[apparmor] [PATCH] clarify "deleted" test case
Kees Cook
kees.cook at canonical.com
Mon Jul 26 18:49:04 BST 2010
On Mon, Jul 26, 2010 at 02:58:42AM -0700, John Johansen wrote:
> On 07/25/2010 11:36 PM, Kees Cook wrote:
> > Fixes "deleted" test case to match the documentation for the expected
> > outcome. Adds additional positive test, fixes spelling.
> >
> generally looks good but again doesn't apply
Try now that the rename has been committed.
>
> > genprofile $file:$okperm $socket:rw $fd_client:px -- image=$fd_client $file:$badperm $socket:rw
> > -runchecktest "fd passing; confined client w/ w only" pass $file $socket $fd_client "delete_file"
> > +runchecktest "fd passing; confined client w/ w only" fail $file $socket $fd_client "delete_file"
> >
> Hrrm, while I believe this is correct I need to spend some more time looking at it
Yeah, I spent some time reviewing this since the comment about it and the
outcome argument didn't agree. On review, it seemed like failure was the
correct outcome (i.e. can't read the passed fd if you're not allowed to
read it).
I'll wait to commit until someone ACKs this one.
-Kees
--
Kees Cook
Ubuntu Security Team
More information about the AppArmor
mailing list