Loading nixos/tests/apparmor/default.nix +3 −3 Original line number Diff line number Diff line Loading @@ -83,13 +83,13 @@ in pkgs.writeText "expected.rules" (import ./makeExpectedPolicies.nix { inherit pkgs; }) } ${ pkgs.runCommand "actual.rules" { preferLocalBuild = true; } '' ${getExe pkgs.gnused} -e 's:^[^ ]* ${builtins.storeDir}/[^,/-]*-\([^/,]*\):\1 \0:' ${ ${getExe pkgs.gnused} -e 's:^${builtins.storeDir}/[^,/-]*-\([^/, ]*\):\1 \0:' ${ pkgs.apparmorRulesFromClosure { name = "ping"; additionalRules = [ "x $path/foo/**" ]; additionalRules = [ "$path/foo/** x" ]; } [ pkgs.libcap ] } | ${getExe' pkgs.coreutils "sort"} -n -k1 | LC_ALL=C ${getExe' pkgs.coreutils "sort"} | ${getExe pkgs.gnused} -e 's:^[^ ]* ::' >$out '' }" Loading nixos/tests/apparmor/makeExpectedPolicies.nix +72 −72 Original line number Diff line number Diff line { pkgs }: '' ixr ${pkgs.bashNonInteractive}/libexec/**, mr ${pkgs.bashNonInteractive}/lib/**.so*, mr ${pkgs.bashNonInteractive}/lib64/**.so*, mr ${pkgs.bashNonInteractive}/share/**, r ${pkgs.bashNonInteractive}, r ${pkgs.bashNonInteractive}/etc/**, r ${pkgs.bashNonInteractive}/lib/**, r ${pkgs.bashNonInteractive}/lib64/**, x ${pkgs.bashNonInteractive}/foo/**, ixr ${pkgs.glibc}/libexec/**, mr ${pkgs.glibc}/lib/**.so*, mr ${pkgs.glibc}/lib64/**.so*, mr ${pkgs.glibc}/share/**, r ${pkgs.glibc}, r ${pkgs.glibc}/etc/**, r ${pkgs.glibc}/lib/**, r ${pkgs.glibc}/lib64/**, x ${pkgs.glibc}/foo/**, ixr ${pkgs.libcap}/libexec/**, mr ${pkgs.libcap}/lib/**.so*, mr ${pkgs.libcap}/lib64/**.so*, mr ${pkgs.libcap}/share/**, r ${pkgs.libcap}, r ${pkgs.libcap}/etc/**, r ${pkgs.libcap}/lib/**, r ${pkgs.libcap}/lib64/**, x ${pkgs.libcap}/foo/**, ixr ${pkgs.libcap.lib}/libexec/**, mr ${pkgs.libcap.lib}/lib/**.so*, mr ${pkgs.libcap.lib}/lib64/**.so*, mr ${pkgs.libcap.lib}/share/**, r ${pkgs.libcap.lib}, r ${pkgs.libcap.lib}/etc/**, r ${pkgs.libcap.lib}/lib/**, r ${pkgs.libcap.lib}/lib64/**, x ${pkgs.libcap.lib}/foo/**, ixr ${pkgs.libidn2.out}/libexec/**, mr ${pkgs.libidn2.out}/lib/**.so*, mr ${pkgs.libidn2.out}/lib64/**.so*, mr ${pkgs.libidn2.out}/share/**, r ${pkgs.libidn2.out}, r ${pkgs.libidn2.out}/etc/**, r ${pkgs.libidn2.out}/lib/**, r ${pkgs.libidn2.out}/lib64/**, x ${pkgs.libidn2.out}/foo/**, ixr ${pkgs.libunistring}/libexec/**, mr ${pkgs.libunistring}/lib/**.so*, mr ${pkgs.libunistring}/lib64/**.so*, mr ${pkgs.libunistring}/share/**, r ${pkgs.libunistring}, r ${pkgs.libunistring}/etc/**, r ${pkgs.libunistring}/lib/**, r ${pkgs.libunistring}/lib64/**, x ${pkgs.libunistring}/foo/**, ixr ${pkgs.tzdata}/libexec/**, mr ${pkgs.tzdata}/lib/**.so*, mr ${pkgs.tzdata}/lib64/**.so*, mr ${pkgs.tzdata}/share/**, r ${pkgs.tzdata}, r ${pkgs.tzdata}/etc/**, r ${pkgs.tzdata}/lib/**, r ${pkgs.tzdata}/lib64/**, x ${pkgs.tzdata}/foo/**, ixr ${pkgs.glibc.libgcc}/libexec/**, mr ${pkgs.glibc.libgcc}/lib/**.so*, mr ${pkgs.glibc.libgcc}/lib64/**.so*, mr ${pkgs.glibc.libgcc}/share/**, r ${pkgs.glibc.libgcc}, r ${pkgs.glibc.libgcc}/etc/**, r ${pkgs.glibc.libgcc}/lib/**, r ${pkgs.glibc.libgcc}/lib64/**, x ${pkgs.glibc.libgcc}/foo/**, ${pkgs.bashNonInteractive} r, ${pkgs.bashNonInteractive}/etc/** r, ${pkgs.bashNonInteractive}/foo/** x, ${pkgs.bashNonInteractive}/lib/** r, ${pkgs.bashNonInteractive}/lib/**.so* mr, ${pkgs.bashNonInteractive}/lib64/** r, ${pkgs.bashNonInteractive}/lib64/**.so* mr, ${pkgs.bashNonInteractive}/libexec/** ixr, ${pkgs.bashNonInteractive}/share/** mr, ${pkgs.glibc} r, ${pkgs.glibc}/etc/** r, ${pkgs.glibc}/foo/** x, ${pkgs.glibc}/lib/** r, ${pkgs.glibc}/lib/**.so* mr, ${pkgs.glibc}/lib64/** r, ${pkgs.glibc}/lib64/**.so* mr, ${pkgs.glibc}/libexec/** ixr, ${pkgs.glibc}/share/** mr, ${pkgs.libcap} r, ${pkgs.libcap}/etc/** r, ${pkgs.libcap}/foo/** x, ${pkgs.libcap}/lib/** r, ${pkgs.libcap}/lib/**.so* mr, ${pkgs.libcap}/lib64/** r, ${pkgs.libcap}/lib64/**.so* mr, ${pkgs.libcap}/libexec/** ixr, ${pkgs.libcap}/share/** mr, ${pkgs.libcap.lib} r, ${pkgs.libcap.lib}/etc/** r, ${pkgs.libcap.lib}/foo/** x, ${pkgs.libcap.lib}/lib/** r, ${pkgs.libcap.lib}/lib/**.so* mr, ${pkgs.libcap.lib}/lib64/** r, ${pkgs.libcap.lib}/lib64/**.so* mr, ${pkgs.libcap.lib}/libexec/** ixr, ${pkgs.libcap.lib}/share/** mr, ${pkgs.libidn2.out} r, ${pkgs.libidn2.out}/etc/** r, ${pkgs.libidn2.out}/foo/** x, ${pkgs.libidn2.out}/lib/** r, ${pkgs.libidn2.out}/lib/**.so* mr, ${pkgs.libidn2.out}/lib64/** r, ${pkgs.libidn2.out}/lib64/**.so* mr, ${pkgs.libidn2.out}/libexec/** ixr, ${pkgs.libidn2.out}/share/** mr, ${pkgs.libunistring} r, ${pkgs.libunistring}/etc/** r, ${pkgs.libunistring}/foo/** x, ${pkgs.libunistring}/lib/** r, ${pkgs.libunistring}/lib/**.so* mr, ${pkgs.libunistring}/lib64/** r, ${pkgs.libunistring}/lib64/**.so* mr, ${pkgs.libunistring}/libexec/** ixr, ${pkgs.libunistring}/share/** mr, ${pkgs.tzdata} r, ${pkgs.tzdata}/etc/** r, ${pkgs.tzdata}/foo/** x, ${pkgs.tzdata}/lib/** r, ${pkgs.tzdata}/lib/**.so* mr, ${pkgs.tzdata}/lib64/** r, ${pkgs.tzdata}/lib64/**.so* mr, ${pkgs.tzdata}/libexec/** ixr, ${pkgs.tzdata}/share/** mr, ${pkgs.glibc.libgcc} r, ${pkgs.glibc.libgcc}/etc/** r, ${pkgs.glibc.libgcc}/foo/** x, ${pkgs.glibc.libgcc}/lib/** r, ${pkgs.glibc.libgcc}/lib/**.so* mr, ${pkgs.glibc.libgcc}/lib64/** r, ${pkgs.glibc.libgcc}/lib64/**.so* mr, ${pkgs.glibc.libgcc}/libexec/** ixr, ${pkgs.glibc.libgcc}/share/** mr, '' Loading
nixos/tests/apparmor/default.nix +3 −3 Original line number Diff line number Diff line Loading @@ -83,13 +83,13 @@ in pkgs.writeText "expected.rules" (import ./makeExpectedPolicies.nix { inherit pkgs; }) } ${ pkgs.runCommand "actual.rules" { preferLocalBuild = true; } '' ${getExe pkgs.gnused} -e 's:^[^ ]* ${builtins.storeDir}/[^,/-]*-\([^/,]*\):\1 \0:' ${ ${getExe pkgs.gnused} -e 's:^${builtins.storeDir}/[^,/-]*-\([^/, ]*\):\1 \0:' ${ pkgs.apparmorRulesFromClosure { name = "ping"; additionalRules = [ "x $path/foo/**" ]; additionalRules = [ "$path/foo/** x" ]; } [ pkgs.libcap ] } | ${getExe' pkgs.coreutils "sort"} -n -k1 | LC_ALL=C ${getExe' pkgs.coreutils "sort"} | ${getExe pkgs.gnused} -e 's:^[^ ]* ::' >$out '' }" Loading
nixos/tests/apparmor/makeExpectedPolicies.nix +72 −72 Original line number Diff line number Diff line { pkgs }: '' ixr ${pkgs.bashNonInteractive}/libexec/**, mr ${pkgs.bashNonInteractive}/lib/**.so*, mr ${pkgs.bashNonInteractive}/lib64/**.so*, mr ${pkgs.bashNonInteractive}/share/**, r ${pkgs.bashNonInteractive}, r ${pkgs.bashNonInteractive}/etc/**, r ${pkgs.bashNonInteractive}/lib/**, r ${pkgs.bashNonInteractive}/lib64/**, x ${pkgs.bashNonInteractive}/foo/**, ixr ${pkgs.glibc}/libexec/**, mr ${pkgs.glibc}/lib/**.so*, mr ${pkgs.glibc}/lib64/**.so*, mr ${pkgs.glibc}/share/**, r ${pkgs.glibc}, r ${pkgs.glibc}/etc/**, r ${pkgs.glibc}/lib/**, r ${pkgs.glibc}/lib64/**, x ${pkgs.glibc}/foo/**, ixr ${pkgs.libcap}/libexec/**, mr ${pkgs.libcap}/lib/**.so*, mr ${pkgs.libcap}/lib64/**.so*, mr ${pkgs.libcap}/share/**, r ${pkgs.libcap}, r ${pkgs.libcap}/etc/**, r ${pkgs.libcap}/lib/**, r ${pkgs.libcap}/lib64/**, x ${pkgs.libcap}/foo/**, ixr ${pkgs.libcap.lib}/libexec/**, mr ${pkgs.libcap.lib}/lib/**.so*, mr ${pkgs.libcap.lib}/lib64/**.so*, mr ${pkgs.libcap.lib}/share/**, r ${pkgs.libcap.lib}, r ${pkgs.libcap.lib}/etc/**, r ${pkgs.libcap.lib}/lib/**, r ${pkgs.libcap.lib}/lib64/**, x ${pkgs.libcap.lib}/foo/**, ixr ${pkgs.libidn2.out}/libexec/**, mr ${pkgs.libidn2.out}/lib/**.so*, mr ${pkgs.libidn2.out}/lib64/**.so*, mr ${pkgs.libidn2.out}/share/**, r ${pkgs.libidn2.out}, r ${pkgs.libidn2.out}/etc/**, r ${pkgs.libidn2.out}/lib/**, r ${pkgs.libidn2.out}/lib64/**, x ${pkgs.libidn2.out}/foo/**, ixr ${pkgs.libunistring}/libexec/**, mr ${pkgs.libunistring}/lib/**.so*, mr ${pkgs.libunistring}/lib64/**.so*, mr ${pkgs.libunistring}/share/**, r ${pkgs.libunistring}, r ${pkgs.libunistring}/etc/**, r ${pkgs.libunistring}/lib/**, r ${pkgs.libunistring}/lib64/**, x ${pkgs.libunistring}/foo/**, ixr ${pkgs.tzdata}/libexec/**, mr ${pkgs.tzdata}/lib/**.so*, mr ${pkgs.tzdata}/lib64/**.so*, mr ${pkgs.tzdata}/share/**, r ${pkgs.tzdata}, r ${pkgs.tzdata}/etc/**, r ${pkgs.tzdata}/lib/**, r ${pkgs.tzdata}/lib64/**, x ${pkgs.tzdata}/foo/**, ixr ${pkgs.glibc.libgcc}/libexec/**, mr ${pkgs.glibc.libgcc}/lib/**.so*, mr ${pkgs.glibc.libgcc}/lib64/**.so*, mr ${pkgs.glibc.libgcc}/share/**, r ${pkgs.glibc.libgcc}, r ${pkgs.glibc.libgcc}/etc/**, r ${pkgs.glibc.libgcc}/lib/**, r ${pkgs.glibc.libgcc}/lib64/**, x ${pkgs.glibc.libgcc}/foo/**, ${pkgs.bashNonInteractive} r, ${pkgs.bashNonInteractive}/etc/** r, ${pkgs.bashNonInteractive}/foo/** x, ${pkgs.bashNonInteractive}/lib/** r, ${pkgs.bashNonInteractive}/lib/**.so* mr, ${pkgs.bashNonInteractive}/lib64/** r, ${pkgs.bashNonInteractive}/lib64/**.so* mr, ${pkgs.bashNonInteractive}/libexec/** ixr, ${pkgs.bashNonInteractive}/share/** mr, ${pkgs.glibc} r, ${pkgs.glibc}/etc/** r, ${pkgs.glibc}/foo/** x, ${pkgs.glibc}/lib/** r, ${pkgs.glibc}/lib/**.so* mr, ${pkgs.glibc}/lib64/** r, ${pkgs.glibc}/lib64/**.so* mr, ${pkgs.glibc}/libexec/** ixr, ${pkgs.glibc}/share/** mr, ${pkgs.libcap} r, ${pkgs.libcap}/etc/** r, ${pkgs.libcap}/foo/** x, ${pkgs.libcap}/lib/** r, ${pkgs.libcap}/lib/**.so* mr, ${pkgs.libcap}/lib64/** r, ${pkgs.libcap}/lib64/**.so* mr, ${pkgs.libcap}/libexec/** ixr, ${pkgs.libcap}/share/** mr, ${pkgs.libcap.lib} r, ${pkgs.libcap.lib}/etc/** r, ${pkgs.libcap.lib}/foo/** x, ${pkgs.libcap.lib}/lib/** r, ${pkgs.libcap.lib}/lib/**.so* mr, ${pkgs.libcap.lib}/lib64/** r, ${pkgs.libcap.lib}/lib64/**.so* mr, ${pkgs.libcap.lib}/libexec/** ixr, ${pkgs.libcap.lib}/share/** mr, ${pkgs.libidn2.out} r, ${pkgs.libidn2.out}/etc/** r, ${pkgs.libidn2.out}/foo/** x, ${pkgs.libidn2.out}/lib/** r, ${pkgs.libidn2.out}/lib/**.so* mr, ${pkgs.libidn2.out}/lib64/** r, ${pkgs.libidn2.out}/lib64/**.so* mr, ${pkgs.libidn2.out}/libexec/** ixr, ${pkgs.libidn2.out}/share/** mr, ${pkgs.libunistring} r, ${pkgs.libunistring}/etc/** r, ${pkgs.libunistring}/foo/** x, ${pkgs.libunistring}/lib/** r, ${pkgs.libunistring}/lib/**.so* mr, ${pkgs.libunistring}/lib64/** r, ${pkgs.libunistring}/lib64/**.so* mr, ${pkgs.libunistring}/libexec/** ixr, ${pkgs.libunistring}/share/** mr, ${pkgs.tzdata} r, ${pkgs.tzdata}/etc/** r, ${pkgs.tzdata}/foo/** x, ${pkgs.tzdata}/lib/** r, ${pkgs.tzdata}/lib/**.so* mr, ${pkgs.tzdata}/lib64/** r, ${pkgs.tzdata}/lib64/**.so* mr, ${pkgs.tzdata}/libexec/** ixr, ${pkgs.tzdata}/share/** mr, ${pkgs.glibc.libgcc} r, ${pkgs.glibc.libgcc}/etc/** r, ${pkgs.glibc.libgcc}/foo/** x, ${pkgs.glibc.libgcc}/lib/** r, ${pkgs.glibc.libgcc}/lib/**.so* mr, ${pkgs.glibc.libgcc}/lib64/** r, ${pkgs.glibc.libgcc}/lib64/**.so* mr, ${pkgs.glibc.libgcc}/libexec/** ixr, ${pkgs.glibc.libgcc}/share/** mr, ''
