mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
tests: replace individual socket permission to socket and put_old/socket
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
This commit is contained in:
Georgia Garcia
parent
2d7bd40606
commit
5b139521aa
1 changed files with 6 additions and 5 deletions
|
|
@ -96,7 +96,8 @@ do_test()
|
|||
|
||||
# Needed for clone(CLONE_NEWNS) and pivot_root()
|
||||
cap=capability:sys_admin
|
||||
file_perm="$file:rw /put_old/$file:rw"
|
||||
file_perm="$file:rw $put_old/$file:rw"
|
||||
socket_perm="$socket:rw $put_old/$socket:rw"
|
||||
create_dir="$new_root:w $put_old:w"
|
||||
|
||||
# Ensure everything works as expected when unconfined
|
||||
|
|
@ -104,22 +105,22 @@ do_test "attach_disconnected" pass $file $att_dis_client $socket $loop_device $n
|
|||
|
||||
# TODO: adding attach_disconnected.path to a replaced unconfined
|
||||
|
||||
genprofile $file_perm unix:create $socket:rw $att_dis_client:px -- image=$att_dis_client $file_perm unix:create $socket:rw $create_dir $cap "pivot_root:ALL" "mount:ALL" flag:attach_disconnected
|
||||
genprofile $file_perm unix:create $socket_perm $att_dis_client:px -- image=$att_dis_client $file_perm unix:create $socket_perm $create_dir $cap "pivot_root:ALL" "mount:ALL" flag:attach_disconnected
|
||||
|
||||
do_test "attach_disconnected" pass $file $att_dis_client $socket $loop_device $new_root $put_old
|
||||
|
||||
genprofile $file_perm unix:create $socket:rw $att_dis_client:px -- image=$att_dis_client $file_perm unix:create $socket:rw $create_dir $cap "pivot_root:ALL" "mount:ALL" flag:attach_disconnected flag:attach_disconnected.path=/foo/
|
||||
genprofile $file_perm unix:create $socket_perm $att_dis_client:px -- image=$att_dis_client $file_perm unix:create $socket_perm $create_dir $cap "pivot_root:ALL" "mount:ALL" flag:attach_disconnected flag:attach_disconnected.path=/foo/
|
||||
|
||||
do_test "attach_disconnected.path rule at /" fail $file $att_dis_client $socket $loop_device $new_root $put_old
|
||||
|
||||
do_test "attach_disconnected.path" pass "/foo/$file" $att_dis_client $socket $loop_device $new_root $put_old
|
||||
|
||||
genprofile $file_perm unix:create $socket:rw $att_dis_client:px -- image=$att_dis_client $file_perm unix:create $socket:rw $create_dir $cap "pivot_root:ALL" "mount:ALL" flag:no_attach_disconnected
|
||||
genprofile $file_perm unix:create $socket_perm $att_dis_client:px -- image=$att_dis_client $file_perm unix:create $socket_perm $create_dir $cap "pivot_root:ALL" "mount:ALL" flag:no_attach_disconnected
|
||||
|
||||
do_test "no_attach_disconnected" fail $file $att_dis_client $socket $loop_device $new_root $put_old
|
||||
|
||||
# Ensure default is no_attach_disconnected - no flags set
|
||||
genprofile $file_perm unix:create $socket:rw $att_dis_client:px -- image=$att_dis_client $file_perm unix:create $socket:rw $create_dir $cap "pivot_root:ALL" "mount:ALL"
|
||||
genprofile $file_perm unix:create $socket_perm $att_dis_client:px -- image=$att_dis_client $file_perm unix:create $socket_perm $create_dir $cap "pivot_root:ALL" "mount:ALL"
|
||||
|
||||
do_test "no_attach_disconnected" fail $file $att_dis_client $socket $loop_device $new_root $put_old
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue