On Tue, Jun 10, 2014 at 11:56:20AM -0500, Tyler Hicks wrote: > On 2014-06-09 22:15:08, Steve Beattie wrote: > > Some additional test dimensions to consider: > > 1) parent or child in a hat, but not the other > > Which one of these two scenarios are you talking about: > > 1) One process in the main profile and the other in a hat > 2) One process unconfined and the other in a hat > > The first one is already tested earlier in named_pipe.sh.
Hrm, I must be missing something. When I grep for
runchecktest after applying your patch, I get:
runchecktest "NAMED PIPE (no confinement)" pass nochange nochange ${fifo}
runchecktest "NAMED PIPE RW (confinement)" pass nochange nochange ${fifo}
runchecktest "NAMED PIPE (confinement)" fail nochange nochange ${fifo}
runchecktest "NAMED PIPE RW (subprofile)" pass ${subtest} ${subtest} ${fifo}
runchecktest "NAMED PIPE (subprofile)" fail ${subtest} ${subtest} ${fifo}
runchecktest "NAMED PIPE RW (parent & child subprofiles)" pass ${subparent}
${subchild} ${fifo}
runchecktest "NAMED PIPE R (parent & child subprofiles)" fail ${subparent}
${subchild} ${fifo}
runchecktest "NAMED PIPE W (parent & child subprofiles)" fail ${subparent}
${subchild} ${fifo}
Looking at the passed arguments to the test program, I only see
pairs of nochange/nochange and $HATVAR/$HATVAR, and not any that are
nochange/$HATVAR or vice versa.
> The second one is not currently tested.
That'd be groovy, too, but I recognize is not as simple as modifying
the test script.
--
Steve Beattie
<[email protected]>
http://NxNW.org/~steve/
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
