[apparmor] [patch] Add tests for various rules outside of a profile

John Johansen john.johansen at canonical.com
Mon Oct 19 18:54:53 UTC 2015


On 10/18/2015 09:36 AM, Christian Boltz wrote:
> Hello,
> 
> $subject ;-)
> 
> All of those tests are expected to fail.
> 
Acked-by: John Johansen <john.johansen at canonical.com>

> 
> [ add-tests-for-rules-outside-of-profile.diff ]
> 
> === added file 'parser/tst/simple_tests/capability/bad_outside1.sd'
> --- parser/tst/simple_tests/capability/bad_outside1.sd  1970-01-01 00:00:00 +0000
> +++ parser/tst/simple_tests/capability/bad_outside1.sd  2015-10-18 16:10:45 +0000
> @@ -0,0 +1,7 @@
> +#
> +#=DESCRIPTION capability rule outside of a profile
> +#=EXRESULT FAIL
> +#
> +
> +capability,
> +
> 
> === added file 'parser/tst/simple_tests/change_profile/bad_outside_1.sd'
> --- parser/tst/simple_tests/change_profile/bad_outside_1.sd     1970-01-01 00:00:00 +0000
> +++ parser/tst/simple_tests/change_profile/bad_outside_1.sd     2015-10-18 16:15:25 +0000
> @@ -0,0 +1,7 @@
> +#
> +#=DESCRIPTION change_profile rule outside of a profile
> +#=EXRESULT FAIL
> +#
> +
> +change_profile -> /bin/foo,
> +
> 
> === added file 'parser/tst/simple_tests/dbus/bad_outside_1.sd'
> --- parser/tst/simple_tests/dbus/bad_outside_1.sd       1970-01-01 00:00:00 +0000
> +++ parser/tst/simple_tests/dbus/bad_outside_1.sd       2015-10-18 16:19:26 +0000
> @@ -0,0 +1,5 @@
> +#
> +#=DESCRIPTION dbus rule outside of a profile
> +#=EXRESULT FAIL
> +
> +dbus name=(SomeService),
> 
> === added file 'parser/tst/simple_tests/file/bad_bare_file_outside.sd'
> --- parser/tst/simple_tests/file/bad_bare_file_outside.sd       1970-01-01 00:00:00 +0000
> +++ parser/tst/simple_tests/file/bad_bare_file_outside.sd       2015-10-18 16:16:57 +0000
> @@ -0,0 +1,7 @@
> +#
> +#=DESCRIPTION bare file rule outside of a profile
> +#=EXRESULT FAIL
> +#
> +
> +file,
> +
> 
> === added file 'parser/tst/simple_tests/file/bad_link_outside.sd'
> --- parser/tst/simple_tests/file/bad_link_outside.sd    1970-01-01 00:00:00 +0000
> +++ parser/tst/simple_tests/file/bad_link_outside.sd    2015-10-18 16:12:27 +0000
> @@ -0,0 +1,7 @@
> +#
> +#=DESCRIPTION link rule outside of a profile
> +#=EXRESULT FAIL
> +#
> +
> +deny link /alpha/beta -> /tmp/**,
> +
> 
> === added file 'parser/tst/simple_tests/mount/bad_outside_1.sd'
> --- parser/tst/simple_tests/mount/bad_outside_1.sd      1970-01-01 00:00:00 +0000
> +++ parser/tst/simple_tests/mount/bad_outside_1.sd      2015-10-18 16:20:23 +0000
> @@ -0,0 +1,6 @@
> +#
> +#=Description mount rule outside of a profile
> +#=EXRESULT FAIL
> +#
> +
> +  mount,
> 
> === added file 'parser/tst/simple_tests/network/bad_network_outside_1.sd'
> --- parser/tst/simple_tests/network/bad_network_outside_1.sd    1970-01-01 00:00:00 +0000
> +++ parser/tst/simple_tests/network/bad_network_outside_1.sd    2015-10-18 16:26:55 +0000
> @@ -0,0 +1,7 @@
> +#
> +#=DESCRIPTION network rule outside of a profile
> +#=EXRESULT FAIL
> +#
> +
> +network,
> +
> 
> === added file 'parser/tst/simple_tests/ptrace/bad_outside_01.sd'
> --- parser/tst/simple_tests/ptrace/bad_outside_01.sd    1970-01-01 00:00:00 +0000
> +++ parser/tst/simple_tests/ptrace/bad_outside_01.sd    2015-10-18 16:21:59 +0000
> @@ -0,0 +1,7 @@
> +#
> +#=Description ptrace all rule outside of a profile
> +#=EXRESULT FAIL
> +#
> +
> +  ptrace,
> +
> 
> === added file 'parser/tst/simple_tests/rlimits/bad_rlimit_outside_01.sd'
> --- parser/tst/simple_tests/rlimits/bad_rlimit_outside_01.sd    1970-01-01 00:00:00 +0000
> +++ parser/tst/simple_tests/rlimits/bad_rlimit_outside_01.sd    2015-10-18 16:16:15 +0000
> @@ -0,0 +1,5 @@
> +#
> +#=DESCRIPTION simple cpu rlimit rule outside of a profile
> +#=EXRESULT FAIL
> +
> +set rlimit cpu <= 1024,
> 
> === added file 'parser/tst/simple_tests/signal/bad_outside_01.sd'
> --- parser/tst/simple_tests/signal/bad_outside_01.sd    1970-01-01 00:00:00 +0000
> +++ parser/tst/simple_tests/signal/bad_outside_01.sd    2015-10-18 16:21:20 +0000
> @@ -0,0 +1,7 @@
> +#
> +#=Description signal rule outside of a profile
> +#=EXRESULT FAIL
> +#
> +
> +  signal,
> +
> 
> === added file 'parser/tst/simple_tests/unix/bad_outside_1.sd'
> --- parser/tst/simple_tests/unix/bad_outside_1.sd       1970-01-01 00:00:00 +0000
> +++ parser/tst/simple_tests/unix/bad_outside_1.sd       2015-10-18 16:24:03 +0000
> @@ -0,0 +1,5 @@
> +#
> +#=DESCRIPTION unix accept rule outside of a profile
> +#=EXRESULT FAIL
> +
> +  unix accept,
> 
> 
> 
> Regards,
> 
> Christian Boltz
> 




More information about the AppArmor mailing list