mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 06:16:03 +00:00
Code Issues Releases Wiki Activity

With the fixing of the change_profile rules to automatically allow

Browse Source 
access to /proc/*/attr/{current,exec}, the onexec testcase that
attempted to do things without explicit access granted to
/proc/*/attr/exec in the testsuite passes instead of fails. This commit
takes that into account.
This commit is contained in:
Steve Beattie
2012-04-11 23:17:52 -07:00
parent b6c08d74a6
commit a078c1feb5
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tests/regression/apparmor/onexec.sh
View File

@@ -151,9 +151,9 @@ do_test "noexist px" $bin/onexec noexist fail $bin/open $file
genprofile 'change_profile->':$bin/rw $onexec:w -- image=$bin/rw $bin/open:rix $file:rw
do_test "change profile - override rix" $bin/onexec $bin/rw pass $bin/open $file
# ONEXEC from CONFINED - change to rw profile, no exec profile to override
# ONEXEC from CONFINED - change to rw profile, no exec profile to override, no explicit access to /proc/*/attr/exec
genprofile 'change_profile->':$bin/rw -- image=$bin/rw $bin/open:rix $file:rw
do_test "change profile - no onexec:w" $bin/onexec $bin/rw fail $bin/open $file
do_test "change profile - no onexec:w" $bin/onexec $bin/rw pass $bin/open $file
# ONEXEC from CONFINED - don't change profile, make sure exec profile is applied
genprofile 'change_profile->':$bin/rw $onexec:w $bin/open:rpx -- image=$bin/rw $bin/open:rix $file:rw -- image=$bin/open $file:rw