--- tests/regression/subdomain/Makefile | 2 + tests/regression/subdomain/symlink.c | 4 --- tests/regression/subdomain/symlink.sh | 42 ++++++++-------------------------- 3 files changed, 14 insertions(+), 34 deletions(-) Index: subdomain/symlink.c =================================================================== --- subdomain.orig/symlink.c +++ subdomain/symlink.c @@ -1,13 +1,11 @@ /* - -/* * Copyright (C) 2002-2005 Novell/SUSE * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License as * published by the Free Software Foundation, version 2 of the * License. - */ + * * $Id: symlink.c 61 2006-05-19 18:32:14Z steve-beattie $ */ Index: subdomain/symlink.sh =================================================================== --- subdomain.orig/symlink.sh +++ subdomain/symlink.sh @@ -9,9 +9,7 @@ # License. #=NAME symlink -#=DESCRIPTION As the 'link' test but for symbolic rather than hard links - -echo "symlink mediation in AppArmor has been removed"; exit 1 +#=DESCRIPTION creating a symlink should require write access to the new name pwd=`dirname $0` pwd=`cd $pwd ; /bin/pwd` @@ -20,42 +18,24 @@ bin=$pwd . $bin/prologue.inc -src1=$tmpdir/src1 -src2=$tmpdir/src2 -src3=$tmpdir/src3 +src=$tmpdir/src1 target=$tmpdir/target -path2=target -path3=$(echo $tmpdir | sed -e "s|/[^/]*|../|g")${target} -okperm=rwixl -badperm=rwl -nolinkperm=rwix -touch $target +okperm=w +badperm=rlixm + +touch $target # PASS TEST -genprofile ${src1}:$okperm ${src2}:$okperm ${src3}:$okperm $target:$nolinkperm +genprofile ${src}:$okperm -runchecktest "MATCHING PERM (absolute)" pass $target ${src1} -runchecktest "MATCHING PERM (same dir)" pass ${path2} ${src2} -runchecktest "MATCHING PERM (relative)" pass ${path3} ${src3} +runchecktest "SYMLINK/WRITE PERMS" pass $target ${src} # FAILURE TEST -rm -f ${src1} ${src2} ${src3} - -genprofile ${src1}:$badperm ${src2}:$badperm ${src3}:$badperm $target:$nolinkperm - -runchecktest "NONMATCHING PERM (absolute)" fail $target ${src1} -runchecktest "NONMATCHING PERM (same dir)" fail ${path2} ${src2} -runchecktest "NONMATCHING PERM (relative)" fail ${path3} ${src3} - -# NOLINK TEST - -rm -f ${src1} ${src2} ${src3} +rm -f ${src} -genprofile ${src1}:$nolinkperm ${src2}:$nolinkperm ${src3}:$nolinkperm $target:$nolinkperm +genprofile ${src}:$badperm -runchecktest "NOLINK PERM (absolute)" fail $target ${src1} -runchecktest "NOLINK PERM (same dir)" fail ${path2} ${src2} -runchecktest "NOLINK PERM (relative)" fail ${path3} ${src3} +runchecktest "SYMLINK/NO-WRITE PERMS" fail $target ${src} Index: subdomain/Makefile =================================================================== --- subdomain.orig/Makefile +++ subdomain/Makefile @@ -41,6 +41,7 @@ SRC=access.c \ rename.c \ readdir.c \ rw.c \ + symlink.c \ syscall_mknod.c \ swap.c \ syscall_chroot.c \ @@ -124,6 +125,7 @@ TESTS=access \ swap \ sd_flags \ setattr \ + symlink \ syscall \ unix_fd_server \ unlink\