The unnamed nature of an O_TMPFILE, combined with the delayed linkage of
linkat(2), creates a potential for a filesystem mediation bypass. Thus,
add a test to verify whether or not such a bypass occurs.
Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
Due to how labeling is implemented, during the creation it is not yet
defined, so we need to grant create permissions without attaching the
label yet. Also, adjust tests to pass when label support is
implemented in the kernel.
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1623
Approved-by: Maxime Bélair <maxime.belair@canonical.com>
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>
This includes testing for options in (list) by itself, along with a rudimentary test for the combination of options=(list) and options in (list).
In particular, the test for the combination confirms that the `apparmor.d` man page was wrong about what happens when these options are combined.
Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1672
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>
disconnected_mount_complain only contains xpass tests, which should
not be included in the spread XFAIL tests.
Fixes: 1aca4a1d ("tests: regression: mark disconnected-complain-mode tests as xpass")
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
- set filetype, instead of syntax, in vim modelines
- replace filetype of subdomain with apparmor
- move modelines in the first or last five lines of each file so that
vim can recognize them
There is an unfortunate long kernel dev history as to why this currently
isn't the case, so we're stuck with documenting the facts for now.
Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
The tests on slower systems are occassionally timing out leading to
inconsistent pass/fail runs. The time out failure depending on which
test it occurs in can result in false passes, or failres.
Double the timeout, which hopefully will be enough to avoid the
timeout issue without making the tests wait too long.
Signed-off-by: John Johansen <john.johansen@canonical.com>
FS based unix sockets have a complicatd interaction with socket
mediation some of the mediation happens in file hooks while other
parts happen in network hooks.
When the kernel doesn't have the unix socket mediation patches the
interactions become largely mediated through the network hooks, as
unix rules get downgraded to socket rules. However some filesystem
operations are needed, and some hooks like bind may be called
differently based on the unix socket type, and not just the address.
Without the kernel patches these variations are not taken into
account.
Changes in the parser networking permission mappings have also
affected the downgrade path, as the parser now supports permissions on
socket rules, downgrades can use permissions and be more faithful to
the original rule but this can also break tests that didn't add all
the permissions needed for the downgrade case.
update unix_socket_pathname.sh to detect whether rule downgrades are
being used, and adjust permissions and expectations based on this.
Fixes: 7ce768244 ("tests: regression: fix regression test for upstream kernels")
Signed-off-by: John Johansen <john.johansen@canonical.com>
The attach_disconnected.sh and deleted.sh tests added expanded their
testing by using unix sockets. This however ever needs support of
unix socket mediation.
Provide a minimal fix by setting bailouts for the the tests if the
requirement is not present. Long term it would be better if the
expected/needed permissions sets could be tweaked to take into
account the permissions required by the use of unix sockets.
The fix f47d5c70a fix af_unix tests for v8 networking, was never
correct, though it worked and was closer before support for fine
grained inet mediation landed. Before finegrained inet mediation
landed unix rules would allow specifying the permission but inet would
not only allowing coarse socket mediation rules. While the backend
supported finegrained permissions in v8 socket mediation the parser
did not.
If af_unix mediation was not supported by the kernel the af_unix
mediation rule would be downgrade to a network rule. All network
socket rules allowed full permission because the parser didn't
support permissions on socket rules. So the "unix create," rule
was being downgraded to a "unix," rule. Thus the "unix create",
rule was enough permissions, in the downgrade even though it
actually wasn't enough permissions.
With support for fine grained inet permissions, support for permissions
on socket rules also landed. When this happend "unix create," was not
enough permissions any more because it was not downgraded to "unix,",
this resulted in failed mediation.
Fixes: cb4a397b1 ("tests: add attach_disconnected tests")
Fixes: f47d5c70a ("fix af_unix tests for v8 networking")
Signed-off-by: John Johansen <john.johansen@canonical.com>
Without the kernel patches in
https://lists.ubuntu.com/archives/apparmor/2025-March/013533.html
these tests will fail. This means spread ci for the majority of
kernels will fail.
Indeed disconnected paths failing in complain mode was always expected
behavior until the above kernel patches were posted.
Instead mark these patches as xpass, so spread CI can pass. These
tests will need to be updated to make them detect if the kernel
supports complain mode with disconnected paths.
Signed-off-by: John Johansen <john.johansen@canonical.com>
The test is added as XFAIL for all images because the kernel patches
required for them to pass have not yet been upstreamed into any published
kernel.
Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
Disconnected paths on lookups have caused actual permission denials, even
when the loaded profile is in complain mode. This is a test that causes
disconnections using mounts (both old and new API) and then verifies that
a complain mode profile doesn't prevent operations with disconnected fds.
Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
The command shell builtin is not recognized by older versions of make, so
switch back to using the which binary instead.
Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
linux/mount.h is only used in the move_mount test, which exercises the
move_mount syscall that was introduced sometime in 2018 or later. Older
systems without the header also lack the syscall, so we can just skip the
test in those cases.
Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
When a test fails because of an unexpected success (XFAIL), do not display the empty error log as that may confuse the reader just as it had confused the author.
In addition, when something legitimately fails then display tail of trace log as that may show some useful information.
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1548
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>
This makes no sense since the test has passed and there's nothing to look at in the log.
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
A number of tests are failing and since spread does not contain a native
XFAIL facility, we have to maintain a silent-failure feature code
ourselves. A few of those have been fixed since the first iteration of
this patch. The remaining known failures are being fixed.
Later on I would like to separate XFAIL from SKIP so that if a test is
known to exercise kernel feature unavailable on the given system, the
test is just not executed.
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
By making the test a file to be included as a helper, we can reuse most of the code for a fuse_overlayfs test without copy-pasting
Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
The BASH_XTRACEFD variable can be used to redirect "set -x" traces
to a dedicated file. We can use it to split the execution trace
(what has actually happened) from the failure messages.
On a failing test this does provide improved clarity when debugging
interactively with "spread -debug". On non-interactive runs the now
shorter error list is also implicitly printed.
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Depending on the system, copying echo to the loop device fails because the echo binary is too large.
Especially on systems that have echo be just a symlink to coreutils (e.g. busybox) (as opposed to echo being its own binary) 16k is just not enough.
2M seems fine on my system, but this might need yet a higher value depending on what coreutils other people actually run.
The crash in question:
```
cp: error writing '/tmp/sdtest.3937422-31490-Bxvi6g/mount_target/echo': No space left on device
Fatal Error (file_unbindable_mount): Unexpected shell error. Run with -x to debug
rm: cannot remove '/tmp/sdtest.3937422-31490-Bxvi6g/mount_target': Device or resource busy
```
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1469
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>
These tests exercise various common file operations on files in an overlayfs.
Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1461
Approved-by: Christian Boltz <apparmor@cboltz.de>
Merged-by: John Johansen <john@jjmx.net>
Depending on the system, copying echo to the loop device fails because the echo binary is too large.
Especially on systems that have echo be just a symlink to coreutils (e.g. busybox) 16k is just not enough.
2M seems fine on my system, but this might need yet a higher value depending on what coreutils other people actually run.
The actual loop device needs to be larger to properly fit the allocated file size. Testing shows 4M is sufficient, but this is basically arbitrary.
This test, as is, emits an execname warning which is due to a bug in the `prologue.inc` infrastructure (see !1450 for a fix to this issue).
Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1448
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>
This MR is meant to resolve warnings such as "Warning: execname '/home/username/Documents/apparmor/tests/regression/apparmor/file_unbindable_mount': no such file or directory" when running tests like the one in the current version of !1448.
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1450
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>
