[apparmor] [PATCH v2] tests: Add pivot_root tests
Tyler Hicks
tyhicks at canonical.com
Tue Apr 15 02:43:44 UTC 2014
On 2014-04-14 19:35:39, Seth Arnold wrote:
> On Mon, Apr 14, 2014 at 05:20:28PM -0500, Tyler Hicks wrote:
> > This test attempts to clone itself in a new mount namespace, pivot root
> > into a new filesystem (ext2 disk image mounted over loopback), and then
> > verify that a profile transition, if one was specified in the pivot_root
> > rule, has properly occurred.
> >
> > Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
>
> Acked-by: Seth Arnold <seth.arnold at canonical.com>
Thanks!
>
> with one question:
>
> > --- /dev/null
> > +++ b/tests/regression/apparmor/pivot_root.sh
> > @@ -0,0 +1,164 @@
> > +#! /bin/bash
> > +# Copyright (C) 2014 Canonical, Ltd.
> > +#
> > +# This program is free software; you can redistribute it and/or
> > +# modify it under the terms of the GNU General Public License as
> > +# published by the Free Software Foundation, version 2 of the
> > +# License.
> > +
> > +#=NAME mount
> > +#=DESCRIPTION
> > +# This test verifies that the pivot_root syscall is indeed restricted for
> > +# confined processes.
> > +#=END
>
> Is NAME mount the right thing here?
Nope. I've changed it to pivot_root in my local copy of this patch.
Thanks!
Tyler
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140414/a527bf90/attachment.pgp>
More information about the AppArmor
mailing list