[apparmor] [PATCH] tests: Allow stacking tests to use system programs and libraries
Tyler Hicks
tyhicks at canonical.com
Tue Mar 29 16:22:46 UTC 2016
On 2016-03-29 11:07:44, Tyler Hicks wrote:
> On 2016-03-28 23:55:42, Steve Beattie wrote:
> > On Fri, Mar 25, 2016 at 11:37:31AM -0500, Tyler Hicks wrote:
> > > The stacking tests worked fine when using in-tree programs and libraries
> > > but the tests unexpectedly failed when USE_SYSTEM=1 was specified. This
> > > patch makes use of the addimage:$test argument to mkprofile.pl to
> > > generate the correct file permissions needed to use the system binaries.
> > >
> > > Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
> >
> > Acked-by: Steve Beattie <steve at nxnw.org>, thanks.
> >
> > Though, looking at what/why you're trying to solve with this, it might
> > make sense to extend mkprofile.pl and prologue.inc to support a
> > profile=XXX option that doesn't have the strict restrictions on existing
> > binaries that image= does.
>
> Agreed. I've got a growing list of mkprofile.pl improvements that I need
> to make. This one, support for policy namespaces, dbus rule support, etc.
After thinking about it a bit more, profile=XXX doesn't solve this
issue. It only solves the problem of having to use another, existing
test binary (rename and exec in this case) for the image=XXX option. I'd
still need addimage=$test to grant the necessary perms to execute $test
even if the profile name could be something arbitrary such as
"other_test_profile".
Tyler
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160329/f3904800/attachment.pgp>
More information about the AppArmor
mailing list