Accepting request 682453 from home:cboltz
- add usrmerge-fixes.diff: fix test failures when /bin/sh is handled by update-alternatives (boo#1127877) OBS-URL: https://build.opensuse.org/request/show/682453 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=238
This commit is contained in:
Christian Boltz
Git OBS Bridge
parent
4a792e8754
commit
ef40d07d30
@ -1,3 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Mar 7 12:34:20 UTC 2019 - Christian Boltz <suse-beta@cboltz.de>
|
||||
|
||||
- add usrmerge-fixes.diff: fix test failures when /bin/sh is handled by
|
||||
update-alternatives (boo#1127877)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Feb 27 19:28:14 UTC 2019 - Christian Boltz <suse-beta@cboltz.de>
|
||||
|
||||
|
||||
@ -78,6 +78,9 @@ Patch11: dnsmasq-libvirtd.diff
|
||||
# revert path alternation in dnsmasq profile to avoid breaking libvirtd (boo#1127073, submitted upstream 2019-02-26 as https://gitlab.com/apparmor/apparmor/merge_requests/346)
|
||||
Patch12: dnsmasq-revert-alternation.diff
|
||||
|
||||
# fix usrmerge (and accidently also update-alternatives) test failures (boo#1127877, from upstream https://gitlab.com/apparmor/apparmor/merge_requests/331)
|
||||
Patch13: usrmerge-fixes.diff
|
||||
|
||||
PreReq: sed
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
%define apparmor_bin_prefix /lib/apparmor
|
||||
@ -370,6 +373,7 @@ SubDomain.
|
||||
%patch10
|
||||
%patch11 -p1
|
||||
%patch12 -p1
|
||||
%patch13 -p1
|
||||
|
||||
%build
|
||||
export SUSE_ASNEEDED=0
|
||||
|
||||
957
usrmerge-fixes.diff
Normal file
957
usrmerge-fixes.diff
Normal file
@ -0,0 +1,957 @@
|
||||
commit f75ec6fef6de26c0c9da8ecda4d28510720b52f3
|
||||
Author: Steve Beattie <gitlab@nxnw.org>
|
||||
Date: Wed Feb 13 16:57:52 2019 +0000
|
||||
|
||||
usr merge fixups
|
||||
|
||||
Debian and Ubuntu have releases coming out with usr-merge in place. For
|
||||
these systems, /bin and /sbin are symlinks to their respective /usr
|
||||
directories. This breaks a few tests in the python utils and in the
|
||||
regression tests. This patch series fixes them, mostly by performing
|
||||
realpath() calls when necessary. For the ptrace regression test,
|
||||
it copies the called /bin/true binary into the created temporary
|
||||
directory and executes it from there. (Good for other reasons, too.)
|
||||
|
||||
(cherry picked from commit b4ab8476e4721b922d2de193b9203bba0c192bf9)
|
||||
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
|
||||
Acked-by: John Johansen <john.johansen@canonical.com>
|
||||
MR: https://gitlab.com/apparmor/apparmor/merge_requests/331
|
||||
|
||||
diff --git a/tests/regression/apparmor/mkprofile.pl b/tests/regression/apparmor/mkprofile.pl
|
||||
index 7ca5ef12..6b192406 100755
|
||||
--- a/tests/regression/apparmor/mkprofile.pl
|
||||
+++ b/tests/regression/apparmor/mkprofile.pl
|
||||
@@ -132,10 +132,10 @@ sub gen_binary($) {
|
||||
my $hashbang = head($bin);
|
||||
if ($hashbang && $hashbang =~ /^#!\s*(\S+)/) {
|
||||
my $interpreter = $1;
|
||||
- gen_file("$interpreter:rix");
|
||||
+ gen_file(realpath($interpreter) . ":rix");
|
||||
gen_elf_binary($interpreter);
|
||||
} else {
|
||||
- gen_elf_binary($bin)
|
||||
+ gen_elf_binary(realpath($bin))
|
||||
}
|
||||
}
|
||||
|
||||
diff --git a/tests/regression/apparmor/ptrace.sh b/tests/regression/apparmor/ptrace.sh
|
||||
index c3363479..320d65e8 100755
|
||||
--- a/tests/regression/apparmor/ptrace.sh
|
||||
+++ b/tests/regression/apparmor/ptrace.sh
|
||||
@@ -30,26 +30,29 @@ bin=$pwd
|
||||
|
||||
helper=$pwd/ptrace_helper
|
||||
|
||||
+bin_true=${tmpdir}/true
|
||||
+cp -pL /bin/true ${tmpdir}/true
|
||||
+
|
||||
# -n number of syscalls to perform
|
||||
# -c have the child call ptrace_me, else parent does ptrace_attach
|
||||
# -h transition child to ptrace_helper before doing ptrace (used to test
|
||||
# x transitions with ptrace)
|
||||
# test base line of unconfined tracing unconfined
|
||||
-runchecktest "test 1" pass -n 100 /bin/true
|
||||
-runchecktest "test 1 -c" pass -c -n 100 /bin/true
|
||||
+runchecktest "test 1" pass -n 100 ${bin_true}
|
||||
+runchecktest "test 1 -c" pass -c -n 100 ${bin_true}
|
||||
runchecktest "test 1 -h" pass -h -n 100 $helper
|
||||
runchecktest "test 1 -hc" pass -h -c -n 100 $helper
|
||||
-runchecktest "test 1 -h prog" pass -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 1 -hc prog" pass -h -c -n 100 $helper /bin/true
|
||||
+runchecktest "test 1 -h prog" pass -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 1 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
# test that unconfined can ptrace before profile attaches
|
||||
-genprofile image=/bin/true signal:ALL
|
||||
-runchecktest "test 2" pass -n 100 /bin/true
|
||||
-runchecktest "test 2 -c" pass -c -n 100 /bin/true
|
||||
+genprofile image=${bin_true} signal:ALL
|
||||
+runchecktest "test 2" pass -n 100 ${bin_true}
|
||||
+runchecktest "test 2 -c" pass -c -n 100 ${bin_true}
|
||||
runchecktest "test 2 -h" pass -h -n 100 $helper
|
||||
runchecktest "test 2 -hc" pass -h -c -n 100 $helper
|
||||
-runchecktest "test 2 -h prog" pass -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 2 -hc prog" pass -h -c -n 100 $helper /bin/true
|
||||
+runchecktest "test 2 -h prog" pass -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 2 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
|
||||
if [ "$(kernel_features ptrace)" == "true" -a "$(parser_supports 'ptrace,')" == "true" ] ; then
|
||||
diff --git a/tests/regression/apparmor/ptrace_v5.inc b/tests/regression/apparmor/ptrace_v5.inc
|
||||
index 56833667..4a692402 100644
|
||||
--- a/tests/regression/apparmor/ptrace_v5.inc
|
||||
+++ b/tests/regression/apparmor/ptrace_v5.inc
|
||||
@@ -13,133 +13,133 @@
|
||||
genprofile image=$helper
|
||||
runchecktest "test 3 -h" pass -h -n 100 $helper
|
||||
runchecktest "test 3 -hc " pass -h -c -n 100 $helper
|
||||
-# can't exec /bin/true so fail
|
||||
-runchecktest "test 3 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 3 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
+# can't exec ${bin_true} so fail
|
||||
+runchecktest "test 3 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 3 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
# lack of 'r' perm is currently not working
|
||||
genprofile image=$helper $helper:ix
|
||||
runchecktest "test 4 -h" pass -h -n 100 $helper
|
||||
runchecktest "test 4 -hc " pass -h -c -n 100 $helper
|
||||
-# can't exec /bin/true so fail
|
||||
-runchecktest "test 4 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 4 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
+# can't exec ${bin_true} so fail
|
||||
+runchecktest "test 4 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 4 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
genprofile image=$helper $helper:rix
|
||||
runchecktest "test 5 -h" pass -h -n 100 $helper
|
||||
runchecktest "test 5 -hc " pass -h -c -n 100 $helper
|
||||
-# can't exec /bin/true so fail
|
||||
-runchecktest "test 5 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 5 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
+# can't exec ${bin_true} so fail
|
||||
+runchecktest "test 5 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 5 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
-genprofile image=$helper $helper:ix /bin/true:rix
|
||||
+genprofile image=$helper $helper:ix ${bin_true}:rix
|
||||
runchecktest "test 6 -h" pass -h -n 100 $helper
|
||||
runchecktest "test 6 -hc " pass -h -c -n 100 $helper
|
||||
-runchecktest "test 6 -h prog" pass -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 6 -hc prog" pass -h -c -n 100 $helper /bin/true
|
||||
+runchecktest "test 6 -h prog" pass -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 6 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
#traced child can ptrace_me to unconfined have unconfined trace them
|
||||
-genprofile image=/bin/true
|
||||
-runchecktest "test 7" pass -n 100 /bin/true
|
||||
+genprofile image=${bin_true}
|
||||
+runchecktest "test 7" pass -n 100 ${bin_true}
|
||||
# pass - ptrace_attach is done in unconfined helper
|
||||
-runchecktest "test 7 -c " pass -c -n 100 /bin/true
|
||||
+runchecktest "test 7 -c " pass -c -n 100 ${bin_true}
|
||||
runchecktest "test 7 -h" pass -h -n 100 $helper
|
||||
# pass - ptrace_attach is done in unconfined helper
|
||||
runchecktest "test 7 -hc " pass -h -c -n 100 $helper
|
||||
-runchecktest "test 7 -h prog" pass -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 7 -hc prog" pass -h -c -n 100 $helper /bin/true
|
||||
+runchecktest "test 7 -h prog" pass -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 7 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
-genprofile image=$helper $helper:ix /bin/true:rix
|
||||
-runchecktest "test 7a" pass -n 100 /bin/true
|
||||
+genprofile image=$helper $helper:ix ${bin_true}:rix
|
||||
+runchecktest "test 7a" pass -n 100 ${bin_true}
|
||||
# pass - ptrace_attach is allowed from confined process to unconfined
|
||||
-runchecktest "test 7a -c " pass -c -n 100 /bin/true
|
||||
+runchecktest "test 7a -c " pass -c -n 100 ${bin_true}
|
||||
runchecktest "test 7a -h" pass -h -n 100 $helper
|
||||
# pass - ptrace_attach is allowed from confined process to unconfined
|
||||
runchecktest "test 7a -hc " pass -h -c -n 100 $helper
|
||||
-runchecktest "test 7a -h prog" pass -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 7a -hc prog" pass -h -c -n 100 $helper /bin/true
|
||||
+runchecktest "test 7a -h prog" pass -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 7a -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
#traced helper from unconfined
|
||||
-genprofile image=$helper $helper:ix /bin/true:rpx -- image=/bin/true
|
||||
-runchecktest "test 8" pass -n 100 /bin/true
|
||||
+genprofile image=$helper $helper:ix ${bin_true}:rpx -- image=${bin_true}
|
||||
+runchecktest "test 8" pass -n 100 ${bin_true}
|
||||
# pass - ptrace_attach is done before exec
|
||||
-runchecktest "test 8 -c " pass -c -n 100 /bin/true
|
||||
+runchecktest "test 8 -c " pass -c -n 100 ${bin_true}
|
||||
runchecktest "test 8 -h" pass -h -n 100 $helper
|
||||
runchecktest "test 8 -hc " pass -h -c -n 100 $helper
|
||||
# pass - can px if tracer can ptrace target
|
||||
-runchecktest "test 8 -h prog" pass -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 8 -hc prog" pass -h -c -n 100 $helper /bin/true
|
||||
+runchecktest "test 8 -h prog" pass -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 8 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
#traced helper from unconfined
|
||||
-genprofile image=$helper $helper:ix /bin/true:rux -- image=/bin/true
|
||||
-runchecktest "test 9" pass -n 100 /bin/true
|
||||
+genprofile image=$helper $helper:ix ${bin_true}:rux -- image=${bin_true}
|
||||
+runchecktest "test 9" pass -n 100 ${bin_true}
|
||||
# pass - ptrace_attach is done before exec
|
||||
-runchecktest "test 9 -c " pass -c -n 100 /bin/true
|
||||
+runchecktest "test 9 -c " pass -c -n 100 ${bin_true}
|
||||
runchecktest "test 9 -h" pass -h -n 100 $helper
|
||||
runchecktest "test 9 -hc " pass -h -c -n 100 $helper
|
||||
# pass - can ux if tracer can ptrace target
|
||||
-runchecktest "test 9 -h prog" pass -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 9 -hc prog" pass -h -c -n 100 $helper /bin/true
|
||||
+runchecktest "test 9 -h prog" pass -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 9 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
genprofile
|
||||
# fail due to no exec permission
|
||||
-runchecktest "test 10" fail -n 100 /bin/true
|
||||
-runchecktest "test 10 -c" fail -c -n 100 /bin/true
|
||||
+runchecktest "test 10" fail -n 100 ${bin_true}
|
||||
+runchecktest "test 10 -c" fail -c -n 100 ${bin_true}
|
||||
runchecktest "test 10 -h" fail -h -n 100 $helper
|
||||
runchecktest "test 10 -hc" fail -h -c -n 100 $helper
|
||||
-runchecktest "test 10 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 10 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
+runchecktest "test 10 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 10 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
-genprofile /bin/true:ix $helper:ix
|
||||
+genprofile ${bin_true}:ix $helper:ix
|
||||
# fail due to missing r permission
|
||||
-#runchecktest "test 11" fail -n 100 /bin/true
|
||||
-#runchecktest "test 11 -c" fail -c -n 100 /bin/true
|
||||
+#runchecktest "test 11" fail -n 100 ${bin_true}
|
||||
+#runchecktest "test 11 -c" fail -c -n 100 ${bin_true}
|
||||
#runchecktest "test 11 -h" fail -h -n 100 $helper
|
||||
#runchecktest "test 11 -hc" fail -h -c -n 100 $helper
|
||||
-#runchecktest "test 11 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-#runchecktest "test 11 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
+#runchecktest "test 11 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+#runchecktest "test 11 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
# pass allowed to ix self
|
||||
-genprofile /bin/true:rix $helper:rix
|
||||
-runchecktest "test 12" pass -n 100 /bin/true
|
||||
-runchecktest "test 12 -c" pass -c -n 100 /bin/true
|
||||
+genprofile ${bin_true}:rix $helper:rix
|
||||
+runchecktest "test 12" pass -n 100 ${bin_true}
|
||||
+runchecktest "test 12 -c" pass -c -n 100 ${bin_true}
|
||||
runchecktest "test 12 -h" pass -h -n 100 $helper
|
||||
runchecktest "test 12 -hc" pass -h -c -n 100 $helper
|
||||
-runchecktest "test 12 -h prog" pass -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 12 -hc prog" pass -h -c -n 100 $helper /bin/true
|
||||
+runchecktest "test 12 -h prog" pass -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 12 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
#ptraced confined app can't px - fails to unset profile
|
||||
-genprofile image=$helper $helper:rix /bin/true:rpx
|
||||
-runchecktest "test 13 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
+genprofile image=$helper $helper:rix ${bin_true}:rpx
|
||||
+runchecktest "test 13 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
|
||||
#ptraced confined app can ux - if the tracer is unconfined
|
||||
#
|
||||
-genprofile image=$helper $helper:rix /bin/true:rux
|
||||
-runchecktest "test 14a -h prog" pass -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 14a -hc prog" pass -h -c -n 100 $helper /bin/true
|
||||
+genprofile image=$helper $helper:rix ${bin_true}:rux
|
||||
+runchecktest "test 14a -h prog" pass -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 14a -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
||||
#ptraced confined app can't ux - if the tracer can't trace unconfined
|
||||
-genprofile $helper:rpx -- image=$helper $helper:rix /bin/true:rux
|
||||
-runchecktest "test 14b -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 14b -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
+genprofile $helper:rpx -- image=$helper $helper:rix ${bin_true}:rux
|
||||
+runchecktest "test 14b -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 14b -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
#confined app can't ptrace an unconfined app
|
||||
genprofile $helper:rux
|
||||
runchecktest "test 15 -h" fail -h -n 100 $helper
|
||||
-runchecktest "test 15 -h prog" fail -h -n 100 $helper /bin/true
|
||||
+runchecktest "test 15 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
#an unconfined app can't ask a confined app to trace it
|
||||
runchecktest "test 15 -hc" fail -h -c -n 100 $helper
|
||||
-runchecktest "test 15 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
+runchecktest "test 15 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
#confined app can't ptrace an app confined by a different profile
|
||||
genprofile $helper:rpx -- image=$helper
|
||||
runchecktest "test 15 -h" fail -h -n 100 $helper
|
||||
-runchecktest "test 15 -h prog" fail -h -n 100 $helper /bin/true
|
||||
+runchecktest "test 15 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
#a confined app can't ask another confined app with a different profile to
|
||||
#trace it
|
||||
runchecktest "test 15 -hc" fail -h -c -n 100 $helper
|
||||
-runchecktest "test 15 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
+runchecktest "test 15 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
|
||||
|
||||
diff --git a/tests/regression/apparmor/ptrace_v6.inc b/tests/regression/apparmor/ptrace_v6.inc
|
||||
index 37781551..b0cf983a 100644
|
||||
--- a/tests/regression/apparmor/ptrace_v6.inc
|
||||
+++ b/tests/regression/apparmor/ptrace_v6.inc
|
||||
@@ -25,186 +25,186 @@ genprofile image=$helper signal:ALL ptrace:tracedby:peer=unconfined
|
||||
|
||||
runchecktest "test 3 -h" pass -h -n 100 $helper
|
||||
runchecktest "test 3 -hc " pass -h -c -n 100 $helper
|
||||
-# can't exec /bin/true so fail
|
||||
-runchecktest "test 3 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 3 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
+# can't exec ${bin_true} so fail
|
||||
+runchecktest "test 3 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 3 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
# lack of 'r' perm is currently not working
|
||||
genprofile image=$helper $helper:ix signal:ALL
|
||||
runchecktest "test 4 -h" pass -h -n 100 $helper
|
||||
runchecktest "test 4 -hc " pass -h -c -n 100 $helper
|
||||
-# can't exec /bin/true so fail
|
||||
-runchecktest "test 4 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 4 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
+# can't exec ${bin_true} so fail
|
||||
+runchecktest "test 4 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 4 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
genprofile image=$helper $helper:rix signal:ALL
|
||||
runchecktest "test 5 -h" pass -h -n 100 $helper
|
||||
runchecktest "test 5 -hc " pass -h -c -n 100 $helper
|
||||
-# can't exec /bin/true so fail
|
||||
-runchecktest "test 5 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 5 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
+# can't exec ${bin_true} so fail
|
||||
+runchecktest "test 5 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 5 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
-genprofile image=$helper $helper:ix /bin/true:rix signal:ALL
|
||||
+genprofile image=$helper $helper:ix ${bin_true}:rix signal:ALL
|
||||
runchecktest "test 6 -h" pass -h -n 100 $helper
|
||||
runchecktest "test 6 -hc " pass -h -c -n 100 $helper
|
||||
-runchecktest "test 6 -h prog" pass -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 6 -hc prog" pass -h -c -n 100 $helper /bin/true
|
||||
+runchecktest "test 6 -h prog" pass -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 6 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
#traced child can ptrace_me to unconfined have unconfined trace them
|
||||
-genprofile image=/bin/true signal:ALL
|
||||
-runchecktest "test 7" pass -n 100 /bin/true
|
||||
+genprofile image=${bin_true} signal:ALL
|
||||
+runchecktest "test 7" pass -n 100 ${bin_true}
|
||||
# pass - ptrace_attach is done in unconfined helper
|
||||
-runchecktest "test 7 -c " pass -c -n 100 /bin/true
|
||||
+runchecktest "test 7 -c " pass -c -n 100 ${bin_true}
|
||||
runchecktest "test 7 -h" pass -h -n 100 $helper
|
||||
# pass - ptrace_attach is done in unconfined helper
|
||||
runchecktest "test 7 -hc " pass -h -c -n 100 $helper
|
||||
-runchecktest "test 7 -h prog" pass -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 7 -hc prog" pass -h -c -n 100 $helper /bin/true
|
||||
+runchecktest "test 7 -h prog" pass -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 7 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
-genprofile image=$helper $helper:ix /bin/true:rix signal:ALL
|
||||
-runchecktest "test 7a" pass -n 100 /bin/true
|
||||
+genprofile image=$helper $helper:ix ${bin_true}:rix signal:ALL
|
||||
+runchecktest "test 7a" pass -n 100 ${bin_true}
|
||||
# pass - ptrace_attach is allowed from confined process to unconfined
|
||||
-runchecktest "test 7a -c " pass -c -n 100 /bin/true
|
||||
+runchecktest "test 7a -c " pass -c -n 100 ${bin_true}
|
||||
runchecktest "test 7a -h" pass -h -n 100 $helper
|
||||
# pass - ptrace_attach is allowed from confined process to unconfined
|
||||
runchecktest "test 7a -hc " pass -h -c -n 100 $helper
|
||||
-runchecktest "test 7a -h prog" pass -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 7a -hc prog" pass -h -c -n 100 $helper /bin/true
|
||||
+runchecktest "test 7a -h prog" pass -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 7a -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
#traced helper from unconfined
|
||||
-genprofile image=$helper $helper:ix /bin/true:rpx signal:ALL -- image=/bin/true signal:ALL
|
||||
-runchecktest "test 8" pass -n 100 /bin/true
|
||||
+genprofile image=$helper $helper:ix ${bin_true}:rpx signal:ALL -- image=${bin_true} signal:ALL
|
||||
+runchecktest "test 8" pass -n 100 ${bin_true}
|
||||
# pass - ptrace_attach is done before exec
|
||||
-runchecktest "test 8 -c " pass -c -n 100 /bin/true
|
||||
+runchecktest "test 8 -c " pass -c -n 100 ${bin_true}
|
||||
runchecktest "test 8 -h" pass -h -n 100 $helper
|
||||
runchecktest "test 8 -hc " pass -h -c -n 100 $helper
|
||||
# pass - can px if tracer can ptrace target
|
||||
-runchecktest "test 8 -h prog" pass -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 8 -hc prog" pass -h -c -n 100 $helper /bin/true
|
||||
+runchecktest "test 8 -h prog" pass -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 8 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
#traced helper from unconfined
|
||||
-genprofile image=$helper $helper:ix /bin/true:rux signal:ALL -- image=/bin/true signal:ALL
|
||||
-runchecktest "test 9" pass -n 100 /bin/true
|
||||
+genprofile image=$helper $helper:ix ${bin_true}:rux signal:ALL -- image=${bin_true} signal:ALL
|
||||
+runchecktest "test 9" pass -n 100 ${bin_true}
|
||||
# pass - ptrace_attach is done before exec
|
||||
-runchecktest "test 9 -c " pass -c -n 100 /bin/true
|
||||
+runchecktest "test 9 -c " pass -c -n 100 ${bin_true}
|
||||
runchecktest "test 9 -h" pass -h -n 100 $helper
|
||||
runchecktest "test 9 -hc " pass -h -c -n 100 $helper
|
||||
# pass - can ux if tracer can ptrace target
|
||||
-runchecktest "test 9 -h prog" pass -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 9 -hc prog" pass -h -c -n 100 $helper /bin/true
|
||||
+runchecktest "test 9 -h prog" pass -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 9 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
genprofile signal:ALL
|
||||
# fail due to no exec permission
|
||||
-runchecktest "test 10" fail -n 100 /bin/true
|
||||
-runchecktest "test 10 -c" fail -c -n 100 /bin/true
|
||||
+runchecktest "test 10" fail -n 100 ${bin_true}
|
||||
+runchecktest "test 10 -c" fail -c -n 100 ${bin_true}
|
||||
runchecktest "test 10 -h" fail -h -n 100 $helper
|
||||
runchecktest "test 10 -hc" fail -h -c -n 100 $helper
|
||||
-runchecktest "test 10 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 10 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
+runchecktest "test 10 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 10 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
-genprofile /bin/true:ix $helper:ix signal:ALL
|
||||
+genprofile ${bin_true}:ix $helper:ix signal:ALL
|
||||
# fail due to missing r permission
|
||||
-#runchecktest "test 11" fail -n 100 /bin/true
|
||||
-#runchecktest "test 11 -c" fail -c -n 100 /bin/true
|
||||
+#runchecktest "test 11" fail -n 100 ${bin_true}
|
||||
+#runchecktest "test 11 -c" fail -c -n 100 ${bin_true}
|
||||
#runchecktest "test 11 -h" fail -h -n 100 $helper
|
||||
#runchecktest "test 11 -hc" fail -h -c -n 100 $helper
|
||||
-#runchecktest "test 11 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-#runchecktest "test 11 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
+#runchecktest "test 11 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+#runchecktest "test 11 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
# fail was pass in v5 allowed to ix self
|
||||
-genprofile /bin/true:rix $helper:rix signal:ALL
|
||||
-runchecktest "test 12" fail -n 100 /bin/true
|
||||
-runchecktest "test 12 -c" fail -c -n 100 /bin/true
|
||||
+genprofile ${bin_true}:rix $helper:rix signal:ALL
|
||||
+runchecktest "test 12" fail -n 100 ${bin_true}
|
||||
+runchecktest "test 12 -c" fail -c -n 100 ${bin_true}
|
||||
runchecktest "test 12 -h" fail -h -n 100 $helper
|
||||
runchecktest "test 12 -hc" fail -h -c -n 100 $helper
|
||||
-runchecktest "test 12 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 12 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
+runchecktest "test 12 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 12 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
#ptraced confined app traced by unconfined can px
|
||||
-genprofile image=$helper $helper:rix /bin/true:rpx signal:ALL -- image=/bin/true /bin/true:rix
|
||||
-runchecktest "test 13u -h prog" pass -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13u -hc prog" pass -h -c -n 100 $helper /bin/true
|
||||
+genprofile image=$helper $helper:rix ${bin_true}:rpx signal:ALL -- image=${bin_true} ${bin_true}:rix
|
||||
+runchecktest "test 13u -h prog" pass -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13u -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
#ptraced confined app traced by profile without ptrace on targeted can't px
|
||||
-genprofile /bin/true:rpx signal:ALL -- image=/bin/true /bin/true:rix
|
||||
-runchecktest "test 13 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
+genprofile ${bin_true}:rpx signal:ALL -- image=${bin_true} ${bin_true}:rix
|
||||
+runchecktest "test 13 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
|
||||
#ptraced confined app can ux - if the tracer is unconfined
|
||||
#
|
||||
-genprofile image=$helper $helper:rix /bin/true:rux signal:ALL
|
||||
-runchecktest "test 14a -h prog" pass -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 14a -hc prog" pass -h -c -n 100 $helper /bin/true
|
||||
+genprofile image=$helper $helper:rix ${bin_true}:rux signal:ALL
|
||||
+runchecktest "test 14a -h prog" pass -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 14a -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
||||
#ptraced confined app can't ux - if the tracer can't trace unconfined
|
||||
-genprofile $helper:rpx signal:ALL -- image=$helper $helper:rix /bin/true:rux signal:ALL
|
||||
-runchecktest "test 14b -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 14b -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
+genprofile $helper:rpx signal:ALL -- image=$helper $helper:rix ${bin_true}:rux signal:ALL
|
||||
+runchecktest "test 14b -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 14b -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
#confined app can't ptrace an unconfined app
|
||||
genprofile $helper:rux signal:ALL
|
||||
runchecktest "test 15 -h" fail -h -n 100 $helper
|
||||
-runchecktest "test 15 -h prog" fail -h -n 100 $helper /bin/true
|
||||
+runchecktest "test 15 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
#an unconfined app can't ask a confined app to trace it
|
||||
runchecktest "test 15 -hc" fail -h -c -n 100 $helper
|
||||
-runchecktest "test 15 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
+runchecktest "test 15 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
#confined app can't ptrace an app confined by a different profile
|
||||
genprofile $helper:rpx signal:ALL -- image=$helper signal:ALL
|
||||
runchecktest "test 15 -h" fail -h -n 100 $helper
|
||||
-runchecktest "test 15 -h prog" fail -h -n 100 $helper /bin/true
|
||||
+runchecktest "test 15 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
#a confined app can't ask another confined app with a different profile to
|
||||
#trace it
|
||||
runchecktest "test 15 -hc" fail -h -c -n 100 $helper
|
||||
-runchecktest "test 15 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
+runchecktest "test 15 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
################### cap:sys_ptrace doesn't change results from above ##########################
|
||||
# fail was pass in v5 allowed to ix self
|
||||
-genprofile /bin/true:rix $helper:rix signal:ALL cap:sys_ptrace
|
||||
-runchecktest "test 12c" fail -n 100 /bin/true
|
||||
-runchecktest "test 12c -c" fail -c -n 100 /bin/true
|
||||
+genprofile ${bin_true}:rix $helper:rix signal:ALL cap:sys_ptrace
|
||||
+runchecktest "test 12c" fail -n 100 ${bin_true}
|
||||
+runchecktest "test 12c -c" fail -c -n 100 ${bin_true}
|
||||
runchecktest "test 12c -h" fail -h -n 100 $helper
|
||||
runchecktest "test 12c -hc" fail -h -c -n 100 $helper
|
||||
-runchecktest "test 12c -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 12c -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
+runchecktest "test 12c -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 12c -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
#ptraced confined app traced by unconfined can px
|
||||
-genprofile image=$helper $helper:rix /bin/true:rpx signal:ALL cap:sys_ptrace -- image=/bin/true /bin/true:rix cap:sys_ptrace
|
||||
-runchecktest "test 13cu -h prog" pass -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13cu -hc prog" pass -h -c -n 100 $helper /bin/true
|
||||
+genprofile image=$helper $helper:rix ${bin_true}:rpx signal:ALL cap:sys_ptrace -- image=${bin_true} ${bin_true}:rix cap:sys_ptrace
|
||||
+runchecktest "test 13cu -h prog" pass -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13cu -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
#ptraced confined app traced by profile without ptrace on targeted can't px
|
||||
-genprofile /bin/true:rpx signal:ALL cap:sys_ptrace -- image=/bin/true /bin/true:rix cap:sys_ptrace
|
||||
-runchecktest "test 13c -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13c -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
+genprofile ${bin_true}:rpx signal:ALL cap:sys_ptrace -- image=${bin_true} ${bin_true}:rix cap:sys_ptrace
|
||||
+runchecktest "test 13c -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13c -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
|
||||
#ptraced confined app can ux - if the tracer is unconfined
|
||||
#
|
||||
-genprofile image=$helper $helper:rix /bin/true:rux signal:ALL cap:sys_ptrace
|
||||
-runchecktest "test 14ca -h prog" pass -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 14ca -hc prog" pass -h -c -n 100 $helper /bin/true
|
||||
+genprofile image=$helper $helper:rix ${bin_true}:rux signal:ALL cap:sys_ptrace
|
||||
+runchecktest "test 14ca -h prog" pass -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 14ca -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
||||
#ptraced confined app can't ux - if the tracer can't trace unconfined
|
||||
-genprofile $helper:rpx signal:ALL -- image=$helper $helper:rix /bin/true:rux signal:ALL
|
||||
-runchecktest "test 14cb -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 14cb -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
+genprofile $helper:rpx signal:ALL -- image=$helper $helper:rix ${bin_true}:rux signal:ALL
|
||||
+runchecktest "test 14cb -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 14cb -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
#confined app can't ptrace an unconfined app
|
||||
genprofile $helper:rux signal:ALL cap:sys_ptrace
|
||||
runchecktest "test 15c -h" fail -h -n 100 $helper
|
||||
-runchecktest "test 15c -h prog" fail -h -n 100 $helper /bin/true
|
||||
+runchecktest "test 15c -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
#an unconfined app can't ask a confined app to trace it
|
||||
runchecktest "test 15c -hc" fail -h -c -n 100 $helper
|
||||
-runchecktest "test 15c -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
+runchecktest "test 15c -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
#confined app can't ptrace an app confined by a different profile
|
||||
genprofile $helper:rpx signal:ALL cap:sys_ptrace -- image=$helper signal:ALL cap:sys_ptrace
|
||||
runchecktest "test 15c -h" fail -h -n 100 $helper
|
||||
-runchecktest "test 15c -h prog" fail -h -n 100 $helper /bin/true
|
||||
+runchecktest "test 15c -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
#a confined app can't ask another confined app with a different profile to
|
||||
#trace it
|
||||
runchecktest "test 15c -hc" fail -h -c -n 100 $helper
|
||||
-runchecktest "test 15c -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
+runchecktest "test 15c -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
|
||||
################################################################################
|
||||
@@ -213,163 +213,163 @@ runchecktest "test 15c -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
|
||||
##### Now do tests with ptrace rules in profiles #######
|
||||
# pass in v5 allowed to ix self
|
||||
-genprofile /bin/true:rix $helper:rix signal:ALL ptrace:ALL
|
||||
-runchecktest "test 12p" pass -n 100 /bin/true
|
||||
-runchecktest "test 12p -c" pass -c -n 100 /bin/true
|
||||
+genprofile ${bin_true}:rix $helper:rix signal:ALL ptrace:ALL
|
||||
+runchecktest "test 12p" pass -n 100 ${bin_true}
|
||||
+runchecktest "test 12p -c" pass -c -n 100 ${bin_true}
|
||||
runchecktest "test 12p -h" pass -h -n 100 $helper
|
||||
runchecktest "test 12p -hc" pass -h -c -n 100 $helper
|
||||
-runchecktest "test 12p -h prog" pass -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 12p -hc prog" pass -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rix $helper:rix signal:ALL ptrace:peer=$test
|
||||
-runchecktest "test 12p1" pass -n 100 /bin/true
|
||||
-runchecktest "test 12p1 -c" pass -c -n 100 /bin/true
|
||||
+runchecktest "test 12p -h prog" pass -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 12p -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rix $helper:rix signal:ALL ptrace:peer=$test
|
||||
+runchecktest "test 12p1" pass -n 100 ${bin_true}
|
||||
+runchecktest "test 12p1 -c" pass -c -n 100 ${bin_true}
|
||||
runchecktest "test 12p1 -h" pass -h -n 100 $helper
|
||||
runchecktest "test 12p1 -hc" pass -h -c -n 100 $helper
|
||||
-runchecktest "test 12p1 -h prog" pass -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 12p1 -hc prog" pass -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rix $helper:rix signal:ALL ptrace:peer=notaprofile
|
||||
-runchecktest "test 12p2" fail -n 100 /bin/true
|
||||
-runchecktest "test 12p2 -c" fail -c -n 100 /bin/true
|
||||
+runchecktest "test 12p1 -h prog" pass -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 12p1 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rix $helper:rix signal:ALL ptrace:peer=notaprofile
|
||||
+runchecktest "test 12p2" fail -n 100 ${bin_true}
|
||||
+runchecktest "test 12p2 -c" fail -c -n 100 ${bin_true}
|
||||
runchecktest "test 12p2 -h" fail -h -n 100 $helper
|
||||
runchecktest "test 12p2 -hc" fail -h -c -n 100 $helper
|
||||
-runchecktest "test 12p2 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 12p2 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
+runchecktest "test 12p2 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 12p2 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
|
||||
#ptraced confined app traced by profile can px
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix
|
||||
-runchecktest "test 13p1 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13p2 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby
|
||||
-runchecktest "test 13p3 -h prog" pass -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13p4 -hc prog" pass -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=$test
|
||||
-runchecktest "test 13p5 -h prog" pass -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13p6 -hc prog" pass -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=notaprofile
|
||||
-runchecktest "test 13p7 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13p8 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:trace
|
||||
-runchecktest "test 13p9 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13pa -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:trace:peer=$test
|
||||
-runchecktest "test 13pb -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13pc -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:trace:peer=notaprofile
|
||||
-runchecktest "test 13pd -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13pe -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
-
|
||||
-
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=/bin/true -- image=/bin/true /bin/true:rix
|
||||
-runchecktest "test 13p11 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13p21 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby
|
||||
-runchecktest "test 13p31 -h prog" pass -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13p41 -hc prog" pass -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=$test
|
||||
-runchecktest "test 13p51 -h prog" pass -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13p61 -hc prog" pass -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=notaprofile
|
||||
-runchecktest "test 13p71 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13p81 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:trace
|
||||
-runchecktest "test 13p91 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13pa1 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:trace:peer=$test
|
||||
-runchecktest "test 13pb1 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13pc1 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:trace:peer=notaprofile
|
||||
-runchecktest "test 13pd1 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13pe1 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
-
|
||||
-
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix
|
||||
-runchecktest "test 13p12 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13p22 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:tracedby
|
||||
-runchecktest "test 13p32 -h prog" pass -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13p42 -hc prog" pass -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=$test
|
||||
-runchecktest "test 13p52 -h prog" pass -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13p62 -hc prog" pass -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=notaprofile
|
||||
-runchecktest "test 13p72 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13p82 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:trace
|
||||
-runchecktest "test 13p92 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13pa2 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:trace:peer=$test
|
||||
-runchecktest "test 13pb2 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13pc2 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:trace:peer=notaprofile
|
||||
-runchecktest "test 13pd2 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13pe2 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
-
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix
|
||||
-runchecktest "test 13p13 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13p23 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:tracedby
|
||||
-runchecktest "test 13p33 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13p43 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=$test
|
||||
-runchecktest "test 13p53 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13p63 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=notaprofile
|
||||
-runchecktest "test 13p73 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13p83 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:trace
|
||||
-runchecktest "test 13p93 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13pa3 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:trace:peer=$test
|
||||
-runchecktest "test 13pb3 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13pc3 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:trace:peer=notaprofile
|
||||
-runchecktest "test 13pd3 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13pe3 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
-
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix
|
||||
-runchecktest "test 13p14 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13p24 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby
|
||||
-runchecktest "test 13p34 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13p44 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=$test
|
||||
-runchecktest "test 13p54 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13p64 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=notaprofile
|
||||
-runchecktest "test 13p74 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13p84 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:trace
|
||||
-runchecktest "test 13p94 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13pa4 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:trace:peer=$test
|
||||
-runchecktest "test 13pb4 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13pc4 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:trace:peer=notaprofile
|
||||
-runchecktest "test 13pd4 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13pe4 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
-
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix
|
||||
-runchecktest "test 13p15 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13p25 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby
|
||||
-runchecktest "test 13p35 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13p45 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=$test
|
||||
-runchecktest "test 13p55 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13p65 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=notaprofile
|
||||
-runchecktest "test 13p75 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13p85 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:trace
|
||||
-runchecktest "test 13p95 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13pa5 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:trace:peer=$test
|
||||
-runchecktest "test 13pb5 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13pc5 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:trace:peer=notaprofile
|
||||
-runchecktest "test 13pd5 -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 13pe5 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix
|
||||
+runchecktest "test 13p1 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13p2 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:tracedby
|
||||
+runchecktest "test 13p3 -h prog" pass -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13p4 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=$test
|
||||
+runchecktest "test 13p5 -h prog" pass -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13p6 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=notaprofile
|
||||
+runchecktest "test 13p7 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13p8 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:trace
|
||||
+runchecktest "test 13p9 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13pa -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=$test
|
||||
+runchecktest "test 13pb -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13pc -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=notaprofile
|
||||
+runchecktest "test 13pd -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13pe -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
+
|
||||
+
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix
|
||||
+runchecktest "test 13p11 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13p21 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:tracedby
|
||||
+runchecktest "test 13p31 -h prog" pass -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13p41 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=$test
|
||||
+runchecktest "test 13p51 -h prog" pass -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13p61 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=notaprofile
|
||||
+runchecktest "test 13p71 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13p81 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:trace
|
||||
+runchecktest "test 13p91 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13pa1 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=$test
|
||||
+runchecktest "test 13pb1 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13pc1 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=notaprofile
|
||||
+runchecktest "test 13pd1 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13pe1 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
+
|
||||
+
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=${bin_true} ${bin_true}:rix
|
||||
+runchecktest "test 13p12 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13p22 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=${bin_true} ${bin_true}:rix ptrace:tracedby
|
||||
+runchecktest "test 13p32 -h prog" pass -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13p42 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=$test
|
||||
+runchecktest "test 13p52 -h prog" pass -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13p62 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=notaprofile
|
||||
+runchecktest "test 13p72 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13p82 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=${bin_true} ${bin_true}:rix ptrace:trace
|
||||
+runchecktest "test 13p92 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13pa2 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=$test
|
||||
+runchecktest "test 13pb2 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13pc2 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=notaprofile
|
||||
+runchecktest "test 13pd2 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13pe2 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
+
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=${bin_true} ${bin_true}:rix
|
||||
+runchecktest "test 13p13 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13p23 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=${bin_true} ${bin_true}:rix ptrace:tracedby
|
||||
+runchecktest "test 13p33 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13p43 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=$test
|
||||
+runchecktest "test 13p53 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13p63 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=notaprofile
|
||||
+runchecktest "test 13p73 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13p83 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=${bin_true} ${bin_true}:rix ptrace:trace
|
||||
+runchecktest "test 13p93 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13pa3 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=$test
|
||||
+runchecktest "test 13pb3 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13pc3 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=notaprofile
|
||||
+runchecktest "test 13pd3 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13pe3 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
+
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=${bin_true} ${bin_true}:rix
|
||||
+runchecktest "test 13p14 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13p24 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:tracedby
|
||||
+runchecktest "test 13p34 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13p44 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=$test
|
||||
+runchecktest "test 13p54 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13p64 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=notaprofile
|
||||
+runchecktest "test 13p74 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13p84 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:trace
|
||||
+runchecktest "test 13p94 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13pa4 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=$test
|
||||
+runchecktest "test 13pb4 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13pc4 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=notaprofile
|
||||
+runchecktest "test 13pd4 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13pe4 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
+
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=${bin_true} ${bin_true}:rix
|
||||
+runchecktest "test 13p15 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13p25 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:tracedby
|
||||
+runchecktest "test 13p35 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13p45 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=$test
|
||||
+runchecktest "test 13p55 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13p65 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=notaprofile
|
||||
+runchecktest "test 13p75 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13p85 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:trace
|
||||
+runchecktest "test 13p95 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13pa5 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=$test
|
||||
+runchecktest "test 13pb5 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13pc5 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=notaprofile
|
||||
+runchecktest "test 13pd5 -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 13pe5 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
|
||||
### todo Variations of below tests
|
||||
@@ -377,30 +377,30 @@ runchecktest "test 13pe5 -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
|
||||
#ptraced confined app can ux - if the tracer is unconfined
|
||||
#
|
||||
-genprofile image=$helper $helper:rix /bin/true:rux signal:ALL
|
||||
-runchecktest "test 14pa -h prog" pass -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 14pa -hc prog" pass -h -c -n 100 $helper /bin/true
|
||||
+genprofile image=$helper $helper:rix ${bin_true}:rux signal:ALL
|
||||
+runchecktest "test 14pa -h prog" pass -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 14pa -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
||||
#ptraced confined app can't ux - if the tracer can't trace unconfined
|
||||
-genprofile $helper:rpx signal:ALL -- image=$helper $helper:rix /bin/true:rux signal:ALL
|
||||
-runchecktest "test 14pb -h prog" fail -h -n 100 $helper /bin/true
|
||||
-runchecktest "test 14pb -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
+genprofile $helper:rpx signal:ALL -- image=$helper $helper:rix ${bin_true}:rux signal:ALL
|
||||
+runchecktest "test 14pb -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test 14pb -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
#confined app can't ptrace an unconfined app
|
||||
genprofile $helper:rux signal:ALL
|
||||
runchecktest "test 15p -h" fail -h -n 100 $helper
|
||||
-runchecktest "test 15p -h prog" fail -h -n 100 $helper /bin/true
|
||||
+runchecktest "test 15p -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
#an unconfined app can't ask a confined app to trace it
|
||||
runchecktest "test 15p -hc" fail -h -c -n 100 $helper
|
||||
-runchecktest "test 15p -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
+runchecktest "test 15p -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
#confined app can't ptrace an app confined by a different profile
|
||||
genprofile $helper:rpx signal:ALL -- image=$helper signal:ALL
|
||||
runchecktest "test 15p -h" fail -h -n 100 $helper
|
||||
-runchecktest "test 15p -h prog" fail -h -n 100 $helper /bin/true
|
||||
+runchecktest "test 15p -h prog" fail -h -n 100 $helper ${bin_true}
|
||||
#a confined app can't ask another confined app with a different profile to
|
||||
#trace it
|
||||
runchecktest "test 15p -hc" fail -h -c -n 100 $helper
|
||||
-runchecktest "test 15p -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
+runchecktest "test 15p -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
# Test LP: #1390592
|
||||
# The bug was a policy compilation bug that triggers in a rule such as
|
||||
@@ -408,9 +408,9 @@ runchecktest "test 15p -hc prog" fail -h -c -n 100 $helper /bin/true
|
||||
# a-f|A-F|0-9 to trigger the bug. A parser affected by this bug will create a
|
||||
# bad binary policy that causes the kernel to unexpectedly deny the ptrace
|
||||
# 'trace' of a process confined by profile ABC.
|
||||
-genprofile "$helper rpx -> ABC" signal:ALL ptrace:trace:peer=ABC -- image=ABC addimage:$helper /bin/true:rix signal:ALL ptrace:tracedby:peer=$test
|
||||
-runchecktest "test LP: #1390592 -h prog" pass -h -n 100 $helper /bin/true
|
||||
-runchecktest "test LP: #1390592 -hc prog" pass -h -c -n 100 $helper /bin/true
|
||||
+genprofile "$helper rpx -> ABC" signal:ALL ptrace:trace:peer=ABC -- image=ABC addimage:$helper ${bin_true}:rix signal:ALL ptrace:tracedby:peer=$test
|
||||
+runchecktest "test LP: #1390592 -h prog" pass -h -n 100 $helper ${bin_true}
|
||||
+runchecktest "test LP: #1390592 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
||||
|
||||
## TODO: ptrace read tests
|
||||
## TODO: ptrace + change_profile
|
||||
diff --git a/utils/test/fake_ldd b/utils/test/fake_ldd
|
||||
index 60f5c675..afec6eba 100755
|
||||
--- a/utils/test/fake_ldd
|
||||
+++ b/utils/test/fake_ldd
|
||||
@@ -5,7 +5,7 @@ import sys
|
||||
if len(sys.argv) != 2:
|
||||
raise Exception('wrong number of arguments in fake_ldd')
|
||||
|
||||
-if sys.argv[1] == '/AATest/bin/bash' or sys.argv[1] == '/bin/bash':
|
||||
+if sys.argv[1] in ['/AATest/bin/bash', '/bin/bash', '/usr/bin/bash']:
|
||||
print(' linux-vdso.so.1 (0x00007ffcf97f4000)')
|
||||
print(' libreadline.so.6 => /AATest/lib64/libreadline.so.6 (0x00007f2c41324000)')
|
||||
print(' libtinfo.so.6 => /AATest/lib64/libtinfo.so.6 (0x00007f2c410f9000)')
|
||||
diff --git a/utils/test/test-aa.py b/utils/test/test-aa.py
|
||||
index d93b8eae..56b14c6e 100644
|
||||
--- a/utils/test/test-aa.py
|
||||
+++ b/utils/test/test-aa.py
|
||||
@@ -135,6 +135,9 @@ class AaTest_create_new_profile(AATest):
|
||||
apparmor.aa.load_include('abstractions/bash')
|
||||
|
||||
exp_interpreter_path, exp_abstraction = expected
|
||||
+ # damn symlinks!
|
||||
+ if exp_interpreter_path:
|
||||
+ exp_interpreter_path = os.path.realpath(exp_interpreter_path)
|
||||
|
||||
program = self.writeTmpfile('script', params)
|
||||
profile = create_new_profile(program)
|
||||
@@ -178,11 +181,8 @@ class AaTest_get_interpreter_and_abstraction(AATest):
|
||||
interpreter_path, abstraction = get_interpreter_and_abstraction(program)
|
||||
|
||||
# damn symlinks!
|
||||
- if exp_interpreter_path and os.path.islink(exp_interpreter_path):
|
||||
- dirname = os.path.dirname(exp_interpreter_path)
|
||||
- exp_interpreter_path = os.readlink(exp_interpreter_path)
|
||||
- if not exp_interpreter_path.startswith('/'):
|
||||
- exp_interpreter_path = os.path.join(dirname, exp_interpreter_path)
|
||||
+ if exp_interpreter_path:
|
||||
+ exp_interpreter_path = os.path.realpath(exp_interpreter_path)
|
||||
|
||||
self.assertEqual(interpreter_path, exp_interpreter_path)
|
||||
self.assertEqual(abstraction, exp_abstraction)
|
||||
Loading…
Reference in New Issue
Block a user