mirror of
https://gitlab.com/apparmor/apparmor
synced 2025-08-31 06:16:03 +00:00
With the fixing of the change_profile rules to automatically allow
access to /proc/*/attr/{current,exec}, the onexec testcase that attempted to do things without explicit access granted to /proc/*/attr/exec in the testsuite passes instead of fails. This commit takes that into account.
This commit is contained in:
@@ -151,9 +151,9 @@ do_test "noexist px" $bin/onexec noexist fail $bin/open $file
|
||||
genprofile 'change_profile->':$bin/rw $onexec:w -- image=$bin/rw $bin/open:rix $file:rw
|
||||
do_test "change profile - override rix" $bin/onexec $bin/rw pass $bin/open $file
|
||||
|
||||
# ONEXEC from CONFINED - change to rw profile, no exec profile to override
|
||||
# ONEXEC from CONFINED - change to rw profile, no exec profile to override, no explicit access to /proc/*/attr/exec
|
||||
genprofile 'change_profile->':$bin/rw -- image=$bin/rw $bin/open:rix $file:rw
|
||||
do_test "change profile - no onexec:w" $bin/onexec $bin/rw fail $bin/open $file
|
||||
do_test "change profile - no onexec:w" $bin/onexec $bin/rw pass $bin/open $file
|
||||
|
||||
# ONEXEC from CONFINED - don't change profile, make sure exec profile is applied
|
||||
genprofile 'change_profile->':$bin/rw $onexec:w $bin/open:rpx -- image=$bin/rw $bin/open:rix $file:rw -- image=$bin/open $file:rw
|
||||
|
Reference in New Issue
Block a user