mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 10:07:12 +00:00
Code Issues Releases Wiki Activity

tests: detect if label is supported in the kernel

Browse Source 
When label is detected in the kernel, the tests pass.

Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
This commit is contained in:
Georgia Garcia 2025-04-10 13:12:54 -03:00
parent b718c53b97
commit c25f2d3407
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
tests/regression/apparmor/posix_mq.sh
View File

@ -160,14 +160,19 @@ for username in "root" "$userid" ; do
do_tests "confined receiver $username - unconfined sender" pass pass pass pass $usercmd
labelres="xpass"
if [ "$(kernel_features ipc/posix_mqueue/label)" = "true" ]; then
labelres="pass"
fi
# queue label
genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "network:netlink" "mqueue:label=$receiver" "$sender:px" "$pipe:rw" -- "image=$sender" "mqueue:label=$receiver" "$pipe:rw"
do_tests "confined $username - mqueue label 1" xpass xpass xpass xpass $usercmd
do_tests "confined $username - mqueue label 1" $labelres $labelres $labelres $labelres $usercmd
# queue name and label
genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "network:netlink" "mqueue:(create,read,delete):type=posix:label=$receiver:$queuename" "$sender:px" "$pipe:rw" -- "image=$sender" "mqueue:(open,write):type=posix:label=$receiver:$queuename" "$pipe:rw"
do_tests "confined $username - mqueue label 2" xpass xpass xpass xpass $usercmd
do_tests "confined $username - mqueue label 2" $labelres $labelres $labelres $labelres $usercmd
# ensure we are cleaned up for next pass
removeprofile