mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 14:25:52 +00:00
Code Issues Releases Wiki Activity

Add a regression test for allowing rprivate with conflicting options

Browse Source 
Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
This commit is contained in:
Ryan Lee
2024-12-18 10:28:49 -08:00
parent 52babe8054
commit 83270fcf68
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
tests/regression/apparmor/mount.sh
View File

@@ -573,6 +573,15 @@ else
runchecktest "MOUNT (confined cap bind mount with deny mount that doesn't overlap)" pass mount ${mount_point2} ${mount_point} -o bind
remove_mnt
# MR:https://gitlab.com/apparmor/apparmor/-/merge_requests/1466
# https://bugs.launchpad.net/apparmor/+bug/2091424
# Specify mount propgatation with remount, a conflict that we still allow
# The kernel ignored the conflict and us disallowing it broke userspace
genprofile cap:sys_admin "mount:ALL"
runchecktest "MOUNT (confined cap bind mount rprivate conflict)" pass mount ${mount_point2} ${mount_point} -o bind,rprivate,noexec
runchecktest "MOUNT (confined cap bind mount remount rprivate conflict)" pass mount ${mount_point2} ${mount_point} -o remount,bind,rprivate,noexec
remove_mnt
test_options
# test new mount interface