Policy namespaces are not well supported in older parsers and kernels. This is a case where the kernel support doesn't seem to be working.
Signed-off-by: Tyler Hicks <[email protected]> --- tests/regression/apparmor/changeprofile.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tests/regression/apparmor/changeprofile.sh b/tests/regression/apparmor/changeprofile.sh index 66b078d..752f8b9 100755 --- a/tests/regression/apparmor/changeprofile.sh +++ b/tests/regression/apparmor/changeprofile.sh @@ -84,7 +84,12 @@ genprofile --stdin <<EOF $test { file, change_profile -> ${nstest}, } $nstest { $subfile ${okperm}, } EOF -runchecktest "CHANGEPROFILE_NS (access sub file)" pass $nstest $subfile +expected_result=pass +if [ "$(kernel_features domain/stack)" != "true" ]; then + # Fails on older kernels due to namespaces not being well supported + expected_result=xpass +fi +runchecktest "CHANGEPROFILE_NS (access sub file)" $expected_result $nstest $subfile runchecktest "CHANGEPROFILE_NS (access file)" fail $nstest $file if [ "$(kernel_features domain/stack)" != "true" ]; then -- 2.7.3 -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
