[apparmor] [PATCH 2/2] tests: Add named_pipe tests containing bad parent and child perms
Steve Beattie
steve at nxnw.org
Tue Jun 10 22:01:09 UTC 2014
On Tue, Jun 10, 2014 at 12:08:21PM -0500, Tyler Hicks wrote:
> Add two tests that verify AppArmor denials when one end of the pipe has
> bad access permissions to the pipe.
>
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
Looks good, Acked-by: Steve Beattie <steve at nxnw.org>. Thanks.
> ---
> tests/regression/apparmor/named_pipe.sh | 16 ++++++++++++++++
> 1 file changed, 16 insertions(+)
>
> diff --git a/tests/regression/apparmor/named_pipe.sh b/tests/regression/apparmor/named_pipe.sh
> index bc8c0e7..24c36a7 100755
> --- a/tests/regression/apparmor/named_pipe.sh
> +++ b/tests/regression/apparmor/named_pipe.sh
> @@ -29,9 +29,11 @@ okperm=rw
>
> subparent=parent
> okparent=r
> +badparent=w
>
> subchild=child
> okchild=w
> +badchild=r
>
> # Add genprofile params that are common to all hats here
> common=""
> @@ -93,3 +95,17 @@ genprofile hat:$subparent $common \
> hat:$subchild $common ${fifo}:${okchild}
>
> runchecktest "NAMED PIPE W (parent & child subprofiles)" fail ${subparent} ${subchild} ${fifo}
> +
> +# PIPE - in separate subprofiles - bad access for child
> +
> +genprofile hat:$subparent $common ${fifo}:${okparent} \
> + hat:$subchild $common ${fifo}:${badchild}
> +
> +runchecktest "NAMED PIPE bad child (parent & child subprofiles)" fail ${subparent} ${subchild} ${fifo}
> +
> +# PIPE - in separate subprofiles - bad access for parent
> +
> +genprofile hat:$subparent $common ${fifo}:${badparent} \
> + hat:$subchild $common ${fifo}:${okchild}
> +
> +runchecktest "NAMED PIPE bad parent (parent & child subprofiles)" fail ${subparent} ${subchild} ${fifo}
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140610/c3383cd6/attachment.pgp>
More information about the AppArmor
mailing list