-status | grep -q ":${aa_namespace}:"
+    else
+      aa-status | grep "lxd-lxd-apparmor-test_<${LXD_DIR}>"
+      lxc stop lxd-apparmor-test --force
+      ! aa-status | grep -q "lxd-lxd-apparmor-test_<${LXD_DIR}>"
+    fi
+    lxc delete lxd-apparmor-test
+    [ ! -f "${LXD_DIR}/security/apparmor/profiles/lxd-lxd-apparmor-test" ]
   else
-    aa-status | grep "lxd-lxd-apparmor-test_<${LXD_DIR}>"
-    lxc stop lxd-apparmor-test --force
-    ! aa-status | grep -q "lxd-lxd-apparmor-test_<${LXD_DIR}>"
+    echo "==> SKIP: apparmor tests (missing kernel support)"
   fi
-  lxc delete lxd-apparmor-test
-  [ ! -f "${LXD_DIR}/security/apparmor/profiles/lxd-lxd-apparmor-test" ]
 
   lxc launch testimage lxd-seccomp-test
   init=$(lxc info lxd-seccomp-test | grep Pid | cut -f2 -d" ")