[apparmor] Add readdir 'file' tests (was Re: [PATCH 4/4] Fix the bare file rule so that it grants access to to root)
Steve Beattie
steve at nxnw.org
Thu Mar 15 22:46:00 UTC 2012
On Thu, Mar 15, 2012 at 12:13:01PM -0700, Steve Beattie wrote:
> On Thu, Mar 15, 2012 at 09:36:28AM -0700, John Johansen wrote:
> > +# Test the raw 'file,' rule allows accessing root
> > +runchecktest "OPEN 'file' R" pass "/"
> > +
>
> this test is wrong, as the open will fail opening a directory ('/'). The
> readdir.sh test script is probably where you want to test this.
I saw you committed the patch without the testcase. Here's a testcase
that reproduces the issue, and verifies that it's fixed (it also cleans
up the readdir test a bit):
=== modified file 'tests/regression/apparmor/readdir.sh'
--- tests/regression/apparmor/readdir.sh 2010-12-20 20:29:10 +0000
+++ tests/regression/apparmor/readdir.sh 2012-03-15 22:35:23 +0000
@@ -26,14 +26,20 @@
mkdir $dir
-# CHDIR TEST
-
+# READDIR TEST
genprofile $dir/:$okperm
-
runchecktest "READDIR" pass $dir
-# CHDIR TEST (no perm)
-
+# READDIR TEST (no perm)
genprofile $dir/:$badperm
-
runchecktest "READDIR (no perm)" fail $dir
+
+# this test is to make sure the raw 'file' rule allows access
+# to directories
+genprofile file
+runchecktest "READDIR 'file' dir" pass $dir
+
+# this test is to make sure the raw 'file' rule allows access
+# to '/'
+genprofile file
+runchecktest "READDIR 'file' '/'" pass '/'
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20120315/8c5256b8/attachment-0001.pgp>
More information about the AppArmor
mailing list