The mqueue tests were using the previous format which was specific for
capabilities. The qual= prefix should be used instead.
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
dbus-broker requires some modification of the test suite. In summary:
* refactor to support starting and stopping both dbus and dbus-broker.
* Make it so we can run the tests on each, where appropriate
* skip unrequested reply and eavesdrop tests for dbus broker because they are not supported.
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/965
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>
DBus Broker was enabled for the dbus_message and dbus_service
regression tests.
The dbus_eavesdropping test does not run with dbus-broker because
eavesdropping was deprecated in favor or monitoring, so new tests for
the "BecomeMonitor" method need to be added.
The dbus_unrequested_reply test is also not supported by dbus-broker,
therefore the tests are skipped.
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
Commit 8cf3534a5 ("tests regression: fix failure on older versions of
Make") from https://gitlab.com/apparmor/apparmor/-/merge_requests/639
was incorrectly applied, including the `+` prefixes from the proposed
patch. This causes the sysctl syscall() checks to not correctly be
applied and results in a mismatch of expectations in the
syscall_sysctl.sh test script, causing it and the testsuite to fail.
Thus, remove the bogon `+` characters from the Makefile, to make
USE_SYSCTL be set correctly.
Fixes: 8cf3534a5 ("tests regression: fix failure on older versions of Make")
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/963
Approved-by: Georgia Garcia <georgia.garcia@canonical.com>
Approved-by: Christian Boltz <apparmor@cboltz.de>
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>
The test "eavesdrop (confined w/o dbus perms)" was failing for the
wrong reason. While it should fail because it is missing dbus rules, it
was actually failing because it didn't have the required unix rule.
The error message was:
"FAIL: Failed to open connection to "session" message bus: Failed to open socket: Permission denied"
Corresponding audit log:
[28306.743863] audit: type=1400 audit(1671048091.505:297): apparmor="DENIED" operation="create" class="net" profile="/home/georgia/apparmor/tests/regression/apparmor/dbus_eavesdrop" pid=6787 comm="dbus_eavesdrop" family="unix" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create" addr=none
After the change, the error message is:
FAIL: Failed to open connection to "session" message bus: An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender="(null)" (inactive) interface="org.freedesktop.DBus" member="Hello" error name="(unset)" requested_reply="0" destination="org.freedesktop.DBus" (bus)
Corresponding audit log:
[28444.248268] audit: type=1107 audit(1671048229.009:300): pid=6826 uid=0 auid=1000 ses=5 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="Hello" mask="send" name="org.freedesktop.DBus" pid=6854 label="/home/georgia/apparmor/tests/regression/apparmor/dbus_eavesdrop" peer_label="unconfined" exe="/usr/bin/dbus-daemon" sauid=0 hostname=? addr=? terminal=?'
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
The profile generated by dbus did not include this rule
which caused the following DENIED audit logs:
[26937.013475] audit: type=1400 audit(1671046721.776:246): apparmor="DENIED" operation="getattr" class="file" profile="/home/georgia/apparmor/tests/regression/apparmor/dbus_message" name="/tmp/sdtest.5720-14413-VQMPsH/output.dbus_message" pid=5866 comm="dbus_message" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
Commit 8cf3534a5 ("tests regression: fix failure on older versions of
Make") from https://gitlab.com/apparmor/apparmor/-/merge_requests/639
was incorrectly applied, including the `+` prefixes from the proposed
patch. This causes the sysctl syscall() checks to not correctly be
applied and results in a mismatch of expectations in the
syscall_sysctl.sh test script, causing it and the testsuite to fail.
Thus, remove the bogon `+` characters from the Makefile, to make
USE_SYSCTL be set correctly.
Fixes: 8cf3534a5 ("tests regression: fix failure on older versions of Make")
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
getopt returns an int, not a char.
Error caused by this issue could only be observed on non-x86 systems.
Closes LP#2000359
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
Setns is used to associate to an existing user namespace, so the
kernel security hook for user namespace creation is not called.
The restriction for setns is that it should have the capability
sys_admin.
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
This allows regression tests to generate profiles that use rule qualifiers,
such as allow, deny, and audit. Qualifiers can be specified for a rule by
prepending 'qual=', followed by a comma-separated list of rule qualifiers,
then a ':', then the rule itself.
Signed-off-by: Jon Tourville <jon.tourville@canonical.com>
The test kernel_features only checked if the feature file exists, but
there are cases when we need to check if the feature is part of the
file's content. For example, we might want to check if a mode is present
in the feature "mask" file.
This is already supported by libapparmor's aa_features_supports.
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
Print out a summary of the tests that passed and failed at the end of the
regression tests. Merge the tests and alltests make targets since they
only differ in which tests are run.
Signed-off-by: Jon Tourville <jon.tourville@canonical.com>
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/942
Approved-by: Steve Beattie <gitlab@nxnw.org>
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>
Print out a summary of the tests that passed and failed at the end of the
regression tests. Merge the tests and alltests make targets since they
only differ in which tests are run.
Signed-off-by: Jon Tourville <jon.tourville@canonical.com>
This update to the regression test framework allows a test script to
execute a test binary as a different user by passing '-u <username>'
to the settest function.
Signed-off-by: Jon Tourville <jon.tourville@canonical.com>
This adds a single e2e test to check that raw_data of a loaded
policy matches the generated policy (cached).
Signed-off-by: Spyros Seimenis <spyros.seimenis@canonical.com>
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/929
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>
This adds a single e2e test to check that raw_data of a loaded
policy matches the generated policy (cached).
Signed-off-by: Spyros Seimenis <spyros.seimenis@canonical.com>
libtool generates horrible shell code, you don't want to see the
shellcheck results for it ;-)
This is only relevant for local testing (not in CI) because these files
don't exist in git and therefore don't exist when the shellcheck CI job
runs.
- Assume /bin/sh has dash's features and ignore corresponding false positives
- Exclude parser/tst, tests and utils/test directories: they have tons
of shellcheck violations but they don't *directly* impact our users.
Let's first focus on code that runs on production systems.
- Exclude rc.apparmor.slackware: I don't know anything about Slackware's
/bin/sh.
The previous code happened to work only because we always pass either 0 or 1
arguments to these functions. If we ever passed them 2+ arguments,
unexpected things would happen.
For details, see https://www.shellcheck.net/wiki/SC2145
This test uses unix_fd_server to open a file and pass
its file descriptor to the attach_disconnected tests, which
then mounts, pivots root and then tries to open the file.
Since the server execs the client, this commit also inverts the order
of the parameters to allow the server to forward the client's args
along with the unix_socket path.
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/810
Acked-by: John Johansen <john.johansen@canonical.com>
The code from unix_fd_client can be used by other clients which
will receive the fd of a file using SCM rights.
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/810
Acked-by: John Johansen <john.johansen@canonical.com>
The file query test on query_label.sh fails on kernels
before 4.4 because of the lack of support. Since there
is no feature file to examine for this feature, we
needed to check for the kernel version. Refer to [qa-regression-testing](https://git.launchpad.net/qa-regression-testing/tree/scripts/test-apparmor.py#n1653).
As discussed on !767, we might need a more complicated test than
only checking for the kernel version, since this feature might
be available in out-of-tree Ubuntu kernels such as saucy (3.13).
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/769
Acked-by: John Johansen <john@jjmx.net>
When using the system parser ${parser_config} will be empty and so if this
is quoted when passed as argument to the parser then this gets in
interpreted as the name of a file to be compiled and hence the parser just
prints:
File not found, skipping...
File not found, skipping...
File not found, skipping...
...
for all the aa_policy_cache tests - instead fix this by just not quoting
this argument as suggested by cboltz.
This fixes the regression tests to run to completion without error when
USE_SYSTEM=1 is set.
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/788
Signed-off-by: Alex Murray <alex.murray@canonical.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
When using the system parser ${parser_config} will be empty and so if this
is unconditionally passed as an argument to the parser then this gets in
interpreted as the name of a file to be compiled and hence the parser just
prints:
File not found, skipping...
File not found, skipping...
File not found, skipping...
...
for all the aa_policy_cache tests - instead fix this to pass a single args
argument to the parser which will only include parser_config if it is not
empty.
This fixes the regression tests to run to completion without error when
USE_SYSTEM=1 is set.
Signed-off-by: Alex Murray <alex.murray@canonical.com>
mount -o loop fails when the loopback module is not loaded with
permission denied. Add a check if /dev/loop0 exists. If not, load
the loop module.
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/781
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
The file query test on query_label.sh fails on kernels
before 4.4 because of the lack of support. Since there
is no feature file to examine for this feature, we
need to check for the kernel version.
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
The regression tests are failing on some older kernels due to
commit 9f834ec18defc369d73ccf9e87a2790bfa05bf46 being cherry-picked
back to them without the corresponding apparmor patch
34c426acb75cc21bdf84685e106db0c1a3565057.
This means we can not rely on a simple features/flag check to determine
how the kernel is behaving with regard to mmap. Since this test is
not concerned with testing mmap, instead of adding a more complex
conditional simplify by always adding the m permission.
Fixes: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1830984
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Georgia Garcia <georgia.garcia@canonical.com>
The following errors are happening on the regression tests
of i18n.sh on arm64 hirsute/impish:
Error: open failed. Test 'i18n (194) OPEN (octal) "/tmp/sdtest.3654-6536-J2ZwFM/file__post" RW' was expected to 'pass'. Reason for failure 'FAIL: open /tmp/sdtest.3654-6536-J2ZwFM/file__post failed - Permission denied'
...
The cause is a bash bug handling UTF-8 on subshells.
Fixes: https://bugs.launchpad.net/apparmor/+bug/1932331
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/765
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Fix spelling errors in code strings. Some strings are translatable.
This fixes are potentially user visible.
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/687
With the exception of the documentation fixes, these should all be
invisible to users.
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/687
The aa_policy_cache test is using the system parser.conf file even
when the tests are set to use source. This can lead to failures
if the system parser.conf contain options not understood by
the source parser.
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/653
Signed-off-by: John Johansen <john.johansen@canonical.com>
When using the in tree parser we should not be using the system
parser.conf file, as if the system apparmor is newer than the
tree being tested the parser.conf file could contain options not
understood by the in tree apparmor_parser.
Use --config-file to specify the default in tree parser.conf
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/653
Signed-off-by: John Johansen <john.johansen@canonical.com>
Older versions of Make will choke on the # character in the $(shell
expression, treating it as the beginning of a comment. Resulting in
the following error
make unterminated call to function 'shell': missing ')'. Stop.
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/639
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <steve.beattie@canonical.com>
af_unix allows for sockets to be bound to a name that is autogenerated.
Currently this type of binding is only supported by a very generic
rule.
unix (bind) type=dgram,
but this allows both sockets with specified names and anonymous
sockets. Extend unix rule syntax to support specifying just an
auto bind socket by specifying addr=auto
eg.
unix (bind) addr=auto,
It is important to note that addr=auto only works for the bind
permission as once the socket is bound to an autogenerated address,
the addr with have a valid unique value that can be matched against
with a regular
addr=@name
expression
Fixes: https://bugs.launchpad.net/apparmor/+bug/1867216
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/521
Signed-off-by: John Johansen <john.johansen@canonical.com>
prologue.inc:settest() in same cases invokes a sed command that uses
'~' as a pattern separator, on things that can contain filesystem
paths. However, in the debian/ubuntu world, '~' can be used in version
strings, particularly for pre-release versions, and when this happens
and the version is embedded in the path, the sed command breaks
because of the extraneous separator. Fix this by using '#' as a
separator, which has the benefit of being considered a comment if
accidentally interpreted by a shell.
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/599
DBus services link against libgcrypt, and thus when libgcrypt has had
patches applied to make it FIP 140-2 compliant, the dbus based tests
confined by apparmor need access to the associated library integrity validation
file. Fix this by causing mkprofile to grant read access in all
generated profiles by default.
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
Bug: https://bugs.launchpad.net/bugs/1891664
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/595
