mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-09 02:41:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/tests/regression/subdomain/for-mainline/openat.patch

76 lines
2.9 KiB
Diff
Raw Normal View History

Add patches to update new tests and deal with the new directory behavior which doesn't automatically mask of MAY_WRITE in inode_permission. openat.patch - comment of o_creat bug, remove exit before last test chdir.patch - add trailing /, give profile read permission to the directory access.patch - give profile dir read permissions, update test rwx (r) to fail since w - perm is no longer masked off.
2007-05-02 22:35:33 +00:00
Index: subdomain/openat.sh
===================================================================
--- subdomain.orig/openat.sh
+++ subdomain/openat.sh
@@ -40,59 +40,59 @@ runchecktest "OPENAT unconfined RW (crea
# PASS TEST (the file shouldn't exist, so open should create it
resettest
-genprofile ${dir}:r ${filepath}:$okperm
+genprofile ${dir}/:r ${filepath}:$okperm
runchecktest "OPENAT RW (create) " pass $dir $file
# PASS TEST
resettest
touch ${filepath}
-genprofile ${dir}:r ${filepath}:$okperm
+genprofile ${dir}/:r ${filepath}:$okperm
runchecktest "OPENAT RW (exists)" pass $dir $file
# FAILURE TEST (1)
resettest
touch ${filepath}
-genprofile ${dir}:r ${filepath}:$badperm1
+genprofile ${dir}/:r ${filepath}:$badperm1
runchecktest "OPENAT R" fail $dir $file
# FAILURE TEST (2)
resettest
touch ${filepath}
-genprofile ${dir}:r ${filepath}:$badperm2
+genprofile ${dir}/:r ${filepath}:$badperm2
runchecktest "OPENAT W (exists)" fail $dir $file
# FAILURE TEST (3)
resettest
-genprofile ${dir}:r ${filepath}:$badperm1 cap:dac_override
+genprofile ${dir}/:r ${filepath}:$badperm1 cap:dac_override
runchecktest "OPENAT R+dac_override" fail $dir $file
# FAILURE TEST (4)
# This is testing for bug: https://bugs.wirex.com/show_bug.cgi?id=2885
# When we open O_CREAT|O_RDWR, we are (were?) allowing only write access
# to be required.
+# This test currently passes when it should fail because of the o_creat bug
resettest
-genprofile ${dir}:r ${filepath}:$badperm2
+genprofile ${dir}/:r ${filepath}:$badperm2
runchecktest "OPENAT W (create)" fail $dir $file
# PASS rename of directory in between opendir/openat
resettest
-genprofile ${dir}/${subdir}:rw ${dir}/otherdir:w ${dir}/otherdir/file:rw
+genprofile ${dir}/${subdir}/:rw ${dir}/otherdir/:w ${dir}/otherdir/file:rw
runchecktest "OPENAT RW (rename/newpath)" pass --rename ${dir}/otherdir ${dir}/${subdir} file
# PASS rename of directory in between opendir/openat - file exists
resettest
touch ${filepath}
-genprofile ${dir}/${subdir}:rw ${dir}/otherdir:w ${dir}/otherdir/file:rw
+genprofile ${dir}/${subdir}/:rw ${dir}/otherdir/:w ${dir}/otherdir/file:rw
runchecktest "OPENAT RW (rename/newpath)" pass --rename ${dir}/otherdir ${dir}/${subdir} file
# FAIL rename of directory in between opendir/openat - use old name
resettest
-genprofile ${dir}/${subdir}:rw ${dir}/otherdir:w ${dir}/${subdir}/file:rw
+genprofile ${dir}/${subdir}/:rw ${dir}/otherdir/:w ${dir}/${subdir}/file:rw
runchecktest "OPENAT RW (rename/newpath)" fail --rename ${dir}/otherdir ${dir}/${subdir} file
-exit
# FAIL rename of directory in between opendir/openat - use old name, file exists
resettest
touch ${filepath}
-genprofile ${dir}/${subdir}:rw ${dir}/otherdir:w ${dir}/${subdir}/file:rw
+genprofile ${dir}/${subdir}/:rw ${dir}/otherdir/:w ${dir}/${subdir}/file:rw
runchecktest "OPENAT RW (rename/newpath)" fail --rename ${dir}/otherdir ${dir}/${subdir} file
Reference in a new issue Copy permalink