directories). It also disables the longpath test (after locking up
another machine from running it), but adds a 'make alltests' target
which will run all the tests plus that one (and any others defined in
the RISKY_TESTS variable.)
if necessary. Currently used to suppress warnings about unsafe/unfiltered
environment 'u' exec transitions.
[Corresponds to rev 6415 in the old svn repo]
This commit adds a test that checks to see if exec unconfined -->
confined requires any access to the binary being run confined. Current
behavior is that it does not.
the old svn tree.]
This patch adds tests to verify the environment filtering done in the Px
and Ux cases. It tests the environment from both an elf executable and
from a shell script. Also verifies that with the apparmor module loaded,
environment filtering on setuid apps still happens.
tonyj:
- Verify long path (d_path) error checking. (6391)
- Better ptrace tests. (6401)
- Confined mount tests require cap_sys_admin to even get to the confined
checks. (6402)
XFS appears to be more strict than the Linux vfs layer wrt whether a
process can chgrp a file when it's not the owner but still in the same
group -- XFS doesn't allow it and requires CAP_FOWNER instead.
This fix rorders the tests so that the chgrp operations occur before the
chown operations happen, avoiding the difference in requirements between
XFS and linux's vfs.
