[apparmor] [PATCH 2/2] tests: Add named_pipe tests containing bad parent and child perms
Tyler Hicks
tyhicks at canonical.com
Tue Jun 10 17:08:21 UTC 2014
Add two tests that verify AppArmor denials when one end of the pipe has
bad access permissions to the pipe.
Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
---
tests/regression/apparmor/named_pipe.sh | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/tests/regression/apparmor/named_pipe.sh b/tests/regression/apparmor/named_pipe.sh
index bc8c0e7..24c36a7 100755
--- a/tests/regression/apparmor/named_pipe.sh
+++ b/tests/regression/apparmor/named_pipe.sh
@@ -29,9 +29,11 @@ okperm=rw
subparent=parent
okparent=r
+badparent=w
subchild=child
okchild=w
+badchild=r
# Add genprofile params that are common to all hats here
common=""
@@ -93,3 +95,17 @@ genprofile hat:$subparent $common \
hat:$subchild $common ${fifo}:${okchild}
runchecktest "NAMED PIPE W (parent & child subprofiles)" fail ${subparent} ${subchild} ${fifo}
+
+# PIPE - in separate subprofiles - bad access for child
+
+genprofile hat:$subparent $common ${fifo}:${okparent} \
+ hat:$subchild $common ${fifo}:${badchild}
+
+runchecktest "NAMED PIPE bad child (parent & child subprofiles)" fail ${subparent} ${subchild} ${fifo}
+
+# PIPE - in separate subprofiles - bad access for parent
+
+genprofile hat:$subparent $common ${fifo}:${badparent} \
+ hat:$subchild $common ${fifo}:${okchild}
+
+runchecktest "NAMED PIPE bad parent (parent & child subprofiles)" fail ${subparent} ${subchild} ${fifo}
--
1.9.1
More information about the AppArmor
mailing list