[apparmor] Add readdir 'file' tests (was Re: [PATCH 4/4] Fix the bare file rule so that it grants access to to root)
John Johansen
john.johansen at canonical.com
Thu Mar 15 23:30:54 UTC 2012
On 03/15/2012 03:46 PM, Steve Beattie wrote:
> On Thu, Mar 15, 2012 at 12:13:01PM -0700, Steve Beattie wrote:
>> On Thu, Mar 15, 2012 at 09:36:28AM -0700, John Johansen wrote:
>>> +# Test the raw 'file,' rule allows accessing root
>>> +runchecktest "OPEN 'file' R" pass "/"
>>> +
>>
>> this test is wrong, as the open will fail opening a directory ('/'). The
>> readdir.sh test script is probably where you want to test this.
>
> I saw you committed the patch without the testcase. Here's a testcase
> that reproduces the issue, and verifies that it's fixed (it also cleans
> up the readdir test a bit):
Right I knew the patch worked from manual testing, and I didn't want to
delay committing until I got the test case updated.
Thanks for taking care of it
Acked-by: John Johansen <john.johansen at canonical.com>
>
> === modified file 'tests/regression/apparmor/readdir.sh'
> --- tests/regression/apparmor/readdir.sh 2010-12-20 20:29:10 +0000
> +++ tests/regression/apparmor/readdir.sh 2012-03-15 22:35:23 +0000
> @@ -26,14 +26,20 @@
>
> mkdir $dir
>
> -# CHDIR TEST
> -
> +# READDIR TEST
> genprofile $dir/:$okperm
> -
> runchecktest "READDIR" pass $dir
>
> -# CHDIR TEST (no perm)
> -
> +# READDIR TEST (no perm)
> genprofile $dir/:$badperm
> -
> runchecktest "READDIR (no perm)" fail $dir
> +
> +# this test is to make sure the raw 'file' rule allows access
> +# to directories
> +genprofile file
> +runchecktest "READDIR 'file' dir" pass $dir
> +
> +# this test is to make sure the raw 'file' rule allows access
> +# to '/'
> +genprofile file
> +runchecktest "READDIR 'file' '/'" pass '/'
>
>
>
>
>
More information about the AppArmor
mailing list