[apparmor] [PATCH] tests: Add more named pipe tests
Steve Beattie
steve at nxnw.org
Tue Jun 10 21:57:45 UTC 2014
On Tue, Jun 10, 2014 at 11:56:20AM -0500, Tyler Hicks wrote:
> On 2014-06-09 22:15:08, Steve Beattie wrote:
> > Some additional test dimensions to consider:
> > 1) parent or child in a hat, but not the other
>
> Which one of these two scenarios are you talking about:
>
> 1) One process in the main profile and the other in a hat
> 2) One process unconfined and the other in a hat
>
> The first one is already tested earlier in named_pipe.sh.
Hrm, I must be missing something. When I grep for
runchecktest after applying your patch, I get:
runchecktest "NAMED PIPE (no confinement)" pass nochange nochange ${fifo}
runchecktest "NAMED PIPE RW (confinement)" pass nochange nochange ${fifo}
runchecktest "NAMED PIPE (confinement)" fail nochange nochange ${fifo}
runchecktest "NAMED PIPE RW (subprofile)" pass ${subtest} ${subtest} ${fifo}
runchecktest "NAMED PIPE (subprofile)" fail ${subtest} ${subtest} ${fifo}
runchecktest "NAMED PIPE RW (parent & child subprofiles)" pass ${subparent} ${subchild} ${fifo}
runchecktest "NAMED PIPE R (parent & child subprofiles)" fail ${subparent} ${subchild} ${fifo}
runchecktest "NAMED PIPE W (parent & child subprofiles)" fail ${subparent} ${subchild} ${fifo}
Looking at the passed arguments to the test program, I only see
pairs of nochange/nochange and $HATVAR/$HATVAR, and not any that are
nochange/$HATVAR or vice versa.
> The second one is not currently tested.
That'd be groovy, too, but I recognize is not as simple as modifying
the test script.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140610/18f4c321/attachment-0001.pgp>
More information about the AppArmor
mailing list