[apparmor] [PATCH v2] tests: Add pivot_root tests
Seth Arnold
seth.arnold at canonical.com
Tue Apr 15 02:35:39 UTC 2014
On Mon, Apr 14, 2014 at 05:20:28PM -0500, Tyler Hicks wrote:
> This test attempts to clone itself in a new mount namespace, pivot root
> into a new filesystem (ext2 disk image mounted over loopback), and then
> verify that a profile transition, if one was specified in the pivot_root
> rule, has properly occurred.
>
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
Acked-by: Seth Arnold <seth.arnold at canonical.com>
with one question:
> --- /dev/null
> +++ b/tests/regression/apparmor/pivot_root.sh
> @@ -0,0 +1,164 @@
> +#! /bin/bash
> +# Copyright (C) 2014 Canonical, Ltd.
> +#
> +# This program is free software; you can redistribute it and/or
> +# modify it under the terms of the GNU General Public License as
> +# published by the Free Software Foundation, version 2 of the
> +# License.
> +
> +#=NAME mount
> +#=DESCRIPTION
> +# This test verifies that the pivot_root syscall is indeed restricted for
> +# confined processes.
> +#=END
Is NAME mount the right thing here?
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140414/a7f45497/attachment.pgp>
More information about the AppArmor
mailing list