fix_changehat_fork.patch

2025-08-30 22:05:27 +00:00 · 2007-12-23 01:06:49 +00:00
parent ee47e61713
commit 7742386a84
1 changed files with 11 additions and 7 deletions
--- a/tests/regression/subdomain/changehat_fork.sh
+++ b/tests/regression/subdomain/changehat_fork.sh
@@ -34,13 +34,15 @@ runchecktest "NO CHANGEHAT (access parent file)" pass nochange $file
 runchecktest "NO CHANGEHAT (access sub file)" fail nochange $subfile

 # CHANGEHAT TEST
-
+# Note: As of AppArmor 2.1 (opensuse 10.3) hats are no longer atomic
+# to profile load/replacement so we need to remove them manually
 subtest=sub

 genprofile $file:$okperm hat:$subtest $subfile:$okperm

-runchecktest "CHANGEHAT (access parent file)" fail $subtest $file
+runchecktest "CHANGEHAT (access parent file 1)" fail $subtest $file
 runchecktest "CHANGEHAT (access sub file)" pass $subtest $subfile
+echo -n "${testexec}//${subtest}" >/sys/kernel/security/apparmor/.remove

 # CHANGEHAT TEST -- multiple subprofiles

@@ -49,18 +51,20 @@ subtest3=sub3

 genprofile $file:$okperm hat:$subtest $subfile:$okperm hat:$subtest2 $subfile:$okperm hat:$subtest3 $subfile:$okperm

-runchecktest "CHANGEHAT (access parent file)" fail $subtest $file
+runchecktest "CHANGEHAT (access parent file 2)" fail $subtest $file
 runchecktest "CHANGEHAT (access sub file)" pass $subtest $subfile
 runchecktest "CHANGEHAT (access sub file)" pass $subtest2 $subfile
 runchecktest "CHANGEHAT (access sub file)" pass $subtest3 $subfile
+echo -n "${testexec}//${subtest}" >/sys/kernel/security/apparmor/.remove
+echo -n "${testexec}//${subtest2}" >/sys/kernel/security/apparmor/.remove
+echo -n "${testexec}//${subtest3}" >/sys/kernel/security/apparmor/.remove

 # CHANGEHAT TEST -- non-existent subprofile access
 # Should put us into a null-profile

-subtest2=$test.sub2
-subtest3=$test.sub3
-
+# NOTE: As of AppArmor 2.1 (opensuse 10.3) this test now passes as
+# the change_hat failes but it no longer entires the null profile
 genprofile $file:$okperm hat:$subtest $subfile:$okperm hat:$subtest2 $subfile:$okperm

-runchecktest "CHANGEHAT (access parent file)" fail $subtest3 $file
+runchecktest "CHANGEHAT (access parent file 3)" pass $subtest3 $file
 runchecktest "CHANGEHAT (access sub file)" fail $subtest3 $subfile