mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-29 05:17:59 +00:00
Code Issues Releases Wiki Activity

regression tests: add FIPS-140-2 lib validation hmac files

Browse Source 
DBus services link against libgcrypt, and thus when libgcrypt has had
patches applied to make it FIP 140-2 compliant, the dbus based tests
confined by apparmor need access to the associated library integrity validation
file. Fix this by causing mkprofile to grant read access in all
generated profiles by default.

Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
Bug: https://bugs.launchpad.net/bugs/1891664
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/595
This commit is contained in:
Steve Beattie 2020-08-24 22:46:08 -07:00
parent e463f9ad44
commit ec62254b04
No known key found for this signature in database
GPG Key ID: 2F099E8D005E81F4
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
tests/regression/apparmor/mkprofile.pl
View File

@ -101,6 +101,10 @@ sub gen_default_rules() {
# give every profile access to /dev/urandom (propolice, etc.)
gen_file("/dev/urandom:r");
# give every profile access to FIPS hmac files in /lib and /usr/lib
gen_file("/{usr/,}lib{,32,64}/.lib*.so*.hmac:r");
gen_file("/{usr/,}lib/{,**/}.lib*.so*.hmac:r");
}
sub gen_elf_binary($) {