From ef40d07d307abc4f7c5448fd65324b9d2c89c2bd15a48bd8aa0b8cf82cacf970 Mon Sep 17 00:00:00 2001
From: Christian Boltz <suse-beta@cboltz.de>
Date: Thu, 7 Mar 2019 12:45:58 +0000
Subject: [PATCH] Accepting request 682453 from home:cboltz

- add usrmerge-fixes.diff: fix test failures when /bin/sh is handled by
  update-alternatives (boo#1127877)

OBS-URL: https://build.opensuse.org/request/show/682453
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=238
---
 apparmor.changes    |   6 +
 apparmor.spec       |   4 +
 usrmerge-fixes.diff | 957 ++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 967 insertions(+)
 create mode 100644 usrmerge-fixes.diff

diff --git a/apparmor.changes b/apparmor.changes
index 5842824..ffc85de 100644
--- a/apparmor.changes
+++ b/apparmor.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Mar  7 12:34:20 UTC 2019 - Christian Boltz <suse-beta@cboltz.de>
+
+- add usrmerge-fixes.diff: fix test failures when /bin/sh is handled by
+  update-alternatives (boo#1127877)
+
 -------------------------------------------------------------------
 Wed Feb 27 19:28:14 UTC 2019 - Christian Boltz <suse-beta@cboltz.de>
 
diff --git a/apparmor.spec b/apparmor.spec
index 641505b..97a2d33 100644
--- a/apparmor.spec
+++ b/apparmor.spec
@@ -78,6 +78,9 @@ Patch11:        dnsmasq-libvirtd.diff
 # revert path alternation in dnsmasq profile to avoid breaking libvirtd (boo#1127073, submitted upstream 2019-02-26 as https://gitlab.com/apparmor/apparmor/merge_requests/346)
 Patch12:        dnsmasq-revert-alternation.diff
 
+# fix usrmerge (and accidently also update-alternatives) test failures (boo#1127877, from upstream https://gitlab.com/apparmor/apparmor/merge_requests/331)
+Patch13:        usrmerge-fixes.diff
+
 PreReq:         sed
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define apparmor_bin_prefix /lib/apparmor
@@ -370,6 +373,7 @@ SubDomain.
 %patch10
 %patch11 -p1
 %patch12 -p1
+%patch13 -p1
 
 %build
 export SUSE_ASNEEDED=0
diff --git a/usrmerge-fixes.diff b/usrmerge-fixes.diff
new file mode 100644
index 0000000..2b95d56
--- /dev/null
+++ b/usrmerge-fixes.diff
@@ -0,0 +1,957 @@
+commit f75ec6fef6de26c0c9da8ecda4d28510720b52f3
+Author: Steve Beattie <gitlab@nxnw.org>
+Date:   Wed Feb 13 16:57:52 2019 +0000
+
+    usr merge fixups
+    
+    Debian and Ubuntu have releases coming out with usr-merge in place. For
+    these systems, /bin and /sbin are symlinks to their respective /usr
+    directories. This breaks a few tests in the python utils and in the
+    regression tests. This patch series fixes them, mostly by performing
+    realpath() calls when necessary. For the ptrace regression test,
+    it copies the called /bin/true binary into the created temporary
+    directory and executes it from there. (Good for other reasons, too.)
+    
+    (cherry picked from commit b4ab8476e4721b922d2de193b9203bba0c192bf9)
+    Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
+    Acked-by: John Johansen <john.johansen@canonical.com>
+    MR: https://gitlab.com/apparmor/apparmor/merge_requests/331
+
+diff --git a/tests/regression/apparmor/mkprofile.pl b/tests/regression/apparmor/mkprofile.pl
+index 7ca5ef12..6b192406 100755
+--- a/tests/regression/apparmor/mkprofile.pl
++++ b/tests/regression/apparmor/mkprofile.pl
+@@ -132,10 +132,10 @@ sub gen_binary($) {
+   my $hashbang = head($bin);
+   if ($hashbang && $hashbang =~ /^#!\s*(\S+)/) {
+     my $interpreter = $1;
+-    gen_file("$interpreter:rix");
++    gen_file(realpath($interpreter) . ":rix");
+     gen_elf_binary($interpreter);
+   } else {
+-    gen_elf_binary($bin)
++    gen_elf_binary(realpath($bin))
+   }
+ }
+ 
+diff --git a/tests/regression/apparmor/ptrace.sh b/tests/regression/apparmor/ptrace.sh
+index c3363479..320d65e8 100755
+--- a/tests/regression/apparmor/ptrace.sh
++++ b/tests/regression/apparmor/ptrace.sh
+@@ -30,26 +30,29 @@ bin=$pwd
+ 
+ helper=$pwd/ptrace_helper
+ 
++bin_true=${tmpdir}/true
++cp -pL /bin/true ${tmpdir}/true
++
+ # -n number of syscalls to perform
+ # -c have the child call ptrace_me, else parent does ptrace_attach
+ # -h transition child to ptrace_helper before doing ptrace (used to test
+ #  x transitions with ptrace)
+ # test base line of unconfined tracing unconfined
+-runchecktest "test 1" pass -n 100 /bin/true
+-runchecktest "test 1 -c" pass -c -n 100 /bin/true
++runchecktest "test 1" pass -n 100 ${bin_true}
++runchecktest "test 1 -c" pass -c -n 100 ${bin_true}
+ runchecktest "test 1 -h" pass -h -n 100 $helper
+ runchecktest "test 1 -hc" pass -h -c -n 100 $helper
+-runchecktest "test 1 -h prog" pass -h -n 100 $helper /bin/true
+-runchecktest "test 1 -hc prog" pass -h -c -n 100 $helper /bin/true
++runchecktest "test 1 -h prog" pass -h -n 100 $helper ${bin_true}
++runchecktest "test 1 -hc prog" pass -h -c -n 100 $helper ${bin_true}
+ 
+ # test that unconfined can ptrace before profile attaches
+-genprofile image=/bin/true signal:ALL
+-runchecktest "test 2" pass -n 100 /bin/true
+-runchecktest "test 2 -c" pass -c -n 100 /bin/true
++genprofile image=${bin_true} signal:ALL
++runchecktest "test 2" pass -n 100 ${bin_true}
++runchecktest "test 2 -c" pass -c -n 100 ${bin_true}
+ runchecktest "test 2 -h" pass -h -n 100 $helper
+ runchecktest "test 2 -hc" pass -h -c -n 100 $helper
+-runchecktest "test 2 -h prog" pass -h -n 100 $helper /bin/true
+-runchecktest "test 2 -hc prog" pass -h -c -n 100 $helper /bin/true
++runchecktest "test 2 -h prog" pass -h -n 100 $helper ${bin_true}
++runchecktest "test 2 -hc prog" pass -h -c -n 100 $helper ${bin_true}
+ 
+ 
+ if [ "$(kernel_features ptrace)" == "true" -a "$(parser_supports 'ptrace,')" == "true" ] ; then
+diff --git a/tests/regression/apparmor/ptrace_v5.inc b/tests/regression/apparmor/ptrace_v5.inc
+index 56833667..4a692402 100644
+--- a/tests/regression/apparmor/ptrace_v5.inc
++++ b/tests/regression/apparmor/ptrace_v5.inc
+@@ -13,133 +13,133 @@
+ genprofile image=$helper
+ runchecktest "test 3 -h" pass -h -n 100 $helper
+ runchecktest "test 3 -hc " pass -h -c -n 100 $helper
+-# can't exec /bin/true so fail
+-runchecktest "test 3 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 3 -hc prog" fail -h -c -n 100 $helper /bin/true
++# can't exec ${bin_true} so fail
++runchecktest "test 3 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 3 -hc prog" fail -h -c -n 100 $helper ${bin_true}
+ 
+ # lack of 'r' perm is currently not working
+ genprofile image=$helper $helper:ix
+ runchecktest "test 4 -h" pass -h -n 100 $helper
+ runchecktest "test 4 -hc " pass -h -c -n 100 $helper
+-# can't exec /bin/true so fail
+-runchecktest "test 4 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 4 -hc prog" fail -h -c -n 100 $helper /bin/true
++# can't exec ${bin_true} so fail
++runchecktest "test 4 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 4 -hc prog" fail -h -c -n 100 $helper ${bin_true}
+ 
+ genprofile image=$helper $helper:rix
+ runchecktest "test 5 -h" pass -h -n 100 $helper
+ runchecktest "test 5 -hc " pass -h -c -n 100 $helper
+-# can't exec /bin/true so fail
+-runchecktest "test 5 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 5 -hc prog" fail -h -c -n 100 $helper /bin/true
++# can't exec ${bin_true} so fail
++runchecktest "test 5 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 5 -hc prog" fail -h -c -n 100 $helper ${bin_true}
+ 
+-genprofile image=$helper $helper:ix /bin/true:rix
++genprofile image=$helper $helper:ix ${bin_true}:rix
+ runchecktest "test 6 -h" pass -h -n 100 $helper
+ runchecktest "test 6 -hc " pass -h -c -n 100 $helper
+-runchecktest "test 6 -h prog" pass -h -n 100 $helper /bin/true
+-runchecktest "test 6 -hc prog" pass -h -c -n 100 $helper /bin/true
++runchecktest "test 6 -h prog" pass -h -n 100 $helper ${bin_true}
++runchecktest "test 6 -hc prog" pass -h -c -n 100 $helper ${bin_true}
+ 
+ #traced child can ptrace_me to unconfined have unconfined trace them
+-genprofile image=/bin/true
+-runchecktest "test 7" pass -n 100 /bin/true
++genprofile image=${bin_true}
++runchecktest "test 7" pass -n 100 ${bin_true}
+ # pass - ptrace_attach is done in unconfined helper
+-runchecktest "test 7 -c " pass -c -n 100 /bin/true
++runchecktest "test 7 -c " pass -c -n 100 ${bin_true}
+ runchecktest "test 7 -h" pass -h -n 100 $helper
+ # pass - ptrace_attach is done in unconfined helper
+ runchecktest "test 7 -hc " pass -h -c -n 100 $helper
+-runchecktest "test 7 -h prog" pass -h -n 100 $helper /bin/true
+-runchecktest "test 7 -hc prog" pass -h -c -n 100 $helper /bin/true
++runchecktest "test 7 -h prog" pass -h -n 100 $helper ${bin_true}
++runchecktest "test 7 -hc prog" pass -h -c -n 100 $helper ${bin_true}
+ 
+-genprofile image=$helper $helper:ix /bin/true:rix
+-runchecktest "test 7a" pass -n 100 /bin/true
++genprofile image=$helper $helper:ix ${bin_true}:rix
++runchecktest "test 7a" pass -n 100 ${bin_true}
+ # pass - ptrace_attach is allowed from confined process to unconfined
+-runchecktest "test 7a -c " pass -c -n 100 /bin/true
++runchecktest "test 7a -c " pass -c -n 100 ${bin_true}
+ runchecktest "test 7a -h" pass -h -n 100 $helper
+ # pass - ptrace_attach is allowed from confined process to unconfined
+ runchecktest "test 7a -hc " pass -h -c -n 100 $helper
+-runchecktest "test 7a -h prog" pass -h -n 100 $helper /bin/true
+-runchecktest "test 7a -hc prog" pass -h -c -n 100 $helper /bin/true
++runchecktest "test 7a -h prog" pass -h -n 100 $helper ${bin_true}
++runchecktest "test 7a -hc prog" pass -h -c -n 100 $helper ${bin_true}
+ 
+ #traced helper from unconfined
+-genprofile image=$helper $helper:ix /bin/true:rpx -- image=/bin/true
+-runchecktest "test 8" pass -n 100 /bin/true
++genprofile image=$helper $helper:ix ${bin_true}:rpx -- image=${bin_true}
++runchecktest "test 8" pass -n 100 ${bin_true}
+ # pass - ptrace_attach is done before exec
+-runchecktest "test 8 -c " pass -c -n 100 /bin/true
++runchecktest "test 8 -c " pass -c -n 100 ${bin_true}
+ runchecktest "test 8 -h" pass -h -n 100 $helper
+ runchecktest "test 8 -hc " pass -h -c -n 100 $helper
+ # pass - can px if tracer can ptrace target
+-runchecktest "test 8 -h prog" pass -h -n 100 $helper /bin/true
+-runchecktest "test 8 -hc prog" pass -h -c -n 100 $helper /bin/true
++runchecktest "test 8 -h prog" pass -h -n 100 $helper ${bin_true}
++runchecktest "test 8 -hc prog" pass -h -c -n 100 $helper ${bin_true}
+ 
+ #traced helper from unconfined
+-genprofile image=$helper $helper:ix /bin/true:rux -- image=/bin/true
+-runchecktest "test 9" pass -n 100 /bin/true
++genprofile image=$helper $helper:ix ${bin_true}:rux -- image=${bin_true}
++runchecktest "test 9" pass -n 100 ${bin_true}
+ # pass - ptrace_attach is done before exec
+-runchecktest "test 9 -c " pass -c -n 100 /bin/true
++runchecktest "test 9 -c " pass -c -n 100 ${bin_true}
+ runchecktest "test 9 -h" pass -h -n 100 $helper
+ runchecktest "test 9 -hc " pass -h -c -n 100 $helper
+ # pass - can ux if tracer can ptrace target
+-runchecktest "test 9 -h prog" pass -h -n 100 $helper /bin/true
+-runchecktest "test 9 -hc prog" pass -h -c -n 100 $helper /bin/true
++runchecktest "test 9 -h prog" pass -h -n 100 $helper ${bin_true}
++runchecktest "test 9 -hc prog" pass -h -c -n 100 $helper ${bin_true}
+ 
+ genprofile
+ # fail due to no exec permission
+-runchecktest "test 10" fail -n 100 /bin/true
+-runchecktest "test 10 -c" fail -c -n 100 /bin/true
++runchecktest "test 10" fail -n 100 ${bin_true}
++runchecktest "test 10 -c" fail -c -n 100 ${bin_true}
+ runchecktest "test 10 -h" fail -h -n 100 $helper
+ runchecktest "test 10 -hc" fail -h -c -n 100 $helper
+-runchecktest "test 10 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 10 -hc prog" fail -h -c -n 100 $helper /bin/true
++runchecktest "test 10 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 10 -hc prog" fail -h -c -n 100 $helper ${bin_true}
+ 
+-genprofile /bin/true:ix $helper:ix
++genprofile ${bin_true}:ix $helper:ix
+ # fail due to missing r permission
+-#runchecktest "test 11" fail -n 100 /bin/true
+-#runchecktest "test 11 -c" fail -c -n 100 /bin/true
++#runchecktest "test 11" fail -n 100 ${bin_true}
++#runchecktest "test 11 -c" fail -c -n 100 ${bin_true}
+ #runchecktest "test 11 -h" fail -h -n 100 $helper
+ #runchecktest "test 11 -hc" fail -h -c -n 100 $helper
+-#runchecktest "test 11 -h prog" fail -h -n 100 $helper /bin/true
+-#runchecktest "test 11 -hc prog" fail -h -c -n 100 $helper /bin/true
++#runchecktest "test 11 -h prog" fail -h -n 100 $helper ${bin_true}
++#runchecktest "test 11 -hc prog" fail -h -c -n 100 $helper ${bin_true}
+ 
+ # pass allowed to ix self
+-genprofile /bin/true:rix $helper:rix
+-runchecktest "test 12" pass -n 100 /bin/true
+-runchecktest "test 12 -c" pass -c -n 100 /bin/true
++genprofile ${bin_true}:rix $helper:rix
++runchecktest "test 12" pass -n 100 ${bin_true}
++runchecktest "test 12 -c" pass -c -n 100 ${bin_true}
+ runchecktest "test 12 -h" pass -h -n 100 $helper
+ runchecktest "test 12 -hc" pass -h -c -n 100 $helper
+-runchecktest "test 12 -h prog" pass -h -n 100 $helper /bin/true
+-runchecktest "test 12 -hc prog" pass -h -c -n 100 $helper /bin/true
++runchecktest "test 12 -h prog" pass -h -n 100 $helper ${bin_true}
++runchecktest "test 12 -hc prog" pass -h -c -n 100 $helper ${bin_true}
+ 
+ #ptraced confined app can't px - fails to unset profile
+-genprofile image=$helper $helper:rix /bin/true:rpx
+-runchecktest "test 13 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13 -hc prog" fail -h -c -n 100 $helper /bin/true
++genprofile image=$helper $helper:rix ${bin_true}:rpx
++runchecktest "test 13 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13 -hc prog" fail -h -c -n 100 $helper ${bin_true}
+ 
+ 
+ #ptraced confined app can ux - if the tracer is unconfined
+ #
+-genprofile image=$helper $helper:rix /bin/true:rux
+-runchecktest "test 14a -h prog" pass -h -n 100 $helper /bin/true
+-runchecktest "test 14a -hc prog" pass -h -c -n 100 $helper /bin/true
++genprofile image=$helper $helper:rix ${bin_true}:rux
++runchecktest "test 14a -h prog" pass -h -n 100 $helper ${bin_true}
++runchecktest "test 14a -hc prog" pass -h -c -n 100 $helper ${bin_true}
+ #ptraced confined app can't ux - if the tracer can't trace unconfined
+-genprofile $helper:rpx -- image=$helper $helper:rix /bin/true:rux
+-runchecktest "test 14b -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 14b -hc prog" fail -h -c -n 100 $helper /bin/true
++genprofile $helper:rpx -- image=$helper $helper:rix ${bin_true}:rux
++runchecktest "test 14b -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 14b -hc prog" fail -h -c -n 100 $helper ${bin_true}
+ 
+ #confined app can't ptrace an unconfined app
+ genprofile $helper:rux
+ runchecktest "test 15 -h" fail -h -n 100 $helper
+-runchecktest "test 15 -h prog" fail -h -n 100 $helper /bin/true
++runchecktest "test 15 -h prog" fail -h -n 100 $helper ${bin_true}
+ #an unconfined app can't ask a confined app to trace it
+ runchecktest "test 15 -hc" fail -h -c -n 100 $helper
+-runchecktest "test 15 -hc prog" fail -h -c -n 100 $helper /bin/true
++runchecktest "test 15 -hc prog" fail -h -c -n 100 $helper ${bin_true}
+ 
+ #confined app can't ptrace an app confined by a different profile
+ genprofile $helper:rpx -- image=$helper
+ runchecktest "test 15 -h" fail -h -n 100 $helper
+-runchecktest "test 15 -h prog" fail -h -n 100 $helper /bin/true
++runchecktest "test 15 -h prog" fail -h -n 100 $helper ${bin_true}
+ #a confined app can't ask another confined app with a different profile to
+ #trace it
+ runchecktest "test 15 -hc" fail -h -c -n 100 $helper
+-runchecktest "test 15 -hc prog" fail -h -c -n 100 $helper /bin/true
++runchecktest "test 15 -hc prog" fail -h -c -n 100 $helper ${bin_true}
+ 
+ 
+ 
+diff --git a/tests/regression/apparmor/ptrace_v6.inc b/tests/regression/apparmor/ptrace_v6.inc
+index 37781551..b0cf983a 100644
+--- a/tests/regression/apparmor/ptrace_v6.inc
++++ b/tests/regression/apparmor/ptrace_v6.inc
+@@ -25,186 +25,186 @@ genprofile image=$helper signal:ALL ptrace:tracedby:peer=unconfined
+ 
+ runchecktest "test 3 -h" pass -h -n 100 $helper
+ runchecktest "test 3 -hc " pass -h -c -n 100 $helper
+-# can't exec /bin/true so fail
+-runchecktest "test 3 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 3 -hc prog" fail -h -c -n 100 $helper /bin/true
++# can't exec ${bin_true} so fail
++runchecktest "test 3 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 3 -hc prog" fail -h -c -n 100 $helper ${bin_true}
+ 
+ # lack of 'r' perm is currently not working
+ genprofile image=$helper $helper:ix signal:ALL
+ runchecktest "test 4 -h" pass -h -n 100 $helper
+ runchecktest "test 4 -hc " pass -h -c -n 100 $helper
+-# can't exec /bin/true so fail
+-runchecktest "test 4 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 4 -hc prog" fail -h -c -n 100 $helper /bin/true
++# can't exec ${bin_true} so fail
++runchecktest "test 4 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 4 -hc prog" fail -h -c -n 100 $helper ${bin_true}
+ 
+ genprofile image=$helper $helper:rix signal:ALL
+ runchecktest "test 5 -h" pass -h -n 100 $helper
+ runchecktest "test 5 -hc " pass -h -c -n 100 $helper
+-# can't exec /bin/true so fail
+-runchecktest "test 5 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 5 -hc prog" fail -h -c -n 100 $helper /bin/true
++# can't exec ${bin_true} so fail
++runchecktest "test 5 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 5 -hc prog" fail -h -c -n 100 $helper ${bin_true}
+ 
+-genprofile image=$helper $helper:ix /bin/true:rix signal:ALL
++genprofile image=$helper $helper:ix ${bin_true}:rix signal:ALL
+ runchecktest "test 6 -h" pass -h -n 100 $helper
+ runchecktest "test 6 -hc " pass -h -c -n 100 $helper
+-runchecktest "test 6 -h prog" pass -h -n 100 $helper /bin/true
+-runchecktest "test 6 -hc prog" pass -h -c -n 100 $helper /bin/true
++runchecktest "test 6 -h prog" pass -h -n 100 $helper ${bin_true}
++runchecktest "test 6 -hc prog" pass -h -c -n 100 $helper ${bin_true}
+ 
+ #traced child can ptrace_me to unconfined have unconfined trace them
+-genprofile image=/bin/true signal:ALL
+-runchecktest "test 7" pass -n 100 /bin/true
++genprofile image=${bin_true} signal:ALL
++runchecktest "test 7" pass -n 100 ${bin_true}
+ # pass - ptrace_attach is done in unconfined helper
+-runchecktest "test 7 -c " pass -c -n 100 /bin/true
++runchecktest "test 7 -c " pass -c -n 100 ${bin_true}
+ runchecktest "test 7 -h" pass -h -n 100 $helper
+ # pass - ptrace_attach is done in unconfined helper
+ runchecktest "test 7 -hc " pass -h -c -n 100 $helper
+-runchecktest "test 7 -h prog" pass -h -n 100 $helper /bin/true
+-runchecktest "test 7 -hc prog" pass -h -c -n 100 $helper /bin/true
++runchecktest "test 7 -h prog" pass -h -n 100 $helper ${bin_true}
++runchecktest "test 7 -hc prog" pass -h -c -n 100 $helper ${bin_true}
+ 
+-genprofile image=$helper $helper:ix /bin/true:rix signal:ALL
+-runchecktest "test 7a" pass -n 100 /bin/true
++genprofile image=$helper $helper:ix ${bin_true}:rix signal:ALL
++runchecktest "test 7a" pass -n 100 ${bin_true}
+ # pass - ptrace_attach is allowed from confined process to unconfined
+-runchecktest "test 7a -c " pass -c -n 100 /bin/true
++runchecktest "test 7a -c " pass -c -n 100 ${bin_true}
+ runchecktest "test 7a -h" pass -h -n 100 $helper
+ # pass - ptrace_attach is allowed from confined process to unconfined
+ runchecktest "test 7a -hc " pass -h -c -n 100 $helper
+-runchecktest "test 7a -h prog" pass -h -n 100 $helper /bin/true
+-runchecktest "test 7a -hc prog" pass -h -c -n 100 $helper /bin/true
++runchecktest "test 7a -h prog" pass -h -n 100 $helper ${bin_true}
++runchecktest "test 7a -hc prog" pass -h -c -n 100 $helper ${bin_true}
+ 
+ #traced helper from unconfined
+-genprofile image=$helper $helper:ix /bin/true:rpx signal:ALL -- image=/bin/true signal:ALL
+-runchecktest "test 8" pass -n 100 /bin/true
++genprofile image=$helper $helper:ix ${bin_true}:rpx signal:ALL -- image=${bin_true} signal:ALL
++runchecktest "test 8" pass -n 100 ${bin_true}
+ # pass - ptrace_attach is done before exec
+-runchecktest "test 8 -c " pass -c -n 100 /bin/true
++runchecktest "test 8 -c " pass -c -n 100 ${bin_true}
+ runchecktest "test 8 -h" pass -h -n 100 $helper
+ runchecktest "test 8 -hc " pass -h -c -n 100 $helper
+ # pass - can px if tracer can ptrace target
+-runchecktest "test 8 -h prog" pass -h -n 100 $helper /bin/true
+-runchecktest "test 8 -hc prog" pass -h -c -n 100 $helper /bin/true
++runchecktest "test 8 -h prog" pass -h -n 100 $helper ${bin_true}
++runchecktest "test 8 -hc prog" pass -h -c -n 100 $helper ${bin_true}
+ 
+ #traced helper from unconfined
+-genprofile image=$helper $helper:ix /bin/true:rux signal:ALL -- image=/bin/true signal:ALL
+-runchecktest "test 9" pass -n 100 /bin/true
++genprofile image=$helper $helper:ix ${bin_true}:rux signal:ALL -- image=${bin_true} signal:ALL
++runchecktest "test 9" pass -n 100 ${bin_true}
+ # pass - ptrace_attach is done before exec
+-runchecktest "test 9 -c " pass -c -n 100 /bin/true
++runchecktest "test 9 -c " pass -c -n 100 ${bin_true}
+ runchecktest "test 9 -h" pass -h -n 100 $helper
+ runchecktest "test 9 -hc " pass -h -c -n 100 $helper
+ # pass - can ux if tracer can ptrace target
+-runchecktest "test 9 -h prog" pass -h -n 100 $helper /bin/true
+-runchecktest "test 9 -hc prog" pass -h -c -n 100 $helper /bin/true
++runchecktest "test 9 -h prog" pass -h -n 100 $helper ${bin_true}
++runchecktest "test 9 -hc prog" pass -h -c -n 100 $helper ${bin_true}
+ 
+ genprofile signal:ALL
+ # fail due to no exec permission
+-runchecktest "test 10" fail -n 100 /bin/true
+-runchecktest "test 10 -c" fail -c -n 100 /bin/true
++runchecktest "test 10" fail -n 100 ${bin_true}
++runchecktest "test 10 -c" fail -c -n 100 ${bin_true}
+ runchecktest "test 10 -h" fail -h -n 100 $helper
+ runchecktest "test 10 -hc" fail -h -c -n 100 $helper
+-runchecktest "test 10 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 10 -hc prog" fail -h -c -n 100 $helper /bin/true
++runchecktest "test 10 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 10 -hc prog" fail -h -c -n 100 $helper ${bin_true}
+ 
+-genprofile /bin/true:ix $helper:ix signal:ALL
++genprofile ${bin_true}:ix $helper:ix signal:ALL
+ # fail due to missing r permission
+-#runchecktest "test 11" fail -n 100 /bin/true
+-#runchecktest "test 11 -c" fail -c -n 100 /bin/true
++#runchecktest "test 11" fail -n 100 ${bin_true}
++#runchecktest "test 11 -c" fail -c -n 100 ${bin_true}
+ #runchecktest "test 11 -h" fail -h -n 100 $helper
+ #runchecktest "test 11 -hc" fail -h -c -n 100 $helper
+-#runchecktest "test 11 -h prog" fail -h -n 100 $helper /bin/true
+-#runchecktest "test 11 -hc prog" fail -h -c -n 100 $helper /bin/true
++#runchecktest "test 11 -h prog" fail -h -n 100 $helper ${bin_true}
++#runchecktest "test 11 -hc prog" fail -h -c -n 100 $helper ${bin_true}
+ 
+ # fail was pass in v5 allowed to ix self
+-genprofile /bin/true:rix $helper:rix signal:ALL
+-runchecktest "test 12" fail -n 100 /bin/true
+-runchecktest "test 12 -c" fail -c -n 100 /bin/true
++genprofile ${bin_true}:rix $helper:rix signal:ALL
++runchecktest "test 12" fail -n 100 ${bin_true}
++runchecktest "test 12 -c" fail -c -n 100 ${bin_true}
+ runchecktest "test 12 -h" fail -h -n 100 $helper
+ runchecktest "test 12 -hc" fail -h -c -n 100 $helper
+-runchecktest "test 12 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 12 -hc prog" fail -h -c -n 100 $helper /bin/true
++runchecktest "test 12 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 12 -hc prog" fail -h -c -n 100 $helper ${bin_true}
+ 
+ #ptraced confined app traced by unconfined can px
+-genprofile image=$helper $helper:rix /bin/true:rpx signal:ALL -- image=/bin/true /bin/true:rix
+-runchecktest "test 13u -h prog" pass -h -n 100 $helper /bin/true
+-runchecktest "test 13u -hc prog" pass -h -c -n 100 $helper /bin/true
++genprofile image=$helper $helper:rix ${bin_true}:rpx signal:ALL -- image=${bin_true} ${bin_true}:rix
++runchecktest "test 13u -h prog" pass -h -n 100 $helper ${bin_true}
++runchecktest "test 13u -hc prog" pass -h -c -n 100 $helper ${bin_true}
+ 
+ #ptraced confined app traced by profile without ptrace on targeted can't px
+-genprofile /bin/true:rpx signal:ALL -- image=/bin/true /bin/true:rix
+-runchecktest "test 13 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13 -hc prog" fail -h -c -n 100 $helper /bin/true
++genprofile ${bin_true}:rpx signal:ALL -- image=${bin_true} ${bin_true}:rix
++runchecktest "test 13 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13 -hc prog" fail -h -c -n 100 $helper ${bin_true}
+ 
+ 
+ #ptraced confined app can ux - if the tracer is unconfined
+ #
+-genprofile image=$helper $helper:rix /bin/true:rux signal:ALL
+-runchecktest "test 14a -h prog" pass -h -n 100 $helper /bin/true
+-runchecktest "test 14a -hc prog" pass -h -c -n 100 $helper /bin/true
++genprofile image=$helper $helper:rix ${bin_true}:rux signal:ALL
++runchecktest "test 14a -h prog" pass -h -n 100 $helper ${bin_true}
++runchecktest "test 14a -hc prog" pass -h -c -n 100 $helper ${bin_true}
+ #ptraced confined app can't ux - if the tracer can't trace unconfined
+-genprofile $helper:rpx signal:ALL -- image=$helper $helper:rix /bin/true:rux signal:ALL
+-runchecktest "test 14b -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 14b -hc prog" fail -h -c -n 100 $helper /bin/true
++genprofile $helper:rpx signal:ALL -- image=$helper $helper:rix ${bin_true}:rux signal:ALL
++runchecktest "test 14b -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 14b -hc prog" fail -h -c -n 100 $helper ${bin_true}
+ 
+ #confined app can't ptrace an unconfined app
+ genprofile $helper:rux signal:ALL
+ runchecktest "test 15 -h" fail -h -n 100 $helper
+-runchecktest "test 15 -h prog" fail -h -n 100 $helper /bin/true
++runchecktest "test 15 -h prog" fail -h -n 100 $helper ${bin_true}
+ #an unconfined app can't ask a confined app to trace it
+ runchecktest "test 15 -hc" fail -h -c -n 100 $helper
+-runchecktest "test 15 -hc prog" fail -h -c -n 100 $helper /bin/true
++runchecktest "test 15 -hc prog" fail -h -c -n 100 $helper ${bin_true}
+ 
+ #confined app can't ptrace an app confined by a different profile
+ genprofile $helper:rpx signal:ALL -- image=$helper signal:ALL
+ runchecktest "test 15 -h" fail -h -n 100 $helper
+-runchecktest "test 15 -h prog" fail -h -n 100 $helper /bin/true
++runchecktest "test 15 -h prog" fail -h -n 100 $helper ${bin_true}
+ #a confined app can't ask another confined app with a different profile to
+ #trace it
+ runchecktest "test 15 -hc" fail -h -c -n 100 $helper
+-runchecktest "test 15 -hc prog" fail -h -c -n 100 $helper /bin/true
++runchecktest "test 15 -hc prog" fail -h -c -n 100 $helper ${bin_true}
+ 
+ ################### cap:sys_ptrace doesn't change results from above ##########################
+ # fail was pass in v5 allowed to ix self
+-genprofile /bin/true:rix $helper:rix signal:ALL cap:sys_ptrace
+-runchecktest "test 12c" fail -n 100 /bin/true
+-runchecktest "test 12c -c" fail -c -n 100 /bin/true
++genprofile ${bin_true}:rix $helper:rix signal:ALL cap:sys_ptrace
++runchecktest "test 12c" fail -n 100 ${bin_true}
++runchecktest "test 12c -c" fail -c -n 100 ${bin_true}
+ runchecktest "test 12c -h" fail -h -n 100 $helper
+ runchecktest "test 12c -hc" fail -h -c -n 100 $helper
+-runchecktest "test 12c -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 12c -hc prog" fail -h -c -n 100 $helper /bin/true
++runchecktest "test 12c -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 12c -hc prog" fail -h -c -n 100 $helper ${bin_true}
+ 
+ #ptraced confined app traced by unconfined can px
+-genprofile image=$helper $helper:rix /bin/true:rpx signal:ALL cap:sys_ptrace -- image=/bin/true /bin/true:rix cap:sys_ptrace
+-runchecktest "test 13cu -h prog" pass -h -n 100 $helper /bin/true
+-runchecktest "test 13cu -hc prog" pass -h -c -n 100 $helper /bin/true
++genprofile image=$helper $helper:rix ${bin_true}:rpx signal:ALL cap:sys_ptrace -- image=${bin_true} ${bin_true}:rix cap:sys_ptrace
++runchecktest "test 13cu -h prog" pass -h -n 100 $helper ${bin_true}
++runchecktest "test 13cu -hc prog" pass -h -c -n 100 $helper ${bin_true}
+ 
+ #ptraced confined app traced by profile without ptrace on targeted can't px
+-genprofile /bin/true:rpx signal:ALL cap:sys_ptrace -- image=/bin/true /bin/true:rix cap:sys_ptrace
+-runchecktest "test 13c -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13c -hc prog" fail -h -c -n 100 $helper /bin/true
++genprofile ${bin_true}:rpx signal:ALL cap:sys_ptrace -- image=${bin_true} ${bin_true}:rix cap:sys_ptrace
++runchecktest "test 13c -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13c -hc prog" fail -h -c -n 100 $helper ${bin_true}
+ 
+ 
+ #ptraced confined app can ux - if the tracer is unconfined
+ #
+-genprofile image=$helper $helper:rix /bin/true:rux signal:ALL cap:sys_ptrace
+-runchecktest "test 14ca -h prog" pass -h -n 100 $helper /bin/true
+-runchecktest "test 14ca -hc prog" pass -h -c -n 100 $helper /bin/true
++genprofile image=$helper $helper:rix ${bin_true}:rux signal:ALL cap:sys_ptrace
++runchecktest "test 14ca -h prog" pass -h -n 100 $helper ${bin_true}
++runchecktest "test 14ca -hc prog" pass -h -c -n 100 $helper ${bin_true}
+ #ptraced confined app can't ux - if the tracer can't trace unconfined
+-genprofile $helper:rpx signal:ALL -- image=$helper $helper:rix /bin/true:rux signal:ALL
+-runchecktest "test 14cb -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 14cb -hc prog" fail -h -c -n 100 $helper /bin/true
++genprofile $helper:rpx signal:ALL -- image=$helper $helper:rix ${bin_true}:rux signal:ALL
++runchecktest "test 14cb -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 14cb -hc prog" fail -h -c -n 100 $helper ${bin_true}
+ 
+ #confined app can't ptrace an unconfined app
+ genprofile $helper:rux signal:ALL cap:sys_ptrace
+ runchecktest "test 15c -h" fail -h -n 100 $helper
+-runchecktest "test 15c -h prog" fail -h -n 100 $helper /bin/true
++runchecktest "test 15c -h prog" fail -h -n 100 $helper ${bin_true}
+ #an unconfined app can't ask a confined app to trace it
+ runchecktest "test 15c -hc" fail -h -c -n 100 $helper
+-runchecktest "test 15c -hc prog" fail -h -c -n 100 $helper /bin/true
++runchecktest "test 15c -hc prog" fail -h -c -n 100 $helper ${bin_true}
+ 
+ #confined app can't ptrace an app confined by a different profile
+ genprofile $helper:rpx signal:ALL cap:sys_ptrace -- image=$helper signal:ALL cap:sys_ptrace
+ runchecktest "test 15c -h" fail -h -n 100 $helper
+-runchecktest "test 15c -h prog" fail -h -n 100 $helper /bin/true
++runchecktest "test 15c -h prog" fail -h -n 100 $helper ${bin_true}
+ #a confined app can't ask another confined app with a different profile to
+ #trace it
+ runchecktest "test 15c -hc" fail -h -c -n 100 $helper
+-runchecktest "test 15c -hc prog" fail -h -c -n 100 $helper /bin/true
++runchecktest "test 15c -hc prog" fail -h -c -n 100 $helper ${bin_true}
+ 
+ 
+ ################################################################################
+@@ -213,163 +213,163 @@ runchecktest "test 15c -hc prog" fail -h -c -n 100 $helper /bin/true
+ 
+ ##### Now do tests with ptrace rules in profiles #######
+ # pass in v5 allowed to ix self
+-genprofile /bin/true:rix $helper:rix signal:ALL ptrace:ALL
+-runchecktest "test 12p" pass -n 100 /bin/true
+-runchecktest "test 12p -c" pass -c -n 100 /bin/true
++genprofile ${bin_true}:rix $helper:rix signal:ALL ptrace:ALL
++runchecktest "test 12p" pass -n 100 ${bin_true}
++runchecktest "test 12p -c" pass -c -n 100 ${bin_true}
+ runchecktest "test 12p -h" pass -h -n 100 $helper
+ runchecktest "test 12p -hc" pass -h -c -n 100 $helper
+-runchecktest "test 12p -h prog" pass -h -n 100 $helper /bin/true
+-runchecktest "test 12p -hc prog" pass -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rix $helper:rix signal:ALL ptrace:peer=$test
+-runchecktest "test 12p1" pass -n 100 /bin/true
+-runchecktest "test 12p1 -c" pass -c -n 100 /bin/true
++runchecktest "test 12p -h prog" pass -h -n 100 $helper ${bin_true}
++runchecktest "test 12p -hc prog" pass -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rix $helper:rix signal:ALL ptrace:peer=$test
++runchecktest "test 12p1" pass -n 100 ${bin_true}
++runchecktest "test 12p1 -c" pass -c -n 100 ${bin_true}
+ runchecktest "test 12p1 -h" pass -h -n 100 $helper
+ runchecktest "test 12p1 -hc" pass -h -c -n 100 $helper
+-runchecktest "test 12p1 -h prog" pass -h -n 100 $helper /bin/true
+-runchecktest "test 12p1 -hc prog" pass -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rix $helper:rix signal:ALL ptrace:peer=notaprofile
+-runchecktest "test 12p2" fail -n 100 /bin/true
+-runchecktest "test 12p2 -c" fail -c -n 100 /bin/true
++runchecktest "test 12p1 -h prog" pass -h -n 100 $helper ${bin_true}
++runchecktest "test 12p1 -hc prog" pass -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rix $helper:rix signal:ALL ptrace:peer=notaprofile
++runchecktest "test 12p2" fail -n 100 ${bin_true}
++runchecktest "test 12p2 -c" fail -c -n 100 ${bin_true}
+ runchecktest "test 12p2 -h" fail -h -n 100 $helper
+ runchecktest "test 12p2 -hc" fail -h -c -n 100 $helper
+-runchecktest "test 12p2 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 12p2 -hc prog" fail -h -c -n 100 $helper /bin/true
++runchecktest "test 12p2 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 12p2 -hc prog" fail -h -c -n 100 $helper ${bin_true}
+ 
+ 
+ #ptraced confined app traced by profile can px
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix
+-runchecktest "test 13p1 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13p2 -hc prog" fail -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby
+-runchecktest "test 13p3 -h prog" pass -h -n 100 $helper /bin/true
+-runchecktest "test 13p4 -hc prog" pass -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=$test
+-runchecktest "test 13p5 -h prog" pass -h -n 100 $helper /bin/true
+-runchecktest "test 13p6 -hc prog" pass -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=notaprofile
+-runchecktest "test 13p7 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13p8 -hc prog" fail -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:trace
+-runchecktest "test 13p9 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13pa -hc prog" fail -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:trace:peer=$test
+-runchecktest "test 13pb -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13pc -hc prog" fail -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:trace:peer=notaprofile
+-runchecktest "test 13pd -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13pe -hc prog" fail -h -c -n 100 $helper /bin/true
+-
+-
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=/bin/true -- image=/bin/true /bin/true:rix
+-runchecktest "test 13p11 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13p21 -hc prog" fail -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby
+-runchecktest "test 13p31 -h prog" pass -h -n 100 $helper /bin/true
+-runchecktest "test 13p41 -hc prog" pass -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=$test
+-runchecktest "test 13p51 -h prog" pass -h -n 100 $helper /bin/true
+-runchecktest "test 13p61 -hc prog" pass -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=notaprofile
+-runchecktest "test 13p71 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13p81 -hc prog" fail -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:trace
+-runchecktest "test 13p91 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13pa1 -hc prog" fail -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:trace:peer=$test
+-runchecktest "test 13pb1 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13pc1 -hc prog" fail -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:trace:peer=notaprofile
+-runchecktest "test 13pd1 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13pe1 -hc prog" fail -h -c -n 100 $helper /bin/true
+-
+-
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix
+-runchecktest "test 13p12 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13p22 -hc prog" fail -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:tracedby
+-runchecktest "test 13p32 -h prog" pass -h -n 100 $helper /bin/true
+-runchecktest "test 13p42 -hc prog" pass -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=$test
+-runchecktest "test 13p52 -h prog" pass -h -n 100 $helper /bin/true
+-runchecktest "test 13p62 -hc prog" pass -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=notaprofile
+-runchecktest "test 13p72 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13p82 -hc prog" fail -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:trace
+-runchecktest "test 13p92 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13pa2 -hc prog" fail -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:trace:peer=$test
+-runchecktest "test 13pb2 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13pc2 -hc prog" fail -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:trace:peer=notaprofile
+-runchecktest "test 13pd2 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13pe2 -hc prog" fail -h -c -n 100 $helper /bin/true
+-
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix
+-runchecktest "test 13p13 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13p23 -hc prog" fail -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:tracedby
+-runchecktest "test 13p33 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13p43 -hc prog" fail -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=$test
+-runchecktest "test 13p53 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13p63 -hc prog" fail -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=notaprofile
+-runchecktest "test 13p73 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13p83 -hc prog" fail -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:trace
+-runchecktest "test 13p93 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13pa3 -hc prog" fail -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:trace:peer=$test
+-runchecktest "test 13pb3 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13pc3 -hc prog" fail -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:trace:peer=notaprofile
+-runchecktest "test 13pd3 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13pe3 -hc prog" fail -h -c -n 100 $helper /bin/true
+-
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix
+-runchecktest "test 13p14 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13p24 -hc prog" fail -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby
+-runchecktest "test 13p34 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13p44 -hc prog" fail -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=$test
+-runchecktest "test 13p54 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13p64 -hc prog" fail -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=notaprofile
+-runchecktest "test 13p74 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13p84 -hc prog" fail -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:trace
+-runchecktest "test 13p94 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13pa4 -hc prog" fail -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:trace:peer=$test
+-runchecktest "test 13pb4 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13pc4 -hc prog" fail -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:trace:peer=notaprofile
+-runchecktest "test 13pd4 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13pe4 -hc prog" fail -h -c -n 100 $helper /bin/true
+-
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix
+-runchecktest "test 13p15 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13p25 -hc prog" fail -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby
+-runchecktest "test 13p35 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13p45 -hc prog" fail -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=$test
+-runchecktest "test 13p55 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13p65 -hc prog" fail -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=notaprofile
+-runchecktest "test 13p75 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13p85 -hc prog" fail -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:trace
+-runchecktest "test 13p95 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13pa5 -hc prog" fail -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:trace:peer=$test
+-runchecktest "test 13pb5 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13pc5 -hc prog" fail -h -c -n 100 $helper /bin/true
+-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:trace:peer=notaprofile
+-runchecktest "test 13pd5 -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 13pe5 -hc prog" fail -h -c -n 100 $helper /bin/true
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix
++runchecktest "test 13p1 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13p2 -hc prog" fail -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:tracedby
++runchecktest "test 13p3 -h prog" pass -h -n 100 $helper ${bin_true}
++runchecktest "test 13p4 -hc prog" pass -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=$test
++runchecktest "test 13p5 -h prog" pass -h -n 100 $helper ${bin_true}
++runchecktest "test 13p6 -hc prog" pass -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=notaprofile
++runchecktest "test 13p7 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13p8 -hc prog" fail -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:trace
++runchecktest "test 13p9 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13pa -hc prog" fail -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=$test
++runchecktest "test 13pb -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13pc -hc prog" fail -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=notaprofile
++runchecktest "test 13pd -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13pe -hc prog" fail -h -c -n 100 $helper ${bin_true}
++
++
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix
++runchecktest "test 13p11 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13p21 -hc prog" fail -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:tracedby
++runchecktest "test 13p31 -h prog" pass -h -n 100 $helper ${bin_true}
++runchecktest "test 13p41 -hc prog" pass -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=$test
++runchecktest "test 13p51 -h prog" pass -h -n 100 $helper ${bin_true}
++runchecktest "test 13p61 -hc prog" pass -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=notaprofile
++runchecktest "test 13p71 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13p81 -hc prog" fail -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:trace
++runchecktest "test 13p91 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13pa1 -hc prog" fail -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=$test
++runchecktest "test 13pb1 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13pc1 -hc prog" fail -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=notaprofile
++runchecktest "test 13pd1 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13pe1 -hc prog" fail -h -c -n 100 $helper ${bin_true}
++
++
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=${bin_true} ${bin_true}:rix
++runchecktest "test 13p12 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13p22 -hc prog" fail -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=${bin_true} ${bin_true}:rix ptrace:tracedby
++runchecktest "test 13p32 -h prog" pass -h -n 100 $helper ${bin_true}
++runchecktest "test 13p42 -hc prog" pass -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=$test
++runchecktest "test 13p52 -h prog" pass -h -n 100 $helper ${bin_true}
++runchecktest "test 13p62 -hc prog" pass -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=notaprofile
++runchecktest "test 13p72 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13p82 -hc prog" fail -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=${bin_true} ${bin_true}:rix ptrace:trace
++runchecktest "test 13p92 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13pa2 -hc prog" fail -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=$test
++runchecktest "test 13pb2 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13pc2 -hc prog" fail -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=notaprofile
++runchecktest "test 13pd2 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13pe2 -hc prog" fail -h -c -n 100 $helper ${bin_true}
++
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=${bin_true} ${bin_true}:rix
++runchecktest "test 13p13 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13p23 -hc prog" fail -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=${bin_true} ${bin_true}:rix ptrace:tracedby
++runchecktest "test 13p33 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13p43 -hc prog" fail -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=$test
++runchecktest "test 13p53 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13p63 -hc prog" fail -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=notaprofile
++runchecktest "test 13p73 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13p83 -hc prog" fail -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=${bin_true} ${bin_true}:rix ptrace:trace
++runchecktest "test 13p93 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13pa3 -hc prog" fail -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=$test
++runchecktest "test 13pb3 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13pc3 -hc prog" fail -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=notaprofile
++runchecktest "test 13pd3 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13pe3 -hc prog" fail -h -c -n 100 $helper ${bin_true}
++
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=${bin_true} ${bin_true}:rix
++runchecktest "test 13p14 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13p24 -hc prog" fail -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:tracedby
++runchecktest "test 13p34 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13p44 -hc prog" fail -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=$test
++runchecktest "test 13p54 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13p64 -hc prog" fail -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=notaprofile
++runchecktest "test 13p74 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13p84 -hc prog" fail -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:trace
++runchecktest "test 13p94 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13pa4 -hc prog" fail -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=$test
++runchecktest "test 13pb4 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13pc4 -hc prog" fail -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=notaprofile
++runchecktest "test 13pd4 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13pe4 -hc prog" fail -h -c -n 100 $helper ${bin_true}
++
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=${bin_true} ${bin_true}:rix
++runchecktest "test 13p15 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13p25 -hc prog" fail -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:tracedby
++runchecktest "test 13p35 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13p45 -hc prog" fail -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=$test
++runchecktest "test 13p55 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13p65 -hc prog" fail -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=notaprofile
++runchecktest "test 13p75 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13p85 -hc prog" fail -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:trace
++runchecktest "test 13p95 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13pa5 -hc prog" fail -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=$test
++runchecktest "test 13pb5 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13pc5 -hc prog" fail -h -c -n 100 $helper ${bin_true}
++genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=notaprofile
++runchecktest "test 13pd5 -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 13pe5 -hc prog" fail -h -c -n 100 $helper ${bin_true}
+ 
+ 
+ ### todo Variations of below tests
+@@ -377,30 +377,30 @@ runchecktest "test 13pe5 -hc prog" fail -h -c -n 100 $helper /bin/true
+ 
+ #ptraced confined app can ux - if the tracer is unconfined
+ #
+-genprofile image=$helper $helper:rix /bin/true:rux signal:ALL
+-runchecktest "test 14pa -h prog" pass -h -n 100 $helper /bin/true
+-runchecktest "test 14pa -hc prog" pass -h -c -n 100 $helper /bin/true
++genprofile image=$helper $helper:rix ${bin_true}:rux signal:ALL
++runchecktest "test 14pa -h prog" pass -h -n 100 $helper ${bin_true}
++runchecktest "test 14pa -hc prog" pass -h -c -n 100 $helper ${bin_true}
+ #ptraced confined app can't ux - if the tracer can't trace unconfined
+-genprofile $helper:rpx signal:ALL -- image=$helper $helper:rix /bin/true:rux signal:ALL
+-runchecktest "test 14pb -h prog" fail -h -n 100 $helper /bin/true
+-runchecktest "test 14pb -hc prog" fail -h -c -n 100 $helper /bin/true
++genprofile $helper:rpx signal:ALL -- image=$helper $helper:rix ${bin_true}:rux signal:ALL
++runchecktest "test 14pb -h prog" fail -h -n 100 $helper ${bin_true}
++runchecktest "test 14pb -hc prog" fail -h -c -n 100 $helper ${bin_true}
+ 
+ #confined app can't ptrace an unconfined app
+ genprofile $helper:rux signal:ALL
+ runchecktest "test 15p -h" fail -h -n 100 $helper
+-runchecktest "test 15p -h prog" fail -h -n 100 $helper /bin/true
++runchecktest "test 15p -h prog" fail -h -n 100 $helper ${bin_true}
+ #an unconfined app can't ask a confined app to trace it
+ runchecktest "test 15p -hc" fail -h -c -n 100 $helper
+-runchecktest "test 15p -hc prog" fail -h -c -n 100 $helper /bin/true
++runchecktest "test 15p -hc prog" fail -h -c -n 100 $helper ${bin_true}
+ 
+ #confined app can't ptrace an app confined by a different profile
+ genprofile $helper:rpx signal:ALL -- image=$helper signal:ALL
+ runchecktest "test 15p -h" fail -h -n 100 $helper
+-runchecktest "test 15p -h prog" fail -h -n 100 $helper /bin/true
++runchecktest "test 15p -h prog" fail -h -n 100 $helper ${bin_true}
+ #a confined app can't ask another confined app with a different profile to
+ #trace it
+ runchecktest "test 15p -hc" fail -h -c -n 100 $helper
+-runchecktest "test 15p -hc prog" fail -h -c -n 100 $helper /bin/true
++runchecktest "test 15p -hc prog" fail -h -c -n 100 $helper ${bin_true}
+ 
+ # Test LP: #1390592
+ # The bug was a policy compilation bug that triggers in a rule such as
+@@ -408,9 +408,9 @@ runchecktest "test 15p -hc prog" fail -h -c -n 100 $helper /bin/true
+ # a-f|A-F|0-9 to trigger the bug. A parser affected by this bug will create a
+ # bad binary policy that causes the kernel to unexpectedly deny the ptrace
+ # 'trace' of a process confined by profile ABC.
+-genprofile "$helper rpx -> ABC" signal:ALL ptrace:trace:peer=ABC -- image=ABC addimage:$helper /bin/true:rix signal:ALL ptrace:tracedby:peer=$test
+-runchecktest "test LP: #1390592 -h prog" pass -h -n 100 $helper /bin/true
+-runchecktest "test LP: #1390592 -hc prog" pass -h -c -n 100 $helper /bin/true
++genprofile "$helper rpx -> ABC" signal:ALL ptrace:trace:peer=ABC -- image=ABC addimage:$helper ${bin_true}:rix signal:ALL ptrace:tracedby:peer=$test
++runchecktest "test LP: #1390592 -h prog" pass -h -n 100 $helper ${bin_true}
++runchecktest "test LP: #1390592 -hc prog" pass -h -c -n 100 $helper ${bin_true}
+ 
+ ## TODO: ptrace read tests
+ ## TODO: ptrace + change_profile
+diff --git a/utils/test/fake_ldd b/utils/test/fake_ldd
+index 60f5c675..afec6eba 100755
+--- a/utils/test/fake_ldd
++++ b/utils/test/fake_ldd
+@@ -5,7 +5,7 @@ import sys
+ if len(sys.argv) != 2:
+     raise Exception('wrong number of arguments in fake_ldd')
+ 
+-if sys.argv[1] == '/AATest/bin/bash' or sys.argv[1] == '/bin/bash':
++if sys.argv[1] in ['/AATest/bin/bash', '/bin/bash', '/usr/bin/bash']:
+     print('        linux-vdso.so.1 (0x00007ffcf97f4000)')
+     print('        libreadline.so.6 => /AATest/lib64/libreadline.so.6 (0x00007f2c41324000)')
+     print('        libtinfo.so.6 => /AATest/lib64/libtinfo.so.6 (0x00007f2c410f9000)')
+diff --git a/utils/test/test-aa.py b/utils/test/test-aa.py
+index d93b8eae..56b14c6e 100644
+--- a/utils/test/test-aa.py
++++ b/utils/test/test-aa.py
+@@ -135,6 +135,9 @@ class AaTest_create_new_profile(AATest):
+         apparmor.aa.load_include('abstractions/bash')
+ 
+         exp_interpreter_path, exp_abstraction = expected
++        # damn symlinks!
++        if exp_interpreter_path:
++            exp_interpreter_path = os.path.realpath(exp_interpreter_path)
+ 
+         program = self.writeTmpfile('script', params)
+         profile = create_new_profile(program)
+@@ -178,11 +181,8 @@ class AaTest_get_interpreter_and_abstraction(AATest):
+         interpreter_path, abstraction = get_interpreter_and_abstraction(program)
+ 
+         # damn symlinks!
+-        if exp_interpreter_path and os.path.islink(exp_interpreter_path):
+-            dirname = os.path.dirname(exp_interpreter_path)
+-            exp_interpreter_path = os.readlink(exp_interpreter_path)
+-            if not exp_interpreter_path.startswith('/'):
+-                exp_interpreter_path = os.path.join(dirname, exp_interpreter_path)
++        if exp_interpreter_path:
++            exp_interpreter_path = os.path.realpath(exp_interpreter_path)
+ 
+         self.assertEqual(interpreter_path, exp_interpreter_path)
+         self.assertEqual(abstraction, exp_abstraction)