Overview

Misconfigured AppArmor profiles is one of the most effective ways to break someone's system. This section present the various tests applied to the profiles as well as their current stage of deployment.

Current

  •   Build just complain


    Build the profiles for all supported distributions.

    • All CI jobs validate the profiles syntax and,
    • ensure they can be safely loaded into a kernel.
  •   Checks just check


    Checks for common style and security issues:

    • Security checks
    • Style and maintainability checks
  •   Integration Tests just test-run

    Run commands to ensure no logs are raised.


    • Uses the bats test system.
    • Run in the Github Action as well as in all local test VM.
  •   Distribution Tests just autopkgtest

    Run the autopkgtest suite for Ubuntu and Debian.


    • Setup autopkgtest for Ubuntu.
    • Validate profiles on Ubuntu.

Future

For more complex software suite, more integration tests need to be done. The plan is to run existing integration suite from these very software in an environment with apparmor.d profiles.