mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-30 05:47:59 +00:00
Code Issues Releases Wiki Activity

Make tcp test support current network syntax, reanable tcp test

Browse Source
This commit is contained in:
Steve Beattie 2011-03-02 05:02:45 -08:00
parent d1789d1469
commit e14c6c39f1
2 changed files with 28 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
tests/regression/apparmor/Makefile
View File

@ -143,6 +143,7 @@ TESTS=access \
setattr \ setattr \
symlink \ symlink \
syscall \ syscall \
tcp \
unix_fd_server \ unix_fd_server \
unlink\ unlink\
xattrs\ xattrs\

41
tests/regression/apparmor/tcp.sh
View File

@ -21,18 +21,37 @@ ip="127.0.0.1"
#badperm1=r #badperm1=r
#badperm2=w #badperm2=w
# PASS TEST - no netdomain rules # PASS TEST - no apparmor rules
genprofile runchecktest "TCP (no apparmor)" pass $port
runchecktest "TCP" pass $port
# PASS TEST - simple # FAIL TEST - no network rules
genprofile tcp_accept: tcp_connect: genprofile
runchecktest "TCP (accept, connect)" pass $port runchecktest "TCP (accept, connect) no network rules" fail $port
# PASS TEST - allow tcp
genprofile network:tcp
runchecktest "TCP (accept, connect) allow tcp" pass $port
# PASS TEST - allow inet
genprofile network:inet
runchecktest "TCP (accept, connect) allow inet" pass $port
# PASS TEST - allow inet stream
genprofile "network:inet stream"
runchecktest "TCP (accept, connect) allow inet stream" pass $port
# PASS TEST - simple / low-numbered port # PASS TEST - simple / low-numbered port
# you damn well better not be running telnet # you damn well better not be running telnet
genprofile tcp_accept: tcp_connect: cap:net_bind_service genprofile network:inet cap:net_bind_service
runchecktest "TCP (accept, connect)" pass 23 runchecktest "TCP (accept, connect) low numbered port/bind cap" pass 23
# FAIL TEST - simple / low-numbered port
# will always fail unless process has net_bind_service capability.
# you damn well better not be running telnetd.
genprofile network:inet
runchecktest "TCP (accept, connect) low numbered port/no bind cap" fail 23
exit 0
# PASS TEST - accept via interface # PASS TEST - accept via interface
genprofile tcp_accept:via:lo tcp_connect: genprofile tcp_accept:via:lo tcp_connect:
@ -62,12 +81,6 @@ runchecktest "TCP (accept, connect)" pass $port
genprofile tcp_accept:to:127.0.0.0/255.255.192.0::${port} tcp_connect: genprofile tcp_accept:to:127.0.0.0/255.255.192.0::${port} tcp_connect:
runchecktest "TCP (accept, connect)" pass $port runchecktest "TCP (accept, connect)" pass $port
# FAIL TEST - simple / low-numbered port
# will always fail unless process has net_bind_service capability.
# you damn well better not be running telnetd.
genprofile tcp_accept: tcp_connect:
runchecktest "TCP (accept, connect, port 23)" fail 23
# PASS TEST - simple / low-numbered port # PASS TEST - simple / low-numbered port
# will always fail unless process has net_bind_service capability. # will always fail unless process has net_bind_service capability.
# you damn well better not be running telnetd. # you damn well better not be running telnetd.