[apparmor] [PATCH] (re?)add coredump regression test
Kees Cook
kees at ubuntu.com
Mon Jul 26 07:40:19 BST 2010
The coredump regression test existed in the tree, but was not hooked up to
the testsuite. It looks like coredump mediation may have been removed,
since it is rather a corner-case, so I have currently marked it as XFAIL.
In hooking it back up, the "prologue.inc" was reviewed, dead code dropped,
and the "image=" argument changed to correctly handle the imageperms
syntax used elsewhere. It was working in other tests out of coincidence.
=== modified file '.bzrignore'
--- .bzrignore 2010-07-24 15:54:38 +0000
+++ .bzrignore 2010-07-24 16:00:29 +0000
@@ -237,3 +237,4 @@
tests/regression/apparmor/unix_fd_server
tests/regression/apparmor/unlink
tests/regression/apparmor/xattrs
+tests/regression/apparmor/coredump
=== modified file 'tests/regression/apparmor/Makefile'
--- tests/regression/apparmor/Makefile 2010-07-24 15:58:19 +0000
+++ tests/regression/apparmor/Makefile 2010-07-24 16:00:29 +0000
@@ -22,6 +22,7 @@
chmod.c \
chown.c \
clone.c \
+ coredump.c \
deleted.c \
environ.c \
env_check.c \
@@ -113,6 +114,7 @@
changehat_misc \
chdir \
clone \
+ coredump \
deleted \
environ \
exec \
=== modified file 'tests/regression/apparmor/coredump.c'
--- tests/regression/apparmor/coredump.c 2006-05-19 17:32:14 +0000
+++ tests/regression/apparmor/coredump.c 2010-07-24 16:00:29 +0000
@@ -1,7 +1,9 @@
+#include <stdio.h>
int *ptr;
/*
* Copyright (C) 2002-2005 Novell/SUSE
+ * Copyright (C) 2010 Canonical, Ltd
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
@@ -9,7 +11,7 @@
* License.
*/
-main()
+int main(int argc, char *argv[])
{
printf("This will cause a sigsegv\n");
=== modified file 'tests/regression/apparmor/coredump.sh'
--- tests/regression/apparmor/coredump.sh 2006-05-19 17:32:14 +0000
+++ tests/regression/apparmor/coredump.sh 2010-07-24 16:00:29 +0000
@@ -1,7 +1,6 @@
#! /bin/bash
-# $Id$
-
# Copyright (C) 2002-2005 Novell/SUSE
+# Copyright (C) 2010 Canonical, Ltd
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
@@ -11,26 +10,52 @@
#=NAME coredump
#=DESCRIPTION coredump test
+cleancorefile()
+{
+ rm -f core core.*
+}
+
checkcorefile()
{
-_corefilelist=`echo core.*`
-if [ "$_corefilelist" = "core.*" ]
-then
- _corefile=no
-else
- _corefile=yes
-fi
-
-if [ "$1" = "yes" -a "$_corefile" = "no" ]
-then
- echo "Error: corefile expected but not present - $2"
-elif [ "$1" = "no" -a "$_corefile" = "yes" ]
-then
- echo "Error: corefile present when not expected -- $2"
-fi
-
-unset _corefile _corefilelist
-rm -f core.*
+ # global _testdesc _pfmode _known outfile
+ if [ ${1:0:1} == "x" ] ; then
+ requirement=${1#x}
+ _known=" (known problem)"
+ else
+ requirement=$1
+ _known=""
+ fi
+
+ _corefilelist=`echo core.*`
+ if [ ! -f core ] && [ "$_corefilelist" = "core.*" ]
+ then
+ _corefile=no
+ else
+ _corefile=yes
+ fi
+
+ if [ "$requirement" = "yes" -a "$_corefile" = "no" ] ; then
+ if [ -n $_known ] ; then
+ echo -n "XFAIL: "
+ fi
+ echo "Error: corefile expected but not present - $2"
+ if [ -z $_known ] ; then
+ cat $profile
+ testfailed
+ fi
+ elif [ "$requirement" = "no" -a "$_corefile" = "yes" ] ; then
+ if [ -n "$_known" ] ; then
+ echo -n "XFAIL: "
+ fi
+ echo "Error: corefile present when not expected -- $2"
+ if [ -z "$_known" ] ; then
+ cat $profile
+ testfailed
+ fi
+ fi
+
+ unset _corefile _corefilelist
+ cleancorefile
}
pwd=`dirname $0`
@@ -45,15 +70,18 @@
# enable coredumps
ulimit -c 1000000
+cleancorefile
+checkcorefile no "COREDUMP (starting with clean slate)"
# PASS TEST, no confinement
+cleancorefile
echo "*** A 'Segmentation Fault' message from bash is expected for the following test"
runchecktest "COREDUMP (no confinement)" signal11
checkcorefile yes "COREDUMP (no confinement)"
# PASS TEST, with r confinement
-genprofile $test:$coreperm
-cat $profile
+cleancorefile
+genprofile image=$test:$coreperm
echo
echo "*** A 'Segmentation Fault' message from bash is expected for the following test"
@@ -61,10 +89,10 @@
checkcorefile yes "COREDUMP ($coreperm confinement)"
# FAIL TEST, with x confinement
-genprofile $test:$nocoreperm
-cat $profile
+cleancorefile
+genprofile image=$test:$nocoreperm
echo
echo "*** A 'Segmentation Fault' message from bash is expected for the following test"
runchecktest "COREDUMP ($nocoreperm confinement)" signal11
-checkcorefile no "COREDUMP ($nocoreperm confinement)"
+checkcorefile xno "COREDUMP ($nocoreperm confinement)"
=== modified file 'tests/regression/apparmor/prologue.inc'
--- tests/regression/apparmor/prologue.inc 2010-07-24 15:57:24 +0000
+++ tests/regression/apparmor/prologue.inc 2010-07-24 16:00:29 +0000
@@ -415,22 +415,12 @@
# it is most often used after --, in fact it is basically
# mandatory after --
case "$1" in
- profile=*) imagename=`echo $1 | sed 's/^profile=[rix]*//'`
- perm=`echo $1 | sed -n 's/^profile=\([rix]*\).*$/\1/p'`
- if [ -n "$perm" ]
- then
- imageperm=$perm
- fi
- num_emitted=0
- shift
- ;;
-
- image=*) imagename=`echo $1 | sed 's/^image=[rix]*//'`
+ image=*) imagename=`echo $1 | sed 's/^image=\([^:]*\).*$/\1/'`
if [ ! -x "$imagename" ]
then
fatalerror "invalid imagename specified in input '$1'"
fi
- perm=`echo $1 | sed -n 's/^image=\([rix]*\).*$/\1/p'`
+ perm=`echo $1 | sed -n 's/^image=[^:]*:\(.*\)$/\1/p'`
if [ -n "$perm" ]
then
imageperm=$perm
--
Kees Cook
Ubuntu Security Team
More information about the AppArmor
mailing list