Merge tests/profiles/tinyproxy: add test for path based attachment

The existing test checks that the tinyproxy systemd service is confined. However it is possible that this confinement is based on systemd launching tinyproxy with the expected profile, rather than tinyproxy running under the profile due to path-based attachment. So add an explicit check for this as well as requested by @zyga-aka-zygoon in https://gitlab.com/apparmor/apparmor/-/merge_requests/1477#note_2334724042 Signed-off-by: Alex Murray <alex.murray@canonical.com> MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1523 Approved-by: Zygmunt Krynicki <me@zygoon.pl> Approved-by: Christian Boltz <apparmor@cboltz.de> Merged-by: Christian Boltz <apparmor@cboltz.de>
2025-03-04 00:14:44 +01:00 · 2025-02-07 12:18:00 +00:00 · 2025-02-07 12:18:00 +00:00 · 8cef7278aa
commit 8cef7278aa
parent 13caf52705 1f2175d854
1 changed files with 3 additions and 0 deletions
--- a/tests/profiles/tinyproxy/task.yaml
+++ b/tests/profiles/tinyproxy/task.yaml
@ -12,3 +12,6 @@ execute: |
    # check tinyproxy system service is confined
    cat /proc/$(pidof tinyproxy)/attr/apparmor/current | MATCH 'tinyproxy \(enforce\)'

+    # also check the profile is attached based on the program path since in the
+    # previous test it could possibly being done by systemd instead
+    "$SPREAD_PATH"/tests/bin/actual-profile-of tinyproxy | MATCH 'tinyproxy \(enforce\)'