From 9f569d285f23fd096e158a92a305e74f703ca88c Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Sun, 21 Feb 2016 21:34:31 +0100 Subject: [PATCH] Add more ruletypes to the cleanprof test profiles To ensure aa-cleanprof works as expected (and writing the rules works as expected), add some rules for every rule class to the cleanprof.in and cleanprof.out test profiles. Acked-by: Kshitij Gupta --- utils/test/cleanprof_test.in | 20 ++++++++++++++++++++ utils/test/cleanprof_test.out | 12 ++++++++++++ 2 files changed, 32 insertions(+) diff --git a/utils/test/cleanprof_test.in b/utils/test/cleanprof_test.in index 8822b88f1..f55a7b139 100644 --- a/utils/test/cleanprof_test.in +++ b/utils/test/cleanprof_test.in @@ -4,12 +4,32 @@ /usr/bin/a/simple/cleanprof/test/profile { # Just for the heck of it, this comment wont see the day of light #include + + capability sys_admin, + audit capability, + + change_profile -> /bin/foo, + change_profile, + + network inet stream, + network stream, + #Below rule comes from abstractions/base allow /usr/share/X11/locale/** r, allow /home/*/** r, + ptrace tracedby peer=/bin/strace, + ptrace tracedby, unix (receive) type=dgram, + set rlimit nofile <= 256, + set rlimit nofile <= 64, + + signal set=(hup int quit ill trap abrt) + set=(bus,fpe,,,kill,usr1) + set=segv set=usr2 set=pipe set=alrm set=term set=stkflt set=chld, + signal set=(hup int quit), + ^foo { /etc/fstab r, capability dac_override, diff --git a/utils/test/cleanprof_test.out b/utils/test/cleanprof_test.out index c20f6ff4d..83b2f8cec 100644 --- a/utils/test/cleanprof_test.out +++ b/utils/test/cleanprof_test.out @@ -6,11 +6,23 @@ /usr/bin/a/simple/cleanprof/test/profile { #include + set rlimit nofile <= 256, + + audit capability, + + network stream, + + signal set=(abrt alrm bus chld fpe hup ill int kill pipe quit segv stkflt term trap usr1 usr2), + + ptrace tracedby, + unix (receive) type=dgram, /home/*/** r, /home/foo/** w, + change_profile, + ^foo { capability dac_override,