mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-07 01:41:00 +01:00
789c323bfe
- includes patches to handle access to change_hat /proc/<pid>/attr/current being a parser rule - the working updated ptrace patches - update for the change in sysctl behavior from cap_sys_admin to profile entries
114 lines
3.1 KiB
Diff
114 lines
3.1 KiB
Diff
|
|
---
|
|
tests/regression/subdomain/Makefile | 2 +
|
|
tests/regression/subdomain/symlink.c | 4 ---
|
|
tests/regression/subdomain/symlink.sh | 42 ++++++++--------------------------
|
|
3 files changed, 14 insertions(+), 34 deletions(-)
|
|
|
|
Index: subdomain/symlink.c
|
|
===================================================================
|
|
--- subdomain.orig/symlink.c
|
|
+++ subdomain/symlink.c
|
|
@@ -1,13 +1,11 @@
|
|
/*
|
|
-
|
|
-/*
|
|
* Copyright (C) 2002-2005 Novell/SUSE
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License as
|
|
* published by the Free Software Foundation, version 2 of the
|
|
* License.
|
|
- */
|
|
+ *
|
|
* $Id: symlink.c 61 2006-05-19 18:32:14Z steve-beattie $
|
|
*/
|
|
|
|
Index: subdomain/symlink.sh
|
|
===================================================================
|
|
--- subdomain.orig/symlink.sh
|
|
+++ subdomain/symlink.sh
|
|
@@ -9,9 +9,7 @@
|
|
# License.
|
|
|
|
#=NAME symlink
|
|
-#=DESCRIPTION As the 'link' test but for symbolic rather than hard links
|
|
-
|
|
-echo "symlink mediation in AppArmor has been removed"; exit 1
|
|
+#=DESCRIPTION creating a symlink should require write access to the new name
|
|
|
|
pwd=`dirname $0`
|
|
pwd=`cd $pwd ; /bin/pwd`
|
|
@@ -20,42 +18,24 @@ bin=$pwd
|
|
|
|
. $bin/prologue.inc
|
|
|
|
-src1=$tmpdir/src1
|
|
-src2=$tmpdir/src2
|
|
-src3=$tmpdir/src3
|
|
+src=$tmpdir/src1
|
|
target=$tmpdir/target
|
|
-path2=target
|
|
-path3=$(echo $tmpdir | sed -e "s|/[^/]*|../|g")${target}
|
|
-okperm=rwixl
|
|
-badperm=rwl
|
|
-nolinkperm=rwix
|
|
|
|
-touch $target
|
|
+okperm=w
|
|
+badperm=rlixm
|
|
+
|
|
+touch $target
|
|
|
|
# PASS TEST
|
|
|
|
-genprofile ${src1}:$okperm ${src2}:$okperm ${src3}:$okperm $target:$nolinkperm
|
|
+genprofile ${src}:$okperm
|
|
|
|
-runchecktest "MATCHING PERM (absolute)" pass $target ${src1}
|
|
-runchecktest "MATCHING PERM (same dir)" pass ${path2} ${src2}
|
|
-runchecktest "MATCHING PERM (relative)" pass ${path3} ${src3}
|
|
+runchecktest "SYMLINK/WRITE PERMS" pass $target ${src}
|
|
|
|
# FAILURE TEST
|
|
|
|
-rm -f ${src1} ${src2} ${src3}
|
|
-
|
|
-genprofile ${src1}:$badperm ${src2}:$badperm ${src3}:$badperm $target:$nolinkperm
|
|
-
|
|
-runchecktest "NONMATCHING PERM (absolute)" fail $target ${src1}
|
|
-runchecktest "NONMATCHING PERM (same dir)" fail ${path2} ${src2}
|
|
-runchecktest "NONMATCHING PERM (relative)" fail ${path3} ${src3}
|
|
-
|
|
-# NOLINK TEST
|
|
-
|
|
-rm -f ${src1} ${src2} ${src3}
|
|
+rm -f ${src}
|
|
|
|
-genprofile ${src1}:$nolinkperm ${src2}:$nolinkperm ${src3}:$nolinkperm $target:$nolinkperm
|
|
+genprofile ${src}:$badperm
|
|
|
|
-runchecktest "NOLINK PERM (absolute)" fail $target ${src1}
|
|
-runchecktest "NOLINK PERM (same dir)" fail ${path2} ${src2}
|
|
-runchecktest "NOLINK PERM (relative)" fail ${path3} ${src3}
|
|
+runchecktest "SYMLINK/NO-WRITE PERMS" fail $target ${src}
|
|
Index: subdomain/Makefile
|
|
===================================================================
|
|
--- subdomain.orig/Makefile
|
|
+++ subdomain/Makefile
|
|
@@ -41,6 +41,7 @@ SRC=access.c \
|
|
rename.c \
|
|
readdir.c \
|
|
rw.c \
|
|
+ symlink.c \
|
|
syscall_mknod.c \
|
|
swap.c \
|
|
syscall_chroot.c \
|
|
@@ -124,6 +125,7 @@ TESTS=access \
|
|
swap \
|
|
sd_flags \
|
|
setattr \
|
|
+ symlink \
|
|
syscall \
|
|
unix_fd_server \
|
|
unlink\
|