cmd/snapd-apparmor: Mock AppArmor parser search path in tests

This ensures the mocked apparmor_parser (via testutil.MockCommand()) is found and used during the tests. Signed-off-by: Alex Murray <[email protected]>
canonical · Sep 21, 2022 · 7d1efc1 · 7d1efc1
1 parent 855550b
commit 7d1efc1
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 2 deletions.
diff --git a/cmd/snapd-apparmor/export_test.go b/cmd/snapd-apparmor/export_test.go
@@ -25,4 +25,5 @@ var (
 	IsContainer                   = isContainer
 	IsContainerWithInternalPolicy = isContainerWithInternalPolicy
 	LoadAppArmorProfiles          = loadAppArmorProfiles
+	MockParserSearchPath          = mockParserSearchPath
 )
diff --git a/cmd/snapd-apparmor/main.go b/cmd/snapd-apparmor/main.go
@@ -74,7 +74,6 @@ func isWSL() bool {
 // container's boot process to experience failed policy loads but the boot
 // process should continue without any loss of functionality. This is an
 // unsupported configuration that cannot be properly handled by this function.
-//
 func isContainerWithInternalPolicy() bool {
 	var appArmorSecurityFSPath = filepath.Join(dirs.GlobalRootDir, "/sys/kernel/security/apparmor")
 	var nsStackedPath = filepath.Join(appArmorSecurityFSPath, ".ns_stacked")
@@ -171,3 +170,7 @@ func run() error {
 
 	return loadAppArmorProfiles()
 }
+
+func mockParserSearchPath(parserSearchPath string) (restore func()) {
+	return apparmor_sandbox.MockParserSearchPath(parserSearchPath)
+}
diff --git a/cmd/snapd-apparmor/main_test.go b/cmd/snapd-apparmor/main_test.go
@@ -91,6 +91,8 @@ func (s *mainSuite) TestIsContainerWithInternalPolicy(c *C) {
 func (s *mainSuite) TestLoadAppArmorProfiles(c *C) {
 	parserCmd := testutil.MockCommand(c, "apparmor_parser", "")
 	defer parserCmd.Restore()
+	restore := snapd_apparmor.MockParserSearchPath(parserCmd.BinDir())
+	defer restore()
 	err := snapd_apparmor.LoadAppArmorProfiles()
 	c.Assert(err, IsNil)
 	// since no profiles to load the parser should not have been called
@@ -119,7 +121,10 @@ func (s *mainSuite) TestLoadAppArmorProfiles(c *C) {
 			profile}})
 
 	// test error case
-	testutil.MockCommand(c, "apparmor_parser", "echo mocked parser failed > /dev/stderr; exit 1")
+	parserCmd = testutil.MockCommand(c, "apparmor_parser", "echo mocked parser failed > /dev/stderr; exit 1")
+	defer parserCmd.Restore()
+	restore = snapd_apparmor.MockParserSearchPath(parserCmd.BinDir())
+	defer restore()
 	err = snapd_apparmor.LoadAppArmorProfiles()
 	c.Check(err.Error(), Equals, "cannot load apparmor profiles: exit status 1\napparmor_parser output:\nmocked parser failed\n")
 
@@ -201,6 +206,8 @@ func (s *integrationSuite) SetUpTest(c *C) {
 	// simulate a single profile to load
 	s.parserCmd = testutil.MockCommand(c, "apparmor_parser", "")
 	s.AddCleanup(s.parserCmd.Restore)
+	restore := snapd_apparmor.MockParserSearchPath(s.parserCmd.BinDir())
+	s.AddCleanup(restore)
 	err := os.MkdirAll(dirs.SnapAppArmorDir, 0755)
 	c.Assert(err, IsNil)
 	profile := filepath.Join(dirs.SnapAppArmorDir, "foo")