mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-09 10:51:03 +01:00
789c323bfe
- includes patches to handle access to change_hat /proc/<pid>/attr/current being a parser rule - the working updated ptrace patches - update for the change in sysctl behavior from cap_sys_admin to profile entries
21 lines
961 B
Diff
21 lines
961 B
Diff
Index: subdomain/exec_qual.sh
|
|
===================================================================
|
|
--- subdomain.orig/exec_qual.sh
|
|
+++ subdomain/exec_qual.sh
|
|
@@ -140,11 +140,13 @@ genprofile $test2:ux
|
|
local_runchecktest "enforce ux case1" pass "unconstrained" $test2 $file
|
|
|
|
# constrained parent, exec child with conflicting exec qualifiers
|
|
+# that overlap in such away that px is prefered (ix is glob, px is exact
|
|
+# match). Other overlap tests should be in the parser.
|
|
# case 1:
|
|
-# expected behaviour: exec of child fails
|
|
+# expected behaviour: exec of child passes
|
|
|
|
-genprofile $test2_rex1:px $test2_rex2:ix -- image=$test2 $file:$fileperm
|
|
-local_runchecktest "enforce conflicting exec qual" fail "n/a" $test2 $file
|
|
+genprofile $test2:px $test2_rex1:ix -- image=$test2 $file:$fileperm
|
|
+local_runchecktest "enforce conflicting exec qual" pass $test2 $test2 $file
|
|
|
|
# unconstrained parent
|
|
# case 1: child profile exists, child profile grants access
|