mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-06 17:31:01 +01:00
b0733fb3a4
comments and descriptions. A later patch will fix it for the few testcases that actually check the value in /proc/pid/attr/current.
72 lines
1.3 KiB
Bash
Executable file
72 lines
1.3 KiB
Bash
Executable file
#! /bin/bash
|
|
# $Id$
|
|
|
|
# Copyright (C) 2002-2005 Novell/SUSE
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU General Public License as
|
|
# published by the Free Software Foundation, version 2 of the
|
|
# License.
|
|
|
|
#=NAME exec
|
|
#=DESCRIPTION Runs exec() through ux, ix & px functionality
|
|
|
|
pwd=`dirname $0`
|
|
pwd=`cd $pwd ; /bin/pwd`
|
|
|
|
bin=$pwd
|
|
|
|
. $bin/prologue.inc
|
|
|
|
file=/bin/true
|
|
ok_ix_perm=rix
|
|
badperm=r
|
|
ok_ux_perm=ux
|
|
ok_px_perm=px
|
|
bad_mx_perm=rm
|
|
|
|
# PASS TEST - inherited
|
|
|
|
genprofile $file:$ok_ix_perm
|
|
|
|
runchecktest "EXEC with ix" pass $file
|
|
|
|
# PASS TEST - unconfined
|
|
|
|
genprofile $file:$ok_ux_perm
|
|
|
|
runchecktest "EXEC with ux" pass $file
|
|
|
|
# PASS TEST - profiled
|
|
|
|
genprofile $file:$ok_px_perm -- image=$file
|
|
|
|
runchecktest "EXEC with px" pass $file
|
|
|
|
# FAIL TEST - px/no profile
|
|
|
|
genprofile $file:$ok_px_perm
|
|
|
|
runchecktest "EXEC with px - no profile" fail $file
|
|
|
|
# NOLINK PERMTEST
|
|
|
|
genprofile $file:$badperm
|
|
|
|
runchecktest "EXEC no x" fail $file
|
|
|
|
# MMAP exec
|
|
|
|
genprofile $file:$bad_mx_perm
|
|
|
|
runchecktest "EXEC mmap x" fail $file
|
|
|
|
# UNCONFINED -> CONFINED
|
|
|
|
genprofile image=$file
|
|
runchecktest "EXEC unconfined -> confined" pass $file
|
|
|
|
# UNCONFINED -> CONFINED no access to self binary
|
|
|
|
genprofile -N image=$file "/lib/ld*.so*:rix" "/lib/lib*.so*:rm"
|
|
runchecktest "EXEC unconfined -> confined/no access to self" pass $file
|