mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 00:14:44 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

tests/profiles/tinyproxy: add test for path based attachment

Browse source 
The existing test checks that the tinyproxy systemd service is confined. However
it is possible that this confinement is based on systemd launching tinyproxy
with the expected profile, rather than tinyproxy running under the profile due
to path-based attachment. So add an explicit check for this as well as requested
by @zyga-aka-zygoon in
https://gitlab.com/apparmor/apparmor/-/merge_requests/1477#note_2334724042

Signed-off-by: Alex Murray <alex.murray@canonical.com>
This commit is contained in:
Alex Murray 2025-02-07 12:30:06 +10:30
parent b378da1f9c
commit 1f2175d854
Failed to generate hash of commit
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
tests/profiles/tinyproxy/task.yaml
View file

@ -12,3 +12,6 @@ execute: |
# check tinyproxy system service is confined
cat /proc/$(pidof tinyproxy)/attr/apparmor/current | MATCH 'tinyproxy \(enforce\)'
# also check the profile is attached based on the program path since in the
# previous test it could possibly being done by systemd instead
"$SPREAD_PATH"/tests/bin/actual-profile-of tinyproxy | MATCH 'tinyproxy \(enforce\)'