[apparmor] [PATCH] tests: Add more named pipe tests

Steve Beattie steve at nxnw.org
Tue Jun 10 21:57:45 UTC 2014

On Tue, Jun 10, 2014 at 11:56:20AM -0500, Tyler Hicks wrote:
> On 2014-06-09 22:15:08, Steve Beattie wrote:
> > Some additional test dimensions to consider:
> >  1) parent or child in a hat, but not the other
> Which one of these two scenarios are you talking about:
>   1) One process in the main profile and the other in a hat
>   2) One process unconfined and the other in a hat
> The first one is already tested earlier in named_pipe.sh.

Hrm, I must be missing something. When I grep for
runchecktest after applying your patch, I get:

  runchecktest "NAMED PIPE (no confinement)" pass nochange nochange ${fifo}
  runchecktest "NAMED PIPE RW (confinement)" pass nochange nochange ${fifo}
  runchecktest "NAMED PIPE (confinement)" fail nochange nochange ${fifo}
  runchecktest "NAMED PIPE RW (subprofile)" pass ${subtest} ${subtest} ${fifo}
  runchecktest "NAMED PIPE (subprofile)" fail ${subtest} ${subtest} ${fifo}
  runchecktest "NAMED PIPE RW (parent & child subprofiles)" pass ${subparent} ${subchild} ${fifo}
  runchecktest "NAMED PIPE R (parent & child subprofiles)" fail ${subparent} ${subchild} ${fifo}
  runchecktest "NAMED PIPE W (parent & child subprofiles)" fail ${subparent} ${subchild} ${fifo}

Looking at the passed arguments to the test program, I only see
pairs of nochange/nochange and $HATVAR/$HATVAR, and not any that are
nochange/$HATVAR or vice versa.

> The second one is not currently tested.

That'd be groovy, too, but I recognize is not as simple as modifying
the test script.

Steve Beattie
<sbeattie at ubuntu.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140610/18f4c321/attachment-0001.pgp>

More information about the AppArmor mailing list