mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-02 15:25:27 +00:00
Code Issues Releases Wiki Activity

usr merge fixups

Browse Source 
Debian and Ubuntu have releases coming out with usr-merge in place. For
these systems, /bin and /sbin are symlinks to their respective /usr
directories. This breaks a few tests in the python utils and in the
regression tests. This patch series fixes them, mostly by performing
realpath() calls when necessary. For the ptrace regression test,
it copies the called /bin/true binary into the created temporary
directory and executes it from there. (Good for other reasons, too.)

(cherry picked from commit b4ab8476e4)
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
MR: https://gitlab.com/apparmor/apparmor/merge_requests/331
This commit is contained in:
Steve Beattie
2019-02-13 16:57:52 +00:00
committed by Steve Beattie
parent 6fd3abe214
commit f75ec6fef6
6 changed files with 316 additions and 313 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tests/regression/apparmor/mkprofile.pl
View File

@@ -132,10 +132,10 @@ sub gen_binary($) {
my $hashbang = head($bin); my $hashbang = head($bin);
if ($hashbang && $hashbang =~ /^#!\s*(\S+)/) { if ($hashbang && $hashbang =~ /^#!\s*(\S+)/) {
my $interpreter = $1; my $interpreter = $1;
gen_file("$interpreter:rix"); gen_file(realpath($interpreter) . ":rix");
gen_elf_binary($interpreter); gen_elf_binary($interpreter);
} else { } else {
gen_elf_binary($bin) gen_elf_binary(realpath($bin))
} }
} }

21
tests/regression/apparmor/ptrace.sh
View File

@@ -30,26 +30,29 @@ bin=$pwd
helper=$pwd/ptrace_helper helper=$pwd/ptrace_helper
bin_true=${tmpdir}/true
cp -pL /bin/true ${tmpdir}/true
# -n number of syscalls to perform # -n number of syscalls to perform
# -c have the child call ptrace_me, else parent does ptrace_attach # -c have the child call ptrace_me, else parent does ptrace_attach
# -h transition child to ptrace_helper before doing ptrace (used to test # -h transition child to ptrace_helper before doing ptrace (used to test
# x transitions with ptrace) # x transitions with ptrace)
# test base line of unconfined tracing unconfined # test base line of unconfined tracing unconfined
runchecktest "test 1" pass -n 100 /bin/true runchecktest "test 1" pass -n 100 ${bin_true}
runchecktest "test 1 -c" pass -c -n 100 /bin/true runchecktest "test 1 -c" pass -c -n 100 ${bin_true}
runchecktest "test 1 -h" pass -h -n 100 $helper runchecktest "test 1 -h" pass -h -n 100 $helper
runchecktest "test 1 -hc" pass -h -c -n 100 $helper runchecktest "test 1 -hc" pass -h -c -n 100 $helper
runchecktest "test 1 -h prog" pass -h -n 100 $helper /bin/true runchecktest "test 1 -h prog" pass -h -n 100 $helper ${bin_true}
runchecktest "test 1 -hc prog" pass -h -c -n 100 $helper /bin/true runchecktest "test 1 -hc prog" pass -h -c -n 100 $helper ${bin_true}
# test that unconfined can ptrace before profile attaches # test that unconfined can ptrace before profile attaches
genprofile image=/bin/true signal:ALL genprofile image=${bin_true} signal:ALL
runchecktest "test 2" pass -n 100 /bin/true runchecktest "test 2" pass -n 100 ${bin_true}
runchecktest "test 2 -c" pass -c -n 100 /bin/true runchecktest "test 2 -c" pass -c -n 100 ${bin_true}
runchecktest "test 2 -h" pass -h -n 100 $helper runchecktest "test 2 -h" pass -h -n 100 $helper
runchecktest "test 2 -hc" pass -h -c -n 100 $helper runchecktest "test 2 -hc" pass -h -c -n 100 $helper
runchecktest "test 2 -h prog" pass -h -n 100 $helper /bin/true runchecktest "test 2 -h prog" pass -h -n 100 $helper ${bin_true}
runchecktest "test 2 -hc prog" pass -h -c -n 100 $helper /bin/true runchecktest "test 2 -hc prog" pass -h -c -n 100 $helper ${bin_true}
if [ "$(kernel_features ptrace)" == "true" -a "$(parser_supports 'ptrace,')" == "true" ] ; then if [ "$(kernel_features ptrace)" == "true" -a "$(parser_supports 'ptrace,')" == "true" ] ; then

118
tests/regression/apparmor/ptrace_v5.inc
View File

@@ -13,133 +13,133 @@
genprofile image=$helper genprofile image=$helper
runchecktest "test 3 -h" pass -h -n 100 $helper runchecktest "test 3 -h" pass -h -n 100 $helper
runchecktest "test 3 -hc " pass -h -c -n 100 $helper runchecktest "test 3 -hc " pass -h -c -n 100 $helper
# can't exec /bin/true so fail # can't exec ${bin_true} so fail
runchecktest "test 3 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 3 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 3 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 3 -hc prog" fail -h -c -n 100 $helper ${bin_true}
# lack of 'r' perm is currently not working # lack of 'r' perm is currently not working
genprofile image=$helper $helper:ix genprofile image=$helper $helper:ix
runchecktest "test 4 -h" pass -h -n 100 $helper runchecktest "test 4 -h" pass -h -n 100 $helper
runchecktest "test 4 -hc " pass -h -c -n 100 $helper runchecktest "test 4 -hc " pass -h -c -n 100 $helper
# can't exec /bin/true so fail # can't exec ${bin_true} so fail
runchecktest "test 4 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 4 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 4 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 4 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile image=$helper $helper:rix genprofile image=$helper $helper:rix
runchecktest "test 5 -h" pass -h -n 100 $helper runchecktest "test 5 -h" pass -h -n 100 $helper
runchecktest "test 5 -hc " pass -h -c -n 100 $helper runchecktest "test 5 -hc " pass -h -c -n 100 $helper
# can't exec /bin/true so fail # can't exec ${bin_true} so fail
runchecktest "test 5 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 5 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 5 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 5 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile image=$helper $helper:ix /bin/true:rix genprofile image=$helper $helper:ix ${bin_true}:rix
runchecktest "test 6 -h" pass -h -n 100 $helper runchecktest "test 6 -h" pass -h -n 100 $helper
runchecktest "test 6 -hc " pass -h -c -n 100 $helper runchecktest "test 6 -hc " pass -h -c -n 100 $helper
runchecktest "test 6 -h prog" pass -h -n 100 $helper /bin/true runchecktest "test 6 -h prog" pass -h -n 100 $helper ${bin_true}
runchecktest "test 6 -hc prog" pass -h -c -n 100 $helper /bin/true runchecktest "test 6 -hc prog" pass -h -c -n 100 $helper ${bin_true}
#traced child can ptrace_me to unconfined have unconfined trace them #traced child can ptrace_me to unconfined have unconfined trace them
genprofile image=/bin/true genprofile image=${bin_true}
runchecktest "test 7" pass -n 100 /bin/true runchecktest "test 7" pass -n 100 ${bin_true}
# pass - ptrace_attach is done in unconfined helper # pass - ptrace_attach is done in unconfined helper
runchecktest "test 7 -c " pass -c -n 100 /bin/true runchecktest "test 7 -c " pass -c -n 100 ${bin_true}
runchecktest "test 7 -h" pass -h -n 100 $helper runchecktest "test 7 -h" pass -h -n 100 $helper
# pass - ptrace_attach is done in unconfined helper # pass - ptrace_attach is done in unconfined helper
runchecktest "test 7 -hc " pass -h -c -n 100 $helper runchecktest "test 7 -hc " pass -h -c -n 100 $helper
runchecktest "test 7 -h prog" pass -h -n 100 $helper /bin/true runchecktest "test 7 -h prog" pass -h -n 100 $helper ${bin_true}
runchecktest "test 7 -hc prog" pass -h -c -n 100 $helper /bin/true runchecktest "test 7 -hc prog" pass -h -c -n 100 $helper ${bin_true}
genprofile image=$helper $helper:ix /bin/true:rix genprofile image=$helper $helper:ix ${bin_true}:rix
runchecktest "test 7a" pass -n 100 /bin/true runchecktest "test 7a" pass -n 100 ${bin_true}
# pass - ptrace_attach is allowed from confined process to unconfined # pass - ptrace_attach is allowed from confined process to unconfined
runchecktest "test 7a -c " pass -c -n 100 /bin/true runchecktest "test 7a -c " pass -c -n 100 ${bin_true}
runchecktest "test 7a -h" pass -h -n 100 $helper runchecktest "test 7a -h" pass -h -n 100 $helper
# pass - ptrace_attach is allowed from confined process to unconfined # pass - ptrace_attach is allowed from confined process to unconfined
runchecktest "test 7a -hc " pass -h -c -n 100 $helper runchecktest "test 7a -hc " pass -h -c -n 100 $helper
runchecktest "test 7a -h prog" pass -h -n 100 $helper /bin/true runchecktest "test 7a -h prog" pass -h -n 100 $helper ${bin_true}
runchecktest "test 7a -hc prog" pass -h -c -n 100 $helper /bin/true runchecktest "test 7a -hc prog" pass -h -c -n 100 $helper ${bin_true}
#traced helper from unconfined #traced helper from unconfined
genprofile image=$helper $helper:ix /bin/true:rpx -- image=/bin/true genprofile image=$helper $helper:ix ${bin_true}:rpx -- image=${bin_true}
runchecktest "test 8" pass -n 100 /bin/true runchecktest "test 8" pass -n 100 ${bin_true}
# pass - ptrace_attach is done before exec # pass - ptrace_attach is done before exec
runchecktest "test 8 -c " pass -c -n 100 /bin/true runchecktest "test 8 -c " pass -c -n 100 ${bin_true}
runchecktest "test 8 -h" pass -h -n 100 $helper runchecktest "test 8 -h" pass -h -n 100 $helper
runchecktest "test 8 -hc " pass -h -c -n 100 $helper runchecktest "test 8 -hc " pass -h -c -n 100 $helper
# pass - can px if tracer can ptrace target # pass - can px if tracer can ptrace target
runchecktest "test 8 -h prog" pass -h -n 100 $helper /bin/true runchecktest "test 8 -h prog" pass -h -n 100 $helper ${bin_true}
runchecktest "test 8 -hc prog" pass -h -c -n 100 $helper /bin/true runchecktest "test 8 -hc prog" pass -h -c -n 100 $helper ${bin_true}
#traced helper from unconfined #traced helper from unconfined
genprofile image=$helper $helper:ix /bin/true:rux -- image=/bin/true genprofile image=$helper $helper:ix ${bin_true}:rux -- image=${bin_true}
runchecktest "test 9" pass -n 100 /bin/true runchecktest "test 9" pass -n 100 ${bin_true}
# pass - ptrace_attach is done before exec # pass - ptrace_attach is done before exec
runchecktest "test 9 -c " pass -c -n 100 /bin/true runchecktest "test 9 -c " pass -c -n 100 ${bin_true}
runchecktest "test 9 -h" pass -h -n 100 $helper runchecktest "test 9 -h" pass -h -n 100 $helper
runchecktest "test 9 -hc " pass -h -c -n 100 $helper runchecktest "test 9 -hc " pass -h -c -n 100 $helper
# pass - can ux if tracer can ptrace target # pass - can ux if tracer can ptrace target
runchecktest "test 9 -h prog" pass -h -n 100 $helper /bin/true runchecktest "test 9 -h prog" pass -h -n 100 $helper ${bin_true}
runchecktest "test 9 -hc prog" pass -h -c -n 100 $helper /bin/true runchecktest "test 9 -hc prog" pass -h -c -n 100 $helper ${bin_true}
genprofile genprofile
# fail due to no exec permission # fail due to no exec permission
runchecktest "test 10" fail -n 100 /bin/true runchecktest "test 10" fail -n 100 ${bin_true}
runchecktest "test 10 -c" fail -c -n 100 /bin/true runchecktest "test 10 -c" fail -c -n 100 ${bin_true}
runchecktest "test 10 -h" fail -h -n 100 $helper runchecktest "test 10 -h" fail -h -n 100 $helper
runchecktest "test 10 -hc" fail -h -c -n 100 $helper runchecktest "test 10 -hc" fail -h -c -n 100 $helper
runchecktest "test 10 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 10 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 10 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 10 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:ix $helper:ix genprofile ${bin_true}:ix $helper:ix
# fail due to missing r permission # fail due to missing r permission
#runchecktest "test 11" fail -n 100 /bin/true #runchecktest "test 11" fail -n 100 ${bin_true}
#runchecktest "test 11 -c" fail -c -n 100 /bin/true #runchecktest "test 11 -c" fail -c -n 100 ${bin_true}
#runchecktest "test 11 -h" fail -h -n 100 $helper #runchecktest "test 11 -h" fail -h -n 100 $helper
#runchecktest "test 11 -hc" fail -h -c -n 100 $helper #runchecktest "test 11 -hc" fail -h -c -n 100 $helper
#runchecktest "test 11 -h prog" fail -h -n 100 $helper /bin/true #runchecktest "test 11 -h prog" fail -h -n 100 $helper ${bin_true}
#runchecktest "test 11 -hc prog" fail -h -c -n 100 $helper /bin/true #runchecktest "test 11 -hc prog" fail -h -c -n 100 $helper ${bin_true}
# pass allowed to ix self # pass allowed to ix self
genprofile /bin/true:rix $helper:rix genprofile ${bin_true}:rix $helper:rix
runchecktest "test 12" pass -n 100 /bin/true runchecktest "test 12" pass -n 100 ${bin_true}
runchecktest "test 12 -c" pass -c -n 100 /bin/true runchecktest "test 12 -c" pass -c -n 100 ${bin_true}
runchecktest "test 12 -h" pass -h -n 100 $helper runchecktest "test 12 -h" pass -h -n 100 $helper
runchecktest "test 12 -hc" pass -h -c -n 100 $helper runchecktest "test 12 -hc" pass -h -c -n 100 $helper
runchecktest "test 12 -h prog" pass -h -n 100 $helper /bin/true runchecktest "test 12 -h prog" pass -h -n 100 $helper ${bin_true}
runchecktest "test 12 -hc prog" pass -h -c -n 100 $helper /bin/true runchecktest "test 12 -hc prog" pass -h -c -n 100 $helper ${bin_true}
#ptraced confined app can't px - fails to unset profile #ptraced confined app can't px - fails to unset profile
genprofile image=$helper $helper:rix /bin/true:rpx genprofile image=$helper $helper:rix ${bin_true}:rpx
runchecktest "test 13 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13 -hc prog" fail -h -c -n 100 $helper ${bin_true}
#ptraced confined app can ux - if the tracer is unconfined #ptraced confined app can ux - if the tracer is unconfined
# #
genprofile image=$helper $helper:rix /bin/true:rux genprofile image=$helper $helper:rix ${bin_true}:rux
runchecktest "test 14a -h prog" pass -h -n 100 $helper /bin/true runchecktest "test 14a -h prog" pass -h -n 100 $helper ${bin_true}
runchecktest "test 14a -hc prog" pass -h -c -n 100 $helper /bin/true runchecktest "test 14a -hc prog" pass -h -c -n 100 $helper ${bin_true}
#ptraced confined app can't ux - if the tracer can't trace unconfined #ptraced confined app can't ux - if the tracer can't trace unconfined
genprofile $helper:rpx -- image=$helper $helper:rix /bin/true:rux genprofile $helper:rpx -- image=$helper $helper:rix ${bin_true}:rux
runchecktest "test 14b -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 14b -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 14b -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 14b -hc prog" fail -h -c -n 100 $helper ${bin_true}
#confined app can't ptrace an unconfined app #confined app can't ptrace an unconfined app
genprofile $helper:rux genprofile $helper:rux
runchecktest "test 15 -h" fail -h -n 100 $helper runchecktest "test 15 -h" fail -h -n 100 $helper
runchecktest "test 15 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 15 -h prog" fail -h -n 100 $helper ${bin_true}
#an unconfined app can't ask a confined app to trace it #an unconfined app can't ask a confined app to trace it
runchecktest "test 15 -hc" fail -h -c -n 100 $helper runchecktest "test 15 -hc" fail -h -c -n 100 $helper
runchecktest "test 15 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 15 -hc prog" fail -h -c -n 100 $helper ${bin_true}
#confined app can't ptrace an app confined by a different profile #confined app can't ptrace an app confined by a different profile
genprofile $helper:rpx -- image=$helper genprofile $helper:rpx -- image=$helper
runchecktest "test 15 -h" fail -h -n 100 $helper runchecktest "test 15 -h" fail -h -n 100 $helper
runchecktest "test 15 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 15 -h prog" fail -h -n 100 $helper ${bin_true}
#a confined app can't ask another confined app with a different profile to #a confined app can't ask another confined app with a different profile to
#trace it #trace it
runchecktest "test 15 -hc" fail -h -c -n 100 $helper runchecktest "test 15 -hc" fail -h -c -n 100 $helper
runchecktest "test 15 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 15 -hc prog" fail -h -c -n 100 $helper ${bin_true}

474
tests/regression/apparmor/ptrace_v6.inc
View File

@@ -25,186 +25,186 @@ genprofile image=$helper signal:ALL ptrace:tracedby:peer=unconfined
runchecktest "test 3 -h" pass -h -n 100 $helper runchecktest "test 3 -h" pass -h -n 100 $helper
runchecktest "test 3 -hc " pass -h -c -n 100 $helper runchecktest "test 3 -hc " pass -h -c -n 100 $helper
# can't exec /bin/true so fail # can't exec ${bin_true} so fail
runchecktest "test 3 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 3 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 3 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 3 -hc prog" fail -h -c -n 100 $helper ${bin_true}
# lack of 'r' perm is currently not working # lack of 'r' perm is currently not working
genprofile image=$helper $helper:ix signal:ALL genprofile image=$helper $helper:ix signal:ALL
runchecktest "test 4 -h" pass -h -n 100 $helper runchecktest "test 4 -h" pass -h -n 100 $helper
runchecktest "test 4 -hc " pass -h -c -n 100 $helper runchecktest "test 4 -hc " pass -h -c -n 100 $helper
# can't exec /bin/true so fail # can't exec ${bin_true} so fail
runchecktest "test 4 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 4 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 4 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 4 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile image=$helper $helper:rix signal:ALL genprofile image=$helper $helper:rix signal:ALL
runchecktest "test 5 -h" pass -h -n 100 $helper runchecktest "test 5 -h" pass -h -n 100 $helper
runchecktest "test 5 -hc " pass -h -c -n 100 $helper runchecktest "test 5 -hc " pass -h -c -n 100 $helper
# can't exec /bin/true so fail # can't exec ${bin_true} so fail
runchecktest "test 5 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 5 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 5 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 5 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile image=$helper $helper:ix /bin/true:rix signal:ALL genprofile image=$helper $helper:ix ${bin_true}:rix signal:ALL
runchecktest "test 6 -h" pass -h -n 100 $helper runchecktest "test 6 -h" pass -h -n 100 $helper
runchecktest "test 6 -hc " pass -h -c -n 100 $helper runchecktest "test 6 -hc " pass -h -c -n 100 $helper
runchecktest "test 6 -h prog" pass -h -n 100 $helper /bin/true runchecktest "test 6 -h prog" pass -h -n 100 $helper ${bin_true}
runchecktest "test 6 -hc prog" pass -h -c -n 100 $helper /bin/true runchecktest "test 6 -hc prog" pass -h -c -n 100 $helper ${bin_true}
#traced child can ptrace_me to unconfined have unconfined trace them #traced child can ptrace_me to unconfined have unconfined trace them
genprofile image=/bin/true signal:ALL genprofile image=${bin_true} signal:ALL
runchecktest "test 7" pass -n 100 /bin/true runchecktest "test 7" pass -n 100 ${bin_true}
# pass - ptrace_attach is done in unconfined helper # pass - ptrace_attach is done in unconfined helper
runchecktest "test 7 -c " pass -c -n 100 /bin/true runchecktest "test 7 -c " pass -c -n 100 ${bin_true}
runchecktest "test 7 -h" pass -h -n 100 $helper runchecktest "test 7 -h" pass -h -n 100 $helper
# pass - ptrace_attach is done in unconfined helper # pass - ptrace_attach is done in unconfined helper
runchecktest "test 7 -hc " pass -h -c -n 100 $helper runchecktest "test 7 -hc " pass -h -c -n 100 $helper
runchecktest "test 7 -h prog" pass -h -n 100 $helper /bin/true runchecktest "test 7 -h prog" pass -h -n 100 $helper ${bin_true}
runchecktest "test 7 -hc prog" pass -h -c -n 100 $helper /bin/true runchecktest "test 7 -hc prog" pass -h -c -n 100 $helper ${bin_true}
genprofile image=$helper $helper:ix /bin/true:rix signal:ALL genprofile image=$helper $helper:ix ${bin_true}:rix signal:ALL
runchecktest "test 7a" pass -n 100 /bin/true runchecktest "test 7a" pass -n 100 ${bin_true}
# pass - ptrace_attach is allowed from confined process to unconfined # pass - ptrace_attach is allowed from confined process to unconfined
runchecktest "test 7a -c " pass -c -n 100 /bin/true runchecktest "test 7a -c " pass -c -n 100 ${bin_true}
runchecktest "test 7a -h" pass -h -n 100 $helper runchecktest "test 7a -h" pass -h -n 100 $helper
# pass - ptrace_attach is allowed from confined process to unconfined # pass - ptrace_attach is allowed from confined process to unconfined
runchecktest "test 7a -hc " pass -h -c -n 100 $helper runchecktest "test 7a -hc " pass -h -c -n 100 $helper
runchecktest "test 7a -h prog" pass -h -n 100 $helper /bin/true runchecktest "test 7a -h prog" pass -h -n 100 $helper ${bin_true}
runchecktest "test 7a -hc prog" pass -h -c -n 100 $helper /bin/true runchecktest "test 7a -hc prog" pass -h -c -n 100 $helper ${bin_true}
#traced helper from unconfined #traced helper from unconfined
genprofile image=$helper $helper:ix /bin/true:rpx signal:ALL -- image=/bin/true signal:ALL genprofile image=$helper $helper:ix ${bin_true}:rpx signal:ALL -- image=${bin_true} signal:ALL
runchecktest "test 8" pass -n 100 /bin/true runchecktest "test 8" pass -n 100 ${bin_true}
# pass - ptrace_attach is done before exec # pass - ptrace_attach is done before exec
runchecktest "test 8 -c " pass -c -n 100 /bin/true runchecktest "test 8 -c " pass -c -n 100 ${bin_true}
runchecktest "test 8 -h" pass -h -n 100 $helper runchecktest "test 8 -h" pass -h -n 100 $helper
runchecktest "test 8 -hc " pass -h -c -n 100 $helper runchecktest "test 8 -hc " pass -h -c -n 100 $helper
# pass - can px if tracer can ptrace target # pass - can px if tracer can ptrace target
runchecktest "test 8 -h prog" pass -h -n 100 $helper /bin/true runchecktest "test 8 -h prog" pass -h -n 100 $helper ${bin_true}
runchecktest "test 8 -hc prog" pass -h -c -n 100 $helper /bin/true runchecktest "test 8 -hc prog" pass -h -c -n 100 $helper ${bin_true}
#traced helper from unconfined #traced helper from unconfined
genprofile image=$helper $helper:ix /bin/true:rux signal:ALL -- image=/bin/true signal:ALL genprofile image=$helper $helper:ix ${bin_true}:rux signal:ALL -- image=${bin_true} signal:ALL
runchecktest "test 9" pass -n 100 /bin/true runchecktest "test 9" pass -n 100 ${bin_true}
# pass - ptrace_attach is done before exec # pass - ptrace_attach is done before exec
runchecktest "test 9 -c " pass -c -n 100 /bin/true runchecktest "test 9 -c " pass -c -n 100 ${bin_true}
runchecktest "test 9 -h" pass -h -n 100 $helper runchecktest "test 9 -h" pass -h -n 100 $helper
runchecktest "test 9 -hc " pass -h -c -n 100 $helper runchecktest "test 9 -hc " pass -h -c -n 100 $helper
# pass - can ux if tracer can ptrace target # pass - can ux if tracer can ptrace target
runchecktest "test 9 -h prog" pass -h -n 100 $helper /bin/true runchecktest "test 9 -h prog" pass -h -n 100 $helper ${bin_true}
runchecktest "test 9 -hc prog" pass -h -c -n 100 $helper /bin/true runchecktest "test 9 -hc prog" pass -h -c -n 100 $helper ${bin_true}
genprofile signal:ALL genprofile signal:ALL
# fail due to no exec permission # fail due to no exec permission
runchecktest "test 10" fail -n 100 /bin/true runchecktest "test 10" fail -n 100 ${bin_true}
runchecktest "test 10 -c" fail -c -n 100 /bin/true runchecktest "test 10 -c" fail -c -n 100 ${bin_true}
runchecktest "test 10 -h" fail -h -n 100 $helper runchecktest "test 10 -h" fail -h -n 100 $helper
runchecktest "test 10 -hc" fail -h -c -n 100 $helper runchecktest "test 10 -hc" fail -h -c -n 100 $helper
runchecktest "test 10 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 10 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 10 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 10 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:ix $helper:ix signal:ALL genprofile ${bin_true}:ix $helper:ix signal:ALL
# fail due to missing r permission # fail due to missing r permission
#runchecktest "test 11" fail -n 100 /bin/true #runchecktest "test 11" fail -n 100 ${bin_true}
#runchecktest "test 11 -c" fail -c -n 100 /bin/true #runchecktest "test 11 -c" fail -c -n 100 ${bin_true}
#runchecktest "test 11 -h" fail -h -n 100 $helper #runchecktest "test 11 -h" fail -h -n 100 $helper
#runchecktest "test 11 -hc" fail -h -c -n 100 $helper #runchecktest "test 11 -hc" fail -h -c -n 100 $helper
#runchecktest "test 11 -h prog" fail -h -n 100 $helper /bin/true #runchecktest "test 11 -h prog" fail -h -n 100 $helper ${bin_true}
#runchecktest "test 11 -hc prog" fail -h -c -n 100 $helper /bin/true #runchecktest "test 11 -hc prog" fail -h -c -n 100 $helper ${bin_true}
# fail was pass in v5 allowed to ix self # fail was pass in v5 allowed to ix self
genprofile /bin/true:rix $helper:rix signal:ALL genprofile ${bin_true}:rix $helper:rix signal:ALL
runchecktest "test 12" fail -n 100 /bin/true runchecktest "test 12" fail -n 100 ${bin_true}
runchecktest "test 12 -c" fail -c -n 100 /bin/true runchecktest "test 12 -c" fail -c -n 100 ${bin_true}
runchecktest "test 12 -h" fail -h -n 100 $helper runchecktest "test 12 -h" fail -h -n 100 $helper
runchecktest "test 12 -hc" fail -h -c -n 100 $helper runchecktest "test 12 -hc" fail -h -c -n 100 $helper
runchecktest "test 12 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 12 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 12 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 12 -hc prog" fail -h -c -n 100 $helper ${bin_true}
#ptraced confined app traced by unconfined can px #ptraced confined app traced by unconfined can px
genprofile image=$helper $helper:rix /bin/true:rpx signal:ALL -- image=/bin/true /bin/true:rix genprofile image=$helper $helper:rix ${bin_true}:rpx signal:ALL -- image=${bin_true} ${bin_true}:rix
runchecktest "test 13u -h prog" pass -h -n 100 $helper /bin/true runchecktest "test 13u -h prog" pass -h -n 100 $helper ${bin_true}
runchecktest "test 13u -hc prog" pass -h -c -n 100 $helper /bin/true runchecktest "test 13u -hc prog" pass -h -c -n 100 $helper ${bin_true}
#ptraced confined app traced by profile without ptrace on targeted can't px #ptraced confined app traced by profile without ptrace on targeted can't px
genprofile /bin/true:rpx signal:ALL -- image=/bin/true /bin/true:rix genprofile ${bin_true}:rpx signal:ALL -- image=${bin_true} ${bin_true}:rix
runchecktest "test 13 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13 -hc prog" fail -h -c -n 100 $helper ${bin_true}
#ptraced confined app can ux - if the tracer is unconfined #ptraced confined app can ux - if the tracer is unconfined
# #
genprofile image=$helper $helper:rix /bin/true:rux signal:ALL genprofile image=$helper $helper:rix ${bin_true}:rux signal:ALL
runchecktest "test 14a -h prog" pass -h -n 100 $helper /bin/true runchecktest "test 14a -h prog" pass -h -n 100 $helper ${bin_true}
runchecktest "test 14a -hc prog" pass -h -c -n 100 $helper /bin/true runchecktest "test 14a -hc prog" pass -h -c -n 100 $helper ${bin_true}
#ptraced confined app can't ux - if the tracer can't trace unconfined #ptraced confined app can't ux - if the tracer can't trace unconfined
genprofile $helper:rpx signal:ALL -- image=$helper $helper:rix /bin/true:rux signal:ALL genprofile $helper:rpx signal:ALL -- image=$helper $helper:rix ${bin_true}:rux signal:ALL
runchecktest "test 14b -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 14b -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 14b -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 14b -hc prog" fail -h -c -n 100 $helper ${bin_true}
#confined app can't ptrace an unconfined app #confined app can't ptrace an unconfined app
genprofile $helper:rux signal:ALL genprofile $helper:rux signal:ALL
runchecktest "test 15 -h" fail -h -n 100 $helper runchecktest "test 15 -h" fail -h -n 100 $helper
runchecktest "test 15 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 15 -h prog" fail -h -n 100 $helper ${bin_true}
#an unconfined app can't ask a confined app to trace it #an unconfined app can't ask a confined app to trace it
runchecktest "test 15 -hc" fail -h -c -n 100 $helper runchecktest "test 15 -hc" fail -h -c -n 100 $helper
runchecktest "test 15 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 15 -hc prog" fail -h -c -n 100 $helper ${bin_true}
#confined app can't ptrace an app confined by a different profile #confined app can't ptrace an app confined by a different profile
genprofile $helper:rpx signal:ALL -- image=$helper signal:ALL genprofile $helper:rpx signal:ALL -- image=$helper signal:ALL
runchecktest "test 15 -h" fail -h -n 100 $helper runchecktest "test 15 -h" fail -h -n 100 $helper
runchecktest "test 15 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 15 -h prog" fail -h -n 100 $helper ${bin_true}
#a confined app can't ask another confined app with a different profile to #a confined app can't ask another confined app with a different profile to
#trace it #trace it
runchecktest "test 15 -hc" fail -h -c -n 100 $helper runchecktest "test 15 -hc" fail -h -c -n 100 $helper
runchecktest "test 15 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 15 -hc prog" fail -h -c -n 100 $helper ${bin_true}
################### cap:sys_ptrace doesn't change results from above ########################## ################### cap:sys_ptrace doesn't change results from above ##########################
# fail was pass in v5 allowed to ix self # fail was pass in v5 allowed to ix self
genprofile /bin/true:rix $helper:rix signal:ALL cap:sys_ptrace genprofile ${bin_true}:rix $helper:rix signal:ALL cap:sys_ptrace
runchecktest "test 12c" fail -n 100 /bin/true runchecktest "test 12c" fail -n 100 ${bin_true}
runchecktest "test 12c -c" fail -c -n 100 /bin/true runchecktest "test 12c -c" fail -c -n 100 ${bin_true}
runchecktest "test 12c -h" fail -h -n 100 $helper runchecktest "test 12c -h" fail -h -n 100 $helper
runchecktest "test 12c -hc" fail -h -c -n 100 $helper runchecktest "test 12c -hc" fail -h -c -n 100 $helper
runchecktest "test 12c -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 12c -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 12c -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 12c -hc prog" fail -h -c -n 100 $helper ${bin_true}
#ptraced confined app traced by unconfined can px #ptraced confined app traced by unconfined can px
genprofile image=$helper $helper:rix /bin/true:rpx signal:ALL cap:sys_ptrace -- image=/bin/true /bin/true:rix cap:sys_ptrace genprofile image=$helper $helper:rix ${bin_true}:rpx signal:ALL cap:sys_ptrace -- image=${bin_true} ${bin_true}:rix cap:sys_ptrace
runchecktest "test 13cu -h prog" pass -h -n 100 $helper /bin/true runchecktest "test 13cu -h prog" pass -h -n 100 $helper ${bin_true}
runchecktest "test 13cu -hc prog" pass -h -c -n 100 $helper /bin/true runchecktest "test 13cu -hc prog" pass -h -c -n 100 $helper ${bin_true}
#ptraced confined app traced by profile without ptrace on targeted can't px #ptraced confined app traced by profile without ptrace on targeted can't px
genprofile /bin/true:rpx signal:ALL cap:sys_ptrace -- image=/bin/true /bin/true:rix cap:sys_ptrace genprofile ${bin_true}:rpx signal:ALL cap:sys_ptrace -- image=${bin_true} ${bin_true}:rix cap:sys_ptrace
runchecktest "test 13c -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13c -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13c -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13c -hc prog" fail -h -c -n 100 $helper ${bin_true}
#ptraced confined app can ux - if the tracer is unconfined #ptraced confined app can ux - if the tracer is unconfined
# #
genprofile image=$helper $helper:rix /bin/true:rux signal:ALL cap:sys_ptrace genprofile image=$helper $helper:rix ${bin_true}:rux signal:ALL cap:sys_ptrace
runchecktest "test 14ca -h prog" pass -h -n 100 $helper /bin/true runchecktest "test 14ca -h prog" pass -h -n 100 $helper ${bin_true}
runchecktest "test 14ca -hc prog" pass -h -c -n 100 $helper /bin/true runchecktest "test 14ca -hc prog" pass -h -c -n 100 $helper ${bin_true}
#ptraced confined app can't ux - if the tracer can't trace unconfined #ptraced confined app can't ux - if the tracer can't trace unconfined
genprofile $helper:rpx signal:ALL -- image=$helper $helper:rix /bin/true:rux signal:ALL genprofile $helper:rpx signal:ALL -- image=$helper $helper:rix ${bin_true}:rux signal:ALL
runchecktest "test 14cb -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 14cb -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 14cb -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 14cb -hc prog" fail -h -c -n 100 $helper ${bin_true}
#confined app can't ptrace an unconfined app #confined app can't ptrace an unconfined app
genprofile $helper:rux signal:ALL cap:sys_ptrace genprofile $helper:rux signal:ALL cap:sys_ptrace
runchecktest "test 15c -h" fail -h -n 100 $helper runchecktest "test 15c -h" fail -h -n 100 $helper
runchecktest "test 15c -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 15c -h prog" fail -h -n 100 $helper ${bin_true}
#an unconfined app can't ask a confined app to trace it #an unconfined app can't ask a confined app to trace it
runchecktest "test 15c -hc" fail -h -c -n 100 $helper runchecktest "test 15c -hc" fail -h -c -n 100 $helper
runchecktest "test 15c -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 15c -hc prog" fail -h -c -n 100 $helper ${bin_true}
#confined app can't ptrace an app confined by a different profile #confined app can't ptrace an app confined by a different profile
genprofile $helper:rpx signal:ALL cap:sys_ptrace -- image=$helper signal:ALL cap:sys_ptrace genprofile $helper:rpx signal:ALL cap:sys_ptrace -- image=$helper signal:ALL cap:sys_ptrace
runchecktest "test 15c -h" fail -h -n 100 $helper runchecktest "test 15c -h" fail -h -n 100 $helper
runchecktest "test 15c -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 15c -h prog" fail -h -n 100 $helper ${bin_true}
#a confined app can't ask another confined app with a different profile to #a confined app can't ask another confined app with a different profile to
#trace it #trace it
runchecktest "test 15c -hc" fail -h -c -n 100 $helper runchecktest "test 15c -hc" fail -h -c -n 100 $helper
runchecktest "test 15c -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 15c -hc prog" fail -h -c -n 100 $helper ${bin_true}
################################################################################ ################################################################################
@@ -213,163 +213,163 @@ runchecktest "test 15c -hc prog" fail -h -c -n 100 $helper /bin/true
##### Now do tests with ptrace rules in profiles ####### ##### Now do tests with ptrace rules in profiles #######
# pass in v5 allowed to ix self # pass in v5 allowed to ix self
genprofile /bin/true:rix $helper:rix signal:ALL ptrace:ALL genprofile ${bin_true}:rix $helper:rix signal:ALL ptrace:ALL
runchecktest "test 12p" pass -n 100 /bin/true runchecktest "test 12p" pass -n 100 ${bin_true}
runchecktest "test 12p -c" pass -c -n 100 /bin/true runchecktest "test 12p -c" pass -c -n 100 ${bin_true}
runchecktest "test 12p -h" pass -h -n 100 $helper runchecktest "test 12p -h" pass -h -n 100 $helper
runchecktest "test 12p -hc" pass -h -c -n 100 $helper runchecktest "test 12p -hc" pass -h -c -n 100 $helper
runchecktest "test 12p -h prog" pass -h -n 100 $helper /bin/true runchecktest "test 12p -h prog" pass -h -n 100 $helper ${bin_true}
runchecktest "test 12p -hc prog" pass -h -c -n 100 $helper /bin/true runchecktest "test 12p -hc prog" pass -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rix $helper:rix signal:ALL ptrace:peer=$test genprofile ${bin_true}:rix $helper:rix signal:ALL ptrace:peer=$test
runchecktest "test 12p1" pass -n 100 /bin/true runchecktest "test 12p1" pass -n 100 ${bin_true}
runchecktest "test 12p1 -c" pass -c -n 100 /bin/true runchecktest "test 12p1 -c" pass -c -n 100 ${bin_true}
runchecktest "test 12p1 -h" pass -h -n 100 $helper runchecktest "test 12p1 -h" pass -h -n 100 $helper
runchecktest "test 12p1 -hc" pass -h -c -n 100 $helper runchecktest "test 12p1 -hc" pass -h -c -n 100 $helper
runchecktest "test 12p1 -h prog" pass -h -n 100 $helper /bin/true runchecktest "test 12p1 -h prog" pass -h -n 100 $helper ${bin_true}
runchecktest "test 12p1 -hc prog" pass -h -c -n 100 $helper /bin/true runchecktest "test 12p1 -hc prog" pass -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rix $helper:rix signal:ALL ptrace:peer=notaprofile genprofile ${bin_true}:rix $helper:rix signal:ALL ptrace:peer=notaprofile
runchecktest "test 12p2" fail -n 100 /bin/true runchecktest "test 12p2" fail -n 100 ${bin_true}
runchecktest "test 12p2 -c" fail -c -n 100 /bin/true runchecktest "test 12p2 -c" fail -c -n 100 ${bin_true}
runchecktest "test 12p2 -h" fail -h -n 100 $helper runchecktest "test 12p2 -h" fail -h -n 100 $helper
runchecktest "test 12p2 -hc" fail -h -c -n 100 $helper runchecktest "test 12p2 -hc" fail -h -c -n 100 $helper
runchecktest "test 12p2 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 12p2 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 12p2 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 12p2 -hc prog" fail -h -c -n 100 $helper ${bin_true}
#ptraced confined app traced by profile can px #ptraced confined app traced by profile can px
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix
runchecktest "test 13p1 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13p1 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13p2 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13p2 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:tracedby
runchecktest "test 13p3 -h prog" pass -h -n 100 $helper /bin/true runchecktest "test 13p3 -h prog" pass -h -n 100 $helper ${bin_true}
runchecktest "test 13p4 -hc prog" pass -h -c -n 100 $helper /bin/true runchecktest "test 13p4 -hc prog" pass -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=$test genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=$test
runchecktest "test 13p5 -h prog" pass -h -n 100 $helper /bin/true runchecktest "test 13p5 -h prog" pass -h -n 100 $helper ${bin_true}
runchecktest "test 13p6 -hc prog" pass -h -c -n 100 $helper /bin/true runchecktest "test 13p6 -hc prog" pass -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=notaprofile genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=notaprofile
runchecktest "test 13p7 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13p7 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13p8 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13p8 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:trace genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:trace
runchecktest "test 13p9 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13p9 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13pa -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13pa -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:trace:peer=$test genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=$test
runchecktest "test 13pb -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13pb -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13pc -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13pc -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:trace:peer=notaprofile genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=notaprofile
runchecktest "test 13pd -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13pd -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13pe -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13pe -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=/bin/true -- image=/bin/true /bin/true:rix genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix
runchecktest "test 13p11 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13p11 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13p21 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13p21 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:tracedby
runchecktest "test 13p31 -h prog" pass -h -n 100 $helper /bin/true runchecktest "test 13p31 -h prog" pass -h -n 100 $helper ${bin_true}
runchecktest "test 13p41 -hc prog" pass -h -c -n 100 $helper /bin/true runchecktest "test 13p41 -hc prog" pass -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=$test genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=$test
runchecktest "test 13p51 -h prog" pass -h -n 100 $helper /bin/true runchecktest "test 13p51 -h prog" pass -h -n 100 $helper ${bin_true}
runchecktest "test 13p61 -hc prog" pass -h -c -n 100 $helper /bin/true runchecktest "test 13p61 -hc prog" pass -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=notaprofile genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=notaprofile
runchecktest "test 13p71 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13p71 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13p81 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13p81 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:trace genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:trace
runchecktest "test 13p91 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13p91 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13pa1 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13pa1 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:trace:peer=$test genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=$test
runchecktest "test 13pb1 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13pb1 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13pc1 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13pc1 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:trace:peer=notaprofile genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=notaprofile
runchecktest "test 13pd1 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13pd1 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13pe1 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13pe1 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=${bin_true} ${bin_true}:rix
runchecktest "test 13p12 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13p12 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13p22 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13p22 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:tracedby genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=${bin_true} ${bin_true}:rix ptrace:tracedby
runchecktest "test 13p32 -h prog" pass -h -n 100 $helper /bin/true runchecktest "test 13p32 -h prog" pass -h -n 100 $helper ${bin_true}
runchecktest "test 13p42 -hc prog" pass -h -c -n 100 $helper /bin/true runchecktest "test 13p42 -hc prog" pass -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=$test genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=$test
runchecktest "test 13p52 -h prog" pass -h -n 100 $helper /bin/true runchecktest "test 13p52 -h prog" pass -h -n 100 $helper ${bin_true}
runchecktest "test 13p62 -hc prog" pass -h -c -n 100 $helper /bin/true runchecktest "test 13p62 -hc prog" pass -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=notaprofile genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=notaprofile
runchecktest "test 13p72 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13p72 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13p82 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13p82 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:trace genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=${bin_true} ${bin_true}:rix ptrace:trace
runchecktest "test 13p92 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13p92 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13pa2 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13pa2 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:trace:peer=$test genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=$test
runchecktest "test 13pb2 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13pb2 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13pc2 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13pc2 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:trace:peer=notaprofile genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=notaprofile
runchecktest "test 13pd2 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13pd2 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13pe2 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13pe2 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=${bin_true} ${bin_true}:rix
runchecktest "test 13p13 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13p13 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13p23 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13p23 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:tracedby genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=${bin_true} ${bin_true}:rix ptrace:tracedby
runchecktest "test 13p33 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13p33 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13p43 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13p43 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=$test genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=$test
runchecktest "test 13p53 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13p53 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13p63 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13p63 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=notaprofile genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=notaprofile
runchecktest "test 13p73 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13p73 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13p83 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13p83 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:trace genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=${bin_true} ${bin_true}:rix ptrace:trace
runchecktest "test 13p93 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13p93 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13pa3 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13pa3 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:trace:peer=$test genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=$test
runchecktest "test 13pb3 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13pb3 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13pc3 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13pc3 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:trace:peer=notaprofile genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=notaprofile
runchecktest "test 13pd3 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13pd3 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13pe3 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13pe3 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=${bin_true} ${bin_true}:rix
runchecktest "test 13p14 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13p14 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13p24 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13p24 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:tracedby
runchecktest "test 13p34 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13p34 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13p44 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13p44 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=$test genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=$test
runchecktest "test 13p54 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13p54 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13p64 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13p64 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=notaprofile genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=notaprofile
runchecktest "test 13p74 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13p74 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13p84 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13p84 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:trace genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:trace
runchecktest "test 13p94 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13p94 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13pa4 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13pa4 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:trace:peer=$test genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=$test
runchecktest "test 13pb4 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13pb4 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13pc4 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13pc4 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:trace:peer=notaprofile genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=notaprofile
runchecktest "test 13pd4 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13pd4 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13pe4 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13pe4 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=${bin_true} ${bin_true}:rix
runchecktest "test 13p15 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13p15 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13p25 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13p25 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:tracedby
runchecktest "test 13p35 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13p35 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13p45 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13p45 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=$test genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=$test
runchecktest "test 13p55 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13p55 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13p65 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13p65 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=notaprofile genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=notaprofile
runchecktest "test 13p75 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13p75 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13p85 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13p85 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:trace genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:trace
runchecktest "test 13p95 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13p95 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13pa5 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13pa5 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:trace:peer=$test genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=$test
runchecktest "test 13pb5 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13pb5 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13pc5 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13pc5 -hc prog" fail -h -c -n 100 $helper ${bin_true}
genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:trace:peer=notaprofile genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=notaprofile
runchecktest "test 13pd5 -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 13pd5 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 13pe5 -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 13pe5 -hc prog" fail -h -c -n 100 $helper ${bin_true}
### todo Variations of below tests ### todo Variations of below tests
@@ -377,30 +377,30 @@ runchecktest "test 13pe5 -hc prog" fail -h -c -n 100 $helper /bin/true
#ptraced confined app can ux - if the tracer is unconfined #ptraced confined app can ux - if the tracer is unconfined
# #
genprofile image=$helper $helper:rix /bin/true:rux signal:ALL genprofile image=$helper $helper:rix ${bin_true}:rux signal:ALL
runchecktest "test 14pa -h prog" pass -h -n 100 $helper /bin/true runchecktest "test 14pa -h prog" pass -h -n 100 $helper ${bin_true}
runchecktest "test 14pa -hc prog" pass -h -c -n 100 $helper /bin/true runchecktest "test 14pa -hc prog" pass -h -c -n 100 $helper ${bin_true}
#ptraced confined app can't ux - if the tracer can't trace unconfined #ptraced confined app can't ux - if the tracer can't trace unconfined
genprofile $helper:rpx signal:ALL -- image=$helper $helper:rix /bin/true:rux signal:ALL genprofile $helper:rpx signal:ALL -- image=$helper $helper:rix ${bin_true}:rux signal:ALL
runchecktest "test 14pb -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 14pb -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 14pb -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 14pb -hc prog" fail -h -c -n 100 $helper ${bin_true}
#confined app can't ptrace an unconfined app #confined app can't ptrace an unconfined app
genprofile $helper:rux signal:ALL genprofile $helper:rux signal:ALL
runchecktest "test 15p -h" fail -h -n 100 $helper runchecktest "test 15p -h" fail -h -n 100 $helper
runchecktest "test 15p -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 15p -h prog" fail -h -n 100 $helper ${bin_true}
#an unconfined app can't ask a confined app to trace it #an unconfined app can't ask a confined app to trace it
runchecktest "test 15p -hc" fail -h -c -n 100 $helper runchecktest "test 15p -hc" fail -h -c -n 100 $helper
runchecktest "test 15p -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 15p -hc prog" fail -h -c -n 100 $helper ${bin_true}
#confined app can't ptrace an app confined by a different profile #confined app can't ptrace an app confined by a different profile
genprofile $helper:rpx signal:ALL -- image=$helper signal:ALL genprofile $helper:rpx signal:ALL -- image=$helper signal:ALL
runchecktest "test 15p -h" fail -h -n 100 $helper runchecktest "test 15p -h" fail -h -n 100 $helper
runchecktest "test 15p -h prog" fail -h -n 100 $helper /bin/true runchecktest "test 15p -h prog" fail -h -n 100 $helper ${bin_true}
#a confined app can't ask another confined app with a different profile to #a confined app can't ask another confined app with a different profile to
#trace it #trace it
runchecktest "test 15p -hc" fail -h -c -n 100 $helper runchecktest "test 15p -hc" fail -h -c -n 100 $helper
runchecktest "test 15p -hc prog" fail -h -c -n 100 $helper /bin/true runchecktest "test 15p -hc prog" fail -h -c -n 100 $helper ${bin_true}
# Test LP: #1390592 # Test LP: #1390592
# The bug was a policy compilation bug that triggers in a rule such as # The bug was a policy compilation bug that triggers in a rule such as
@@ -408,9 +408,9 @@ runchecktest "test 15p -hc prog" fail -h -c -n 100 $helper /bin/true
# a-f|A-F|0-9 to trigger the bug. A parser affected by this bug will create a # a-f|A-F|0-9 to trigger the bug. A parser affected by this bug will create a
# bad binary policy that causes the kernel to unexpectedly deny the ptrace # bad binary policy that causes the kernel to unexpectedly deny the ptrace
# 'trace' of a process confined by profile ABC. # 'trace' of a process confined by profile ABC.
genprofile "$helper rpx -> ABC" signal:ALL ptrace:trace:peer=ABC -- image=ABC addimage:$helper /bin/true:rix signal:ALL ptrace:tracedby:peer=$test genprofile "$helper rpx -> ABC" signal:ALL ptrace:trace:peer=ABC -- image=ABC addimage:$helper ${bin_true}:rix signal:ALL ptrace:tracedby:peer=$test
runchecktest "test LP: #1390592 -h prog" pass -h -n 100 $helper /bin/true runchecktest "test LP: #1390592 -h prog" pass -h -n 100 $helper ${bin_true}
runchecktest "test LP: #1390592 -hc prog" pass -h -c -n 100 $helper /bin/true runchecktest "test LP: #1390592 -hc prog" pass -h -c -n 100 $helper ${bin_true}
## TODO: ptrace read tests ## TODO: ptrace read tests
## TODO: ptrace + change_profile ## TODO: ptrace + change_profile

2
utils/test/fake_ldd
View File

@@ -5,7 +5,7 @@ import sys
if len(sys.argv) != 2: if len(sys.argv) != 2:
raise Exception('wrong number of arguments in fake_ldd') raise Exception('wrong number of arguments in fake_ldd')
if sys.argv[1] == '/AATest/bin/bash' or sys.argv[1] == '/bin/bash': if sys.argv[1] in ['/AATest/bin/bash', '/bin/bash', '/usr/bin/bash']:
print(' linux-vdso.so.1 (0x00007ffcf97f4000)') print(' linux-vdso.so.1 (0x00007ffcf97f4000)')
print(' libreadline.so.6 => /AATest/lib64/libreadline.so.6 (0x00007f2c41324000)') print(' libreadline.so.6 => /AATest/lib64/libreadline.so.6 (0x00007f2c41324000)')
print(' libtinfo.so.6 => /AATest/lib64/libtinfo.so.6 (0x00007f2c410f9000)') print(' libtinfo.so.6 => /AATest/lib64/libtinfo.so.6 (0x00007f2c410f9000)')

10
utils/test/test-aa.py
View File

@@ -135,6 +135,9 @@ class AaTest_create_new_profile(AATest):
apparmor.aa.load_include('abstractions/bash') apparmor.aa.load_include('abstractions/bash')
exp_interpreter_path, exp_abstraction = expected exp_interpreter_path, exp_abstraction = expected
# damn symlinks!
if exp_interpreter_path:
exp_interpreter_path = os.path.realpath(exp_interpreter_path)
program = self.writeTmpfile('script', params) program = self.writeTmpfile('script', params)
profile = create_new_profile(program) profile = create_new_profile(program)
@@ -178,11 +181,8 @@ class AaTest_get_interpreter_and_abstraction(AATest):
interpreter_path, abstraction = get_interpreter_and_abstraction(program) interpreter_path, abstraction = get_interpreter_and_abstraction(program)
# damn symlinks! # damn symlinks!
if exp_interpreter_path and os.path.islink(exp_interpreter_path): if exp_interpreter_path:
dirname = os.path.dirname(exp_interpreter_path) exp_interpreter_path = os.path.realpath(exp_interpreter_path)
exp_interpreter_path = os.readlink(exp_interpreter_path)
if not exp_interpreter_path.startswith('/'):
exp_interpreter_path = os.path.join(dirname, exp_interpreter_path)
self.assertEqual(interpreter_path, exp_interpreter_path) self.assertEqual(interpreter_path, exp_interpreter_path)
self.assertEqual(abstraction, exp_abstraction) self.assertEqual(abstraction, exp_abstraction)