diff --git a/tests/regression/apparmor/dbus_eavesdrop.sh b/tests/regression/apparmor/dbus_eavesdrop.sh index 8006003cc..fe26b9114 100755 --- a/tests/regression/apparmor/dbus_eavesdrop.sh +++ b/tests/regression/apparmor/dbus_eavesdrop.sh @@ -18,7 +18,7 @@ pwd=`cd $pwd ; /bin/pwd` bin=$pwd . $bin/prologue.inc -required_features dbus +requires_features dbus . $bin/dbus.inc args="--session" diff --git a/tests/regression/apparmor/dbus_message.sh b/tests/regression/apparmor/dbus_message.sh index aeefe2a6c..30b159245 100755 --- a/tests/regression/apparmor/dbus_message.sh +++ b/tests/regression/apparmor/dbus_message.sh @@ -18,7 +18,7 @@ pwd=`cd $pwd ; /bin/pwd` bin=$pwd . $bin/prologue.inc -required_features dbus +requires_features dbus . $bin/dbus.inc listnames="--type=method_call --session --name=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.ListNames" diff --git a/tests/regression/apparmor/dbus_service.sh b/tests/regression/apparmor/dbus_service.sh index 8a44a2caa..451a6612a 100755 --- a/tests/regression/apparmor/dbus_service.sh +++ b/tests/regression/apparmor/dbus_service.sh @@ -17,7 +17,7 @@ pwd=`cd $pwd ; /bin/pwd` bin=$pwd . $bin/prologue.inc -required_features dbus +requires_features dbus . $bin/dbus.inc service="--$bus --name=$dest $path $iface" diff --git a/tests/regression/apparmor/prologue.inc b/tests/regression/apparmor/prologue.inc index b50d3d57b..396d20345 100755 --- a/tests/regression/apparmor/prologue.inc +++ b/tests/regression/apparmor/prologue.inc @@ -21,19 +21,32 @@ # # For this file, functions are first, entry point code is at end, see "MAIN" -required_features() +#use $() to retreive the failure message or "true" if success +have_features() { if [ ! -e "/sys/kernel/security/apparmor/features/" ] ; then - echo "Kernel feature masks not supported. Skipping tests ..." - exit 0 + echo "Kernel feature masks not supported." + return 1; fi for f in $@ ; do if [ ! -e "/sys/kernel/security/apparmor/features/$f" ] ; then - echo "Required feature $f not available. Skipping tests ..." - exit 0 + echo "Required feature '$f' not available." + return 2; fi done + + echo "true" + return 0; +} + +requires_features() +{ + local res=$(have_features $@) + if [ "$res" != "true" ] ; then + echo "$res. Skipping tests ..." + exit 0 + fi } requires_query_interface() diff --git a/tests/regression/apparmor/tcp.sh b/tests/regression/apparmor/tcp.sh index f1c884dc2..73eff1b27 100755 --- a/tests/regression/apparmor/tcp.sh +++ b/tests/regression/apparmor/tcp.sh @@ -15,6 +15,7 @@ pwd=`cd $pwd ; /bin/pwd` bin=$pwd . $bin/prologue.inc +requires_features network port=34567 ip="127.0.0.1" diff --git a/tests/regression/apparmor/unix_fd_server.sh b/tests/regression/apparmor/unix_fd_server.sh index 4de3b26c3..6bc515877 100755 --- a/tests/regression/apparmor/unix_fd_server.sh +++ b/tests/regression/apparmor/unix_fd_server.sh @@ -132,10 +132,12 @@ runchecktest "fd passing; confined -> confined (no perm)" fail $file $socket $fd sleep 1 rm -f ${socket} -# FAIL - confined client, no access to the socket file +if [ "$(have_features policy/versions/v6)" == "true" ] ; then + # FAIL - confined client, no access to the socket file -genprofile $file:$okperm $socket:rw $fd_client:px -- image=$fd_client $file:$okperm -runchecktest "fd passing; confined client w/o socket access" fail $file $socket $fd_client + genprofile $file:$okperm $socket:rw $fd_client:px -- image=$fd_client $file:$okperm + runchecktest "fd passing; confined client w/o socket access" fail $file $socket $fd_client -sleep 1 -rm -f ${socket} + sleep 1 + rm -f ${socket} +fi diff --git a/tests/regression/apparmor/unix_socket_file.sh b/tests/regression/apparmor/unix_socket_file.sh index 6f38acb6a..dbb923ceb 100755 --- a/tests/regression/apparmor/unix_socket_file.sh +++ b/tests/regression/apparmor/unix_socket_file.sh @@ -27,6 +27,7 @@ pwd=`cd $pwd ; /bin/pwd` bin=$pwd . $bin/prologue.inc +requires_features policy/versions/v6 client=$bin/unix_socket_file_client socket=${tmpdir}/unix_socket_file.sock