tests/profiles/tinyproxy: add test for path based attachment

The existing test checks that the tinyproxy systemd service is confined. However it is possible that this confinement is based on systemd launching tinyproxy with the expected profile, rather than tinyproxy running under the profile due to path-based attachment. So add an explicit check for this as well as requested by @zyga-aka-zygoon in https://gitlab.com/apparmor/apparmor/-/merge_requests/1477#note_2334724042 Signed-off-by: Alex Murray <alex.murray@canonical.com>
2025-08-31 06:16:03 +00:00 · 2025-02-07 12:30:06 +10:30
parent b378da1f9c
commit 1f2175d854
1 changed files with 3 additions and 0 deletions
--- a/tests/profiles/tinyproxy/task.yaml
+++ b/tests/profiles/tinyproxy/task.yaml
@@ -12,3 +12,6 @@ execute: |
    # check tinyproxy system service is confined
    cat /proc/$(pidof tinyproxy)/attr/apparmor/current | MATCH 'tinyproxy \(enforce\)'

+    # also check the profile is attached based on the program path since in the
+    # previous test it could possibly being done by systemd instead
+    "$SPREAD_PATH"/tests/bin/actual-profile-of tinyproxy | MATCH 'tinyproxy \(enforce\)'