mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-31 07:17:22 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

test(aa-log): add more tests about the mount rules.

Browse source
This commit is contained in:
Alexandre Pujol 2024-02-24 17:00:07 +00:00
parent d6dc89b4f3
commit 48b39fa816
Failed to generate hash of commit
2 changed files with 33 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
pkg/aa/data_test.go
View file

@ -64,25 +64,37 @@ var (
"operation": "mount", "operation": "mount",
"info": "failed perms check", "info": "failed perms check",
"error": "-13", "error": "-13",
"profile": "dockerd", "profile": "loupe",
"name": "/var/lib/docker/overlay2/metacopy-check906831159/merged/", "name": "/newroot/dev/tty",
"comm": "dockerd", "comm": "bwrap",
"fstype": "overlay", "srcname": "/oldroot/dev/tty",
"srcname": "overlay", "flags": "rw, rbind",
} }
mount1 = &Mount{ mount1 = &Mount{
Qualifier: Qualifier{Comment: "failed perms check"}, Qualifier: Qualifier{Comment: "failed perms check"},
MountConditions: MountConditions{FsType: "overlay", Options: []string{}}, MountConditions: MountConditions{FsType: "overlay"},
Source: "overlay", Source: "overlay",
MountPoint: "/var/lib/docker/overlay2/opaque-bug-check1209538631/merged/", MountPoint: "/var/lib/docker/overlay2/opaque-bug-check1209538631/merged/",
} }
mount2 = &Mount{ mount2 = &Mount{
Qualifier: Qualifier{Comment: "failed perms check"}, Qualifier: Qualifier{Comment: "failed perms check"},
MountConditions: MountConditions{FsType: "overlay", Options: []string{}}, MountConditions: MountConditions{Options: []string{"rw", "rbind"}},
Source: "overlay", Source: "/oldroot/dev/tty",
MountPoint: "/var/lib/docker/overlay2/metacopy-check906831159/merged/", MountPoint: "/newroot/dev/tty",
} }
// Umount
umount1Log = map[string]string{
"apparmor": "ALLOWED",
"class": "mount",
"operation": "umount",
"profile": "systemd",
"name": "/",
"comm": "(ostnamed)",
}
umount1 = &Umount{MountPoint: "/"}
umount2 = &Umount{MountPoint: "/oldroot/"}
// PivotRoot // PivotRoot
// pivotroot1LogStr = `apparmor="ALLOWED" operation="pivotroot" class="mount" profile="systemd" name="@{run}/systemd/mount-rootfs/" comm="(ostnamed)" srcname="@{run}/systemd/mount-rootfs/"` // pivotroot1LogStr = `apparmor="ALLOWED" operation="pivotroot" class="mount" profile="systemd" name="@{run}/systemd/mount-rootfs/" comm="(ostnamed)" srcname="@{run}/systemd/mount-rootfs/"`
pivotroot1Log = map[string]string{ pivotroot1Log = map[string]string{

12
pkg/aa/rules_test.go
View file

@ -34,6 +34,12 @@ func TestRule_FromLog(t *testing.T) {
log: mount1Log, log: mount1Log,
want: mount1, want: mount1,
}, },
{
name: "umount",
fromLog: UmountFromLog,
log: umount1Log,
want: umount1,
},
{ {
name: "pivotroot", name: "pivotroot",
fromLog: PivotRootFromLog, fromLog: PivotRootFromLog,
@ -153,6 +159,12 @@ func TestRule_Less(t *testing.T) {
other: mount2, other: mount2,
want: false, want: false,
}, },
{
name: "umount",
rule: umount1,
other: umount2,
want: true,
},
{ {
name: "pivot_root1", name: "pivot_root1",
rule: pivotroot2, rule: pivotroot2,