mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
Fix up some of the patches after I messed them up by incorporating some of their changes.
This commit is contained in:
Steve Beattie
parent
1de5bdbacc
commit
063bb1b26e
3 changed files with 8 additions and 37 deletions
|
|
@ -16,43 +16,14 @@ Index: subdomain/exec_qual.sh
|
|||
-local_runchecktest "enforce ux case1" pass "unconstrained" $test2 $file
|
||||
+local_runchecktest "enforce ux case1" pass "unconfined" $test2 $file
|
||||
|
||||
# constrained parent, exec child with conflicting exec qualifiers
|
||||
# confined parent, exec child with conflicting exec qualifiers
|
||||
# that overlap in such away that px is prefered (ix is glob, px is exact
|
||||
@@ -148,24 +148,24 @@ local_runchecktest "enforce ux case1" pa
|
||||
genprofile $test2:px $test2_rex1:ix -- image=$test2 $file:$fileperm
|
||||
local_runchecktest "enforce conflicting exec qual" pass $test2 $test2 $file
|
||||
|
||||
-# unconstrained parent
|
||||
+# unconfined parent
|
||||
# case 1: child profile exists, child profile grants access
|
||||
# expected behaviour: child should be able to access resource
|
||||
|
||||
genprofile image=$test2 $file:$fileperm
|
||||
-local_runchecktest "enforce unconstrained case1" pass $test2 $test2 $file
|
||||
+local_runchecktest "enforce unconfined case1" pass $test2 $test2 $file
|
||||
|
||||
# case 2: child profile exists, child profile denies access
|
||||
# expected behaviour: child should be unable to access resource
|
||||
|
||||
genprofile image=$test2
|
||||
-local_runchecktest "enforce unconstrained case2" fail $test2 $test2 $file
|
||||
+local_runchecktest "enforce unconfined case2" fail $test2 $test2 $file
|
||||
|
||||
# case 3: no child profile exists, unconfined
|
||||
@@ -165,7 +165,7 @@ local_runchecktest "enforce unconfined c
|
||||
# expected behaviour: child should be able to access resource
|
||||
|
||||
removeprofile
|
||||
-local_runchecktest "enforce unconstrained case3" pass "unconstrained" $test2 $file
|
||||
-local_runchecktest "enforce unconfined case3" pass "unconstrained" $test2 $file
|
||||
+local_runchecktest "enforce unconfined case3" pass "unconfined" $test2 $file
|
||||
|
||||
# -----------------------------------------------------------------------
|
||||
|
||||
@@ -193,7 +193,7 @@ local_runchecktest "enforce unconstraine
|
||||
# case 1: child should be able to access resource
|
||||
# verify that child is in null-complain-profile
|
||||
|
||||
-# unconstrained parent
|
||||
+# unconfined parent
|
||||
# case 1: expected behaviour: as enforce
|
||||
# case 2: expected behaviour, child should be able to access resource
|
||||
# case 3: expected behaviour: as enforce
|
||||
|
|
|
|||
|
|
@ -3,11 +3,11 @@ Index: subdomain/deleted.sh
|
|||
--- subdomain.orig/deleted.sh
|
||||
+++ subdomain/deleted.sh
|
||||
@@ -116,7 +116,7 @@ rm -f ${socket}
|
||||
# FAIL - constrained client, w access to the file
|
||||
# FAIL - confined client, w access to the file
|
||||
|
||||
genprofile $file:$okperm $socket:rw $fd_client:px -- image=$fd_client $file:$badperm $socket:rw
|
||||
-runchecktest "fd passing; constrained client w/ w only" fail $file $socket $fd_client "delete_file"
|
||||
+runchecktest "fd passing; constrained client w/ w only" pass $file $socket $fd_client "delete_file"
|
||||
-runchecktest "fd passing; confined client w/ w only" fail $file $socket $fd_client "delete_file"
|
||||
+runchecktest "fd passing; confined client w/ w only" pass $file $socket $fd_client "delete_file"
|
||||
|
||||
sleep 1
|
||||
rm -f ${socket}
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ Index: subdomain/exec_qual.sh
|
|||
@@ -140,11 +140,13 @@ genprofile $test2:ux
|
||||
local_runchecktest "enforce ux case1" pass "unconstrained" $test2 $file
|
||||
|
||||
# constrained parent, exec child with conflicting exec qualifiers
|
||||
# confined parent, exec child with conflicting exec qualifiers
|
||||
+# that overlap in such away that px is prefered (ix is glob, px is exact
|
||||
+# match). Other overlap tests should be in the parser.
|
||||
# case 1:
|
||||
|
|
@ -17,5 +17,5 @@ Index: subdomain/exec_qual.sh
|
|||
+genprofile $test2:px $test2_rex1:ix -- image=$test2 $file:$fileperm
|
||||
+local_runchecktest "enforce conflicting exec qual" pass $test2 $test2 $file
|
||||
|
||||
# unconstrained parent
|
||||
# unconfined parent
|
||||
# case 1: child profile exists, child profile grants access
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue