[apparmor] [PATCH v3 4/7] tests: Test the getattr permission in unix_socket_client
Tyler Hicks
tyhicks at canonical.com
Mon Sep 29 23:59:36 UTC 2014
On 2014-09-25 03:19:08, Steve Beattie wrote:
> On Mon, Sep 22, 2014 at 07:09:14PM -0500, Tyler Hicks wrote:
> > The client will now do a getsockname() on its socket in order to test
> > the AppArmor 'getattr' unix rule permission.
> >
> > Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
>
> Acked-by: Steve Beattie <steve at nxnw.org>
>
> Though I'd like to see a couple of future changes:
>
> 1) only the client needs the getattr permission, would be better to only
> grant it there.
I've sent out the following patch to address #1:
[PATCH v3 8/7] tests: Separate client and server AF_UNIX pathname permissions
>
> 2) negative test for the getattr permission on the client.
I've sent out the following patch to address #2:
[PATCH v3 9/7] tests: Add negative tests for missing individual AF_UNIX pathname perms
It turns out that these new tests caught a bug. Good suggestion! :)
>
> Thanks.
Thanks for your reviews and the feedback.
Tyler
>
> > diff --git a/tests/regression/apparmor/unix_socket_pathname.sh b/tests/regression/apparmor/unix_socket_pathname.sh
> > index af73593..78f62b4 100755
> > --- a/tests/regression/apparmor/unix_socket_pathname.sh
> > +++ b/tests/regression/apparmor/unix_socket_pathname.sh
> > @@ -49,9 +49,10 @@ fi
> > # af_unix support requires 'unix create' to call socket()
> > # af_unix support requires 'unix getopt' to call getsockopt()
> > # af_unix support requires 'unix setopt' to call setsockopt()
> > +# af_unix support requires 'unix getattr' to call getsockname()
> > af_unix=
> > if [ "$(have_features network/af_unix)" == "true" ] ; then
> > - af_unix="unix:(create,getopt,setopt)"
> > + af_unix="unix:(create,getopt,setopt,getattr)"
> > fi
> >
> > okclient=rw
>
>
>
> --
> Steve Beattie
> <sbeattie at ubuntu.com>
> http://NxNW.org/~steve/
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140929/36a10813/attachment.pgp>
More information about the AppArmor
mailing list