ef40d07d30
- add usrmerge-fixes.diff: fix test failures when /bin/sh is handled by update-alternatives (boo#1127877) OBS-URL: https://build.opensuse.org/request/show/682453 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=238
958 lines
59 KiB
Diff
958 lines
59 KiB
Diff
commit f75ec6fef6de26c0c9da8ecda4d28510720b52f3
|
|
Author: Steve Beattie <gitlab@nxnw.org>
|
|
Date: Wed Feb 13 16:57:52 2019 +0000
|
|
|
|
usr merge fixups
|
|
|
|
Debian and Ubuntu have releases coming out with usr-merge in place. For
|
|
these systems, /bin and /sbin are symlinks to their respective /usr
|
|
directories. This breaks a few tests in the python utils and in the
|
|
regression tests. This patch series fixes them, mostly by performing
|
|
realpath() calls when necessary. For the ptrace regression test,
|
|
it copies the called /bin/true binary into the created temporary
|
|
directory and executes it from there. (Good for other reasons, too.)
|
|
|
|
(cherry picked from commit b4ab8476e4721b922d2de193b9203bba0c192bf9)
|
|
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
|
|
Acked-by: John Johansen <john.johansen@canonical.com>
|
|
MR: https://gitlab.com/apparmor/apparmor/merge_requests/331
|
|
|
|
diff --git a/tests/regression/apparmor/mkprofile.pl b/tests/regression/apparmor/mkprofile.pl
|
|
index 7ca5ef12..6b192406 100755
|
|
--- a/tests/regression/apparmor/mkprofile.pl
|
|
+++ b/tests/regression/apparmor/mkprofile.pl
|
|
@@ -132,10 +132,10 @@ sub gen_binary($) {
|
|
my $hashbang = head($bin);
|
|
if ($hashbang && $hashbang =~ /^#!\s*(\S+)/) {
|
|
my $interpreter = $1;
|
|
- gen_file("$interpreter:rix");
|
|
+ gen_file(realpath($interpreter) . ":rix");
|
|
gen_elf_binary($interpreter);
|
|
} else {
|
|
- gen_elf_binary($bin)
|
|
+ gen_elf_binary(realpath($bin))
|
|
}
|
|
}
|
|
|
|
diff --git a/tests/regression/apparmor/ptrace.sh b/tests/regression/apparmor/ptrace.sh
|
|
index c3363479..320d65e8 100755
|
|
--- a/tests/regression/apparmor/ptrace.sh
|
|
+++ b/tests/regression/apparmor/ptrace.sh
|
|
@@ -30,26 +30,29 @@ bin=$pwd
|
|
|
|
helper=$pwd/ptrace_helper
|
|
|
|
+bin_true=${tmpdir}/true
|
|
+cp -pL /bin/true ${tmpdir}/true
|
|
+
|
|
# -n number of syscalls to perform
|
|
# -c have the child call ptrace_me, else parent does ptrace_attach
|
|
# -h transition child to ptrace_helper before doing ptrace (used to test
|
|
# x transitions with ptrace)
|
|
# test base line of unconfined tracing unconfined
|
|
-runchecktest "test 1" pass -n 100 /bin/true
|
|
-runchecktest "test 1 -c" pass -c -n 100 /bin/true
|
|
+runchecktest "test 1" pass -n 100 ${bin_true}
|
|
+runchecktest "test 1 -c" pass -c -n 100 ${bin_true}
|
|
runchecktest "test 1 -h" pass -h -n 100 $helper
|
|
runchecktest "test 1 -hc" pass -h -c -n 100 $helper
|
|
-runchecktest "test 1 -h prog" pass -h -n 100 $helper /bin/true
|
|
-runchecktest "test 1 -hc prog" pass -h -c -n 100 $helper /bin/true
|
|
+runchecktest "test 1 -h prog" pass -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 1 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
|
|
|
# test that unconfined can ptrace before profile attaches
|
|
-genprofile image=/bin/true signal:ALL
|
|
-runchecktest "test 2" pass -n 100 /bin/true
|
|
-runchecktest "test 2 -c" pass -c -n 100 /bin/true
|
|
+genprofile image=${bin_true} signal:ALL
|
|
+runchecktest "test 2" pass -n 100 ${bin_true}
|
|
+runchecktest "test 2 -c" pass -c -n 100 ${bin_true}
|
|
runchecktest "test 2 -h" pass -h -n 100 $helper
|
|
runchecktest "test 2 -hc" pass -h -c -n 100 $helper
|
|
-runchecktest "test 2 -h prog" pass -h -n 100 $helper /bin/true
|
|
-runchecktest "test 2 -hc prog" pass -h -c -n 100 $helper /bin/true
|
|
+runchecktest "test 2 -h prog" pass -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 2 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
|
|
|
|
|
if [ "$(kernel_features ptrace)" == "true" -a "$(parser_supports 'ptrace,')" == "true" ] ; then
|
|
diff --git a/tests/regression/apparmor/ptrace_v5.inc b/tests/regression/apparmor/ptrace_v5.inc
|
|
index 56833667..4a692402 100644
|
|
--- a/tests/regression/apparmor/ptrace_v5.inc
|
|
+++ b/tests/regression/apparmor/ptrace_v5.inc
|
|
@@ -13,133 +13,133 @@
|
|
genprofile image=$helper
|
|
runchecktest "test 3 -h" pass -h -n 100 $helper
|
|
runchecktest "test 3 -hc " pass -h -c -n 100 $helper
|
|
-# can't exec /bin/true so fail
|
|
-runchecktest "test 3 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 3 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
+# can't exec ${bin_true} so fail
|
|
+runchecktest "test 3 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 3 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
|
|
# lack of 'r' perm is currently not working
|
|
genprofile image=$helper $helper:ix
|
|
runchecktest "test 4 -h" pass -h -n 100 $helper
|
|
runchecktest "test 4 -hc " pass -h -c -n 100 $helper
|
|
-# can't exec /bin/true so fail
|
|
-runchecktest "test 4 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 4 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
+# can't exec ${bin_true} so fail
|
|
+runchecktest "test 4 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 4 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
|
|
genprofile image=$helper $helper:rix
|
|
runchecktest "test 5 -h" pass -h -n 100 $helper
|
|
runchecktest "test 5 -hc " pass -h -c -n 100 $helper
|
|
-# can't exec /bin/true so fail
|
|
-runchecktest "test 5 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 5 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
+# can't exec ${bin_true} so fail
|
|
+runchecktest "test 5 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 5 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
|
|
-genprofile image=$helper $helper:ix /bin/true:rix
|
|
+genprofile image=$helper $helper:ix ${bin_true}:rix
|
|
runchecktest "test 6 -h" pass -h -n 100 $helper
|
|
runchecktest "test 6 -hc " pass -h -c -n 100 $helper
|
|
-runchecktest "test 6 -h prog" pass -h -n 100 $helper /bin/true
|
|
-runchecktest "test 6 -hc prog" pass -h -c -n 100 $helper /bin/true
|
|
+runchecktest "test 6 -h prog" pass -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 6 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
|
|
|
#traced child can ptrace_me to unconfined have unconfined trace them
|
|
-genprofile image=/bin/true
|
|
-runchecktest "test 7" pass -n 100 /bin/true
|
|
+genprofile image=${bin_true}
|
|
+runchecktest "test 7" pass -n 100 ${bin_true}
|
|
# pass - ptrace_attach is done in unconfined helper
|
|
-runchecktest "test 7 -c " pass -c -n 100 /bin/true
|
|
+runchecktest "test 7 -c " pass -c -n 100 ${bin_true}
|
|
runchecktest "test 7 -h" pass -h -n 100 $helper
|
|
# pass - ptrace_attach is done in unconfined helper
|
|
runchecktest "test 7 -hc " pass -h -c -n 100 $helper
|
|
-runchecktest "test 7 -h prog" pass -h -n 100 $helper /bin/true
|
|
-runchecktest "test 7 -hc prog" pass -h -c -n 100 $helper /bin/true
|
|
+runchecktest "test 7 -h prog" pass -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 7 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
|
|
|
-genprofile image=$helper $helper:ix /bin/true:rix
|
|
-runchecktest "test 7a" pass -n 100 /bin/true
|
|
+genprofile image=$helper $helper:ix ${bin_true}:rix
|
|
+runchecktest "test 7a" pass -n 100 ${bin_true}
|
|
# pass - ptrace_attach is allowed from confined process to unconfined
|
|
-runchecktest "test 7a -c " pass -c -n 100 /bin/true
|
|
+runchecktest "test 7a -c " pass -c -n 100 ${bin_true}
|
|
runchecktest "test 7a -h" pass -h -n 100 $helper
|
|
# pass - ptrace_attach is allowed from confined process to unconfined
|
|
runchecktest "test 7a -hc " pass -h -c -n 100 $helper
|
|
-runchecktest "test 7a -h prog" pass -h -n 100 $helper /bin/true
|
|
-runchecktest "test 7a -hc prog" pass -h -c -n 100 $helper /bin/true
|
|
+runchecktest "test 7a -h prog" pass -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 7a -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
|
|
|
#traced helper from unconfined
|
|
-genprofile image=$helper $helper:ix /bin/true:rpx -- image=/bin/true
|
|
-runchecktest "test 8" pass -n 100 /bin/true
|
|
+genprofile image=$helper $helper:ix ${bin_true}:rpx -- image=${bin_true}
|
|
+runchecktest "test 8" pass -n 100 ${bin_true}
|
|
# pass - ptrace_attach is done before exec
|
|
-runchecktest "test 8 -c " pass -c -n 100 /bin/true
|
|
+runchecktest "test 8 -c " pass -c -n 100 ${bin_true}
|
|
runchecktest "test 8 -h" pass -h -n 100 $helper
|
|
runchecktest "test 8 -hc " pass -h -c -n 100 $helper
|
|
# pass - can px if tracer can ptrace target
|
|
-runchecktest "test 8 -h prog" pass -h -n 100 $helper /bin/true
|
|
-runchecktest "test 8 -hc prog" pass -h -c -n 100 $helper /bin/true
|
|
+runchecktest "test 8 -h prog" pass -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 8 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
|
|
|
#traced helper from unconfined
|
|
-genprofile image=$helper $helper:ix /bin/true:rux -- image=/bin/true
|
|
-runchecktest "test 9" pass -n 100 /bin/true
|
|
+genprofile image=$helper $helper:ix ${bin_true}:rux -- image=${bin_true}
|
|
+runchecktest "test 9" pass -n 100 ${bin_true}
|
|
# pass - ptrace_attach is done before exec
|
|
-runchecktest "test 9 -c " pass -c -n 100 /bin/true
|
|
+runchecktest "test 9 -c " pass -c -n 100 ${bin_true}
|
|
runchecktest "test 9 -h" pass -h -n 100 $helper
|
|
runchecktest "test 9 -hc " pass -h -c -n 100 $helper
|
|
# pass - can ux if tracer can ptrace target
|
|
-runchecktest "test 9 -h prog" pass -h -n 100 $helper /bin/true
|
|
-runchecktest "test 9 -hc prog" pass -h -c -n 100 $helper /bin/true
|
|
+runchecktest "test 9 -h prog" pass -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 9 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
|
|
|
genprofile
|
|
# fail due to no exec permission
|
|
-runchecktest "test 10" fail -n 100 /bin/true
|
|
-runchecktest "test 10 -c" fail -c -n 100 /bin/true
|
|
+runchecktest "test 10" fail -n 100 ${bin_true}
|
|
+runchecktest "test 10 -c" fail -c -n 100 ${bin_true}
|
|
runchecktest "test 10 -h" fail -h -n 100 $helper
|
|
runchecktest "test 10 -hc" fail -h -c -n 100 $helper
|
|
-runchecktest "test 10 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 10 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
+runchecktest "test 10 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 10 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
|
|
-genprofile /bin/true:ix $helper:ix
|
|
+genprofile ${bin_true}:ix $helper:ix
|
|
# fail due to missing r permission
|
|
-#runchecktest "test 11" fail -n 100 /bin/true
|
|
-#runchecktest "test 11 -c" fail -c -n 100 /bin/true
|
|
+#runchecktest "test 11" fail -n 100 ${bin_true}
|
|
+#runchecktest "test 11 -c" fail -c -n 100 ${bin_true}
|
|
#runchecktest "test 11 -h" fail -h -n 100 $helper
|
|
#runchecktest "test 11 -hc" fail -h -c -n 100 $helper
|
|
-#runchecktest "test 11 -h prog" fail -h -n 100 $helper /bin/true
|
|
-#runchecktest "test 11 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
+#runchecktest "test 11 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+#runchecktest "test 11 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
|
|
# pass allowed to ix self
|
|
-genprofile /bin/true:rix $helper:rix
|
|
-runchecktest "test 12" pass -n 100 /bin/true
|
|
-runchecktest "test 12 -c" pass -c -n 100 /bin/true
|
|
+genprofile ${bin_true}:rix $helper:rix
|
|
+runchecktest "test 12" pass -n 100 ${bin_true}
|
|
+runchecktest "test 12 -c" pass -c -n 100 ${bin_true}
|
|
runchecktest "test 12 -h" pass -h -n 100 $helper
|
|
runchecktest "test 12 -hc" pass -h -c -n 100 $helper
|
|
-runchecktest "test 12 -h prog" pass -h -n 100 $helper /bin/true
|
|
-runchecktest "test 12 -hc prog" pass -h -c -n 100 $helper /bin/true
|
|
+runchecktest "test 12 -h prog" pass -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 12 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
|
|
|
#ptraced confined app can't px - fails to unset profile
|
|
-genprofile image=$helper $helper:rix /bin/true:rpx
|
|
-runchecktest "test 13 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
+genprofile image=$helper $helper:rix ${bin_true}:rpx
|
|
+runchecktest "test 13 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
|
|
|
|
#ptraced confined app can ux - if the tracer is unconfined
|
|
#
|
|
-genprofile image=$helper $helper:rix /bin/true:rux
|
|
-runchecktest "test 14a -h prog" pass -h -n 100 $helper /bin/true
|
|
-runchecktest "test 14a -hc prog" pass -h -c -n 100 $helper /bin/true
|
|
+genprofile image=$helper $helper:rix ${bin_true}:rux
|
|
+runchecktest "test 14a -h prog" pass -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 14a -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
|
#ptraced confined app can't ux - if the tracer can't trace unconfined
|
|
-genprofile $helper:rpx -- image=$helper $helper:rix /bin/true:rux
|
|
-runchecktest "test 14b -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 14b -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
+genprofile $helper:rpx -- image=$helper $helper:rix ${bin_true}:rux
|
|
+runchecktest "test 14b -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 14b -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
|
|
#confined app can't ptrace an unconfined app
|
|
genprofile $helper:rux
|
|
runchecktest "test 15 -h" fail -h -n 100 $helper
|
|
-runchecktest "test 15 -h prog" fail -h -n 100 $helper /bin/true
|
|
+runchecktest "test 15 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
#an unconfined app can't ask a confined app to trace it
|
|
runchecktest "test 15 -hc" fail -h -c -n 100 $helper
|
|
-runchecktest "test 15 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
+runchecktest "test 15 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
|
|
#confined app can't ptrace an app confined by a different profile
|
|
genprofile $helper:rpx -- image=$helper
|
|
runchecktest "test 15 -h" fail -h -n 100 $helper
|
|
-runchecktest "test 15 -h prog" fail -h -n 100 $helper /bin/true
|
|
+runchecktest "test 15 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
#a confined app can't ask another confined app with a different profile to
|
|
#trace it
|
|
runchecktest "test 15 -hc" fail -h -c -n 100 $helper
|
|
-runchecktest "test 15 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
+runchecktest "test 15 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
|
|
|
|
|
|
diff --git a/tests/regression/apparmor/ptrace_v6.inc b/tests/regression/apparmor/ptrace_v6.inc
|
|
index 37781551..b0cf983a 100644
|
|
--- a/tests/regression/apparmor/ptrace_v6.inc
|
|
+++ b/tests/regression/apparmor/ptrace_v6.inc
|
|
@@ -25,186 +25,186 @@ genprofile image=$helper signal:ALL ptrace:tracedby:peer=unconfined
|
|
|
|
runchecktest "test 3 -h" pass -h -n 100 $helper
|
|
runchecktest "test 3 -hc " pass -h -c -n 100 $helper
|
|
-# can't exec /bin/true so fail
|
|
-runchecktest "test 3 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 3 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
+# can't exec ${bin_true} so fail
|
|
+runchecktest "test 3 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 3 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
|
|
# lack of 'r' perm is currently not working
|
|
genprofile image=$helper $helper:ix signal:ALL
|
|
runchecktest "test 4 -h" pass -h -n 100 $helper
|
|
runchecktest "test 4 -hc " pass -h -c -n 100 $helper
|
|
-# can't exec /bin/true so fail
|
|
-runchecktest "test 4 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 4 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
+# can't exec ${bin_true} so fail
|
|
+runchecktest "test 4 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 4 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
|
|
genprofile image=$helper $helper:rix signal:ALL
|
|
runchecktest "test 5 -h" pass -h -n 100 $helper
|
|
runchecktest "test 5 -hc " pass -h -c -n 100 $helper
|
|
-# can't exec /bin/true so fail
|
|
-runchecktest "test 5 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 5 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
+# can't exec ${bin_true} so fail
|
|
+runchecktest "test 5 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 5 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
|
|
-genprofile image=$helper $helper:ix /bin/true:rix signal:ALL
|
|
+genprofile image=$helper $helper:ix ${bin_true}:rix signal:ALL
|
|
runchecktest "test 6 -h" pass -h -n 100 $helper
|
|
runchecktest "test 6 -hc " pass -h -c -n 100 $helper
|
|
-runchecktest "test 6 -h prog" pass -h -n 100 $helper /bin/true
|
|
-runchecktest "test 6 -hc prog" pass -h -c -n 100 $helper /bin/true
|
|
+runchecktest "test 6 -h prog" pass -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 6 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
|
|
|
#traced child can ptrace_me to unconfined have unconfined trace them
|
|
-genprofile image=/bin/true signal:ALL
|
|
-runchecktest "test 7" pass -n 100 /bin/true
|
|
+genprofile image=${bin_true} signal:ALL
|
|
+runchecktest "test 7" pass -n 100 ${bin_true}
|
|
# pass - ptrace_attach is done in unconfined helper
|
|
-runchecktest "test 7 -c " pass -c -n 100 /bin/true
|
|
+runchecktest "test 7 -c " pass -c -n 100 ${bin_true}
|
|
runchecktest "test 7 -h" pass -h -n 100 $helper
|
|
# pass - ptrace_attach is done in unconfined helper
|
|
runchecktest "test 7 -hc " pass -h -c -n 100 $helper
|
|
-runchecktest "test 7 -h prog" pass -h -n 100 $helper /bin/true
|
|
-runchecktest "test 7 -hc prog" pass -h -c -n 100 $helper /bin/true
|
|
+runchecktest "test 7 -h prog" pass -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 7 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
|
|
|
-genprofile image=$helper $helper:ix /bin/true:rix signal:ALL
|
|
-runchecktest "test 7a" pass -n 100 /bin/true
|
|
+genprofile image=$helper $helper:ix ${bin_true}:rix signal:ALL
|
|
+runchecktest "test 7a" pass -n 100 ${bin_true}
|
|
# pass - ptrace_attach is allowed from confined process to unconfined
|
|
-runchecktest "test 7a -c " pass -c -n 100 /bin/true
|
|
+runchecktest "test 7a -c " pass -c -n 100 ${bin_true}
|
|
runchecktest "test 7a -h" pass -h -n 100 $helper
|
|
# pass - ptrace_attach is allowed from confined process to unconfined
|
|
runchecktest "test 7a -hc " pass -h -c -n 100 $helper
|
|
-runchecktest "test 7a -h prog" pass -h -n 100 $helper /bin/true
|
|
-runchecktest "test 7a -hc prog" pass -h -c -n 100 $helper /bin/true
|
|
+runchecktest "test 7a -h prog" pass -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 7a -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
|
|
|
#traced helper from unconfined
|
|
-genprofile image=$helper $helper:ix /bin/true:rpx signal:ALL -- image=/bin/true signal:ALL
|
|
-runchecktest "test 8" pass -n 100 /bin/true
|
|
+genprofile image=$helper $helper:ix ${bin_true}:rpx signal:ALL -- image=${bin_true} signal:ALL
|
|
+runchecktest "test 8" pass -n 100 ${bin_true}
|
|
# pass - ptrace_attach is done before exec
|
|
-runchecktest "test 8 -c " pass -c -n 100 /bin/true
|
|
+runchecktest "test 8 -c " pass -c -n 100 ${bin_true}
|
|
runchecktest "test 8 -h" pass -h -n 100 $helper
|
|
runchecktest "test 8 -hc " pass -h -c -n 100 $helper
|
|
# pass - can px if tracer can ptrace target
|
|
-runchecktest "test 8 -h prog" pass -h -n 100 $helper /bin/true
|
|
-runchecktest "test 8 -hc prog" pass -h -c -n 100 $helper /bin/true
|
|
+runchecktest "test 8 -h prog" pass -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 8 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
|
|
|
#traced helper from unconfined
|
|
-genprofile image=$helper $helper:ix /bin/true:rux signal:ALL -- image=/bin/true signal:ALL
|
|
-runchecktest "test 9" pass -n 100 /bin/true
|
|
+genprofile image=$helper $helper:ix ${bin_true}:rux signal:ALL -- image=${bin_true} signal:ALL
|
|
+runchecktest "test 9" pass -n 100 ${bin_true}
|
|
# pass - ptrace_attach is done before exec
|
|
-runchecktest "test 9 -c " pass -c -n 100 /bin/true
|
|
+runchecktest "test 9 -c " pass -c -n 100 ${bin_true}
|
|
runchecktest "test 9 -h" pass -h -n 100 $helper
|
|
runchecktest "test 9 -hc " pass -h -c -n 100 $helper
|
|
# pass - can ux if tracer can ptrace target
|
|
-runchecktest "test 9 -h prog" pass -h -n 100 $helper /bin/true
|
|
-runchecktest "test 9 -hc prog" pass -h -c -n 100 $helper /bin/true
|
|
+runchecktest "test 9 -h prog" pass -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 9 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
|
|
|
genprofile signal:ALL
|
|
# fail due to no exec permission
|
|
-runchecktest "test 10" fail -n 100 /bin/true
|
|
-runchecktest "test 10 -c" fail -c -n 100 /bin/true
|
|
+runchecktest "test 10" fail -n 100 ${bin_true}
|
|
+runchecktest "test 10 -c" fail -c -n 100 ${bin_true}
|
|
runchecktest "test 10 -h" fail -h -n 100 $helper
|
|
runchecktest "test 10 -hc" fail -h -c -n 100 $helper
|
|
-runchecktest "test 10 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 10 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
+runchecktest "test 10 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 10 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
|
|
-genprofile /bin/true:ix $helper:ix signal:ALL
|
|
+genprofile ${bin_true}:ix $helper:ix signal:ALL
|
|
# fail due to missing r permission
|
|
-#runchecktest "test 11" fail -n 100 /bin/true
|
|
-#runchecktest "test 11 -c" fail -c -n 100 /bin/true
|
|
+#runchecktest "test 11" fail -n 100 ${bin_true}
|
|
+#runchecktest "test 11 -c" fail -c -n 100 ${bin_true}
|
|
#runchecktest "test 11 -h" fail -h -n 100 $helper
|
|
#runchecktest "test 11 -hc" fail -h -c -n 100 $helper
|
|
-#runchecktest "test 11 -h prog" fail -h -n 100 $helper /bin/true
|
|
-#runchecktest "test 11 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
+#runchecktest "test 11 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+#runchecktest "test 11 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
|
|
# fail was pass in v5 allowed to ix self
|
|
-genprofile /bin/true:rix $helper:rix signal:ALL
|
|
-runchecktest "test 12" fail -n 100 /bin/true
|
|
-runchecktest "test 12 -c" fail -c -n 100 /bin/true
|
|
+genprofile ${bin_true}:rix $helper:rix signal:ALL
|
|
+runchecktest "test 12" fail -n 100 ${bin_true}
|
|
+runchecktest "test 12 -c" fail -c -n 100 ${bin_true}
|
|
runchecktest "test 12 -h" fail -h -n 100 $helper
|
|
runchecktest "test 12 -hc" fail -h -c -n 100 $helper
|
|
-runchecktest "test 12 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 12 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
+runchecktest "test 12 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 12 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
|
|
#ptraced confined app traced by unconfined can px
|
|
-genprofile image=$helper $helper:rix /bin/true:rpx signal:ALL -- image=/bin/true /bin/true:rix
|
|
-runchecktest "test 13u -h prog" pass -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13u -hc prog" pass -h -c -n 100 $helper /bin/true
|
|
+genprofile image=$helper $helper:rix ${bin_true}:rpx signal:ALL -- image=${bin_true} ${bin_true}:rix
|
|
+runchecktest "test 13u -h prog" pass -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13u -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
|
|
|
#ptraced confined app traced by profile without ptrace on targeted can't px
|
|
-genprofile /bin/true:rpx signal:ALL -- image=/bin/true /bin/true:rix
|
|
-runchecktest "test 13 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
+genprofile ${bin_true}:rpx signal:ALL -- image=${bin_true} ${bin_true}:rix
|
|
+runchecktest "test 13 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
|
|
|
|
#ptraced confined app can ux - if the tracer is unconfined
|
|
#
|
|
-genprofile image=$helper $helper:rix /bin/true:rux signal:ALL
|
|
-runchecktest "test 14a -h prog" pass -h -n 100 $helper /bin/true
|
|
-runchecktest "test 14a -hc prog" pass -h -c -n 100 $helper /bin/true
|
|
+genprofile image=$helper $helper:rix ${bin_true}:rux signal:ALL
|
|
+runchecktest "test 14a -h prog" pass -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 14a -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
|
#ptraced confined app can't ux - if the tracer can't trace unconfined
|
|
-genprofile $helper:rpx signal:ALL -- image=$helper $helper:rix /bin/true:rux signal:ALL
|
|
-runchecktest "test 14b -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 14b -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
+genprofile $helper:rpx signal:ALL -- image=$helper $helper:rix ${bin_true}:rux signal:ALL
|
|
+runchecktest "test 14b -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 14b -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
|
|
#confined app can't ptrace an unconfined app
|
|
genprofile $helper:rux signal:ALL
|
|
runchecktest "test 15 -h" fail -h -n 100 $helper
|
|
-runchecktest "test 15 -h prog" fail -h -n 100 $helper /bin/true
|
|
+runchecktest "test 15 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
#an unconfined app can't ask a confined app to trace it
|
|
runchecktest "test 15 -hc" fail -h -c -n 100 $helper
|
|
-runchecktest "test 15 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
+runchecktest "test 15 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
|
|
#confined app can't ptrace an app confined by a different profile
|
|
genprofile $helper:rpx signal:ALL -- image=$helper signal:ALL
|
|
runchecktest "test 15 -h" fail -h -n 100 $helper
|
|
-runchecktest "test 15 -h prog" fail -h -n 100 $helper /bin/true
|
|
+runchecktest "test 15 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
#a confined app can't ask another confined app with a different profile to
|
|
#trace it
|
|
runchecktest "test 15 -hc" fail -h -c -n 100 $helper
|
|
-runchecktest "test 15 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
+runchecktest "test 15 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
|
|
################### cap:sys_ptrace doesn't change results from above ##########################
|
|
# fail was pass in v5 allowed to ix self
|
|
-genprofile /bin/true:rix $helper:rix signal:ALL cap:sys_ptrace
|
|
-runchecktest "test 12c" fail -n 100 /bin/true
|
|
-runchecktest "test 12c -c" fail -c -n 100 /bin/true
|
|
+genprofile ${bin_true}:rix $helper:rix signal:ALL cap:sys_ptrace
|
|
+runchecktest "test 12c" fail -n 100 ${bin_true}
|
|
+runchecktest "test 12c -c" fail -c -n 100 ${bin_true}
|
|
runchecktest "test 12c -h" fail -h -n 100 $helper
|
|
runchecktest "test 12c -hc" fail -h -c -n 100 $helper
|
|
-runchecktest "test 12c -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 12c -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
+runchecktest "test 12c -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 12c -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
|
|
#ptraced confined app traced by unconfined can px
|
|
-genprofile image=$helper $helper:rix /bin/true:rpx signal:ALL cap:sys_ptrace -- image=/bin/true /bin/true:rix cap:sys_ptrace
|
|
-runchecktest "test 13cu -h prog" pass -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13cu -hc prog" pass -h -c -n 100 $helper /bin/true
|
|
+genprofile image=$helper $helper:rix ${bin_true}:rpx signal:ALL cap:sys_ptrace -- image=${bin_true} ${bin_true}:rix cap:sys_ptrace
|
|
+runchecktest "test 13cu -h prog" pass -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13cu -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
|
|
|
#ptraced confined app traced by profile without ptrace on targeted can't px
|
|
-genprofile /bin/true:rpx signal:ALL cap:sys_ptrace -- image=/bin/true /bin/true:rix cap:sys_ptrace
|
|
-runchecktest "test 13c -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13c -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
+genprofile ${bin_true}:rpx signal:ALL cap:sys_ptrace -- image=${bin_true} ${bin_true}:rix cap:sys_ptrace
|
|
+runchecktest "test 13c -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13c -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
|
|
|
|
#ptraced confined app can ux - if the tracer is unconfined
|
|
#
|
|
-genprofile image=$helper $helper:rix /bin/true:rux signal:ALL cap:sys_ptrace
|
|
-runchecktest "test 14ca -h prog" pass -h -n 100 $helper /bin/true
|
|
-runchecktest "test 14ca -hc prog" pass -h -c -n 100 $helper /bin/true
|
|
+genprofile image=$helper $helper:rix ${bin_true}:rux signal:ALL cap:sys_ptrace
|
|
+runchecktest "test 14ca -h prog" pass -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 14ca -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
|
#ptraced confined app can't ux - if the tracer can't trace unconfined
|
|
-genprofile $helper:rpx signal:ALL -- image=$helper $helper:rix /bin/true:rux signal:ALL
|
|
-runchecktest "test 14cb -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 14cb -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
+genprofile $helper:rpx signal:ALL -- image=$helper $helper:rix ${bin_true}:rux signal:ALL
|
|
+runchecktest "test 14cb -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 14cb -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
|
|
#confined app can't ptrace an unconfined app
|
|
genprofile $helper:rux signal:ALL cap:sys_ptrace
|
|
runchecktest "test 15c -h" fail -h -n 100 $helper
|
|
-runchecktest "test 15c -h prog" fail -h -n 100 $helper /bin/true
|
|
+runchecktest "test 15c -h prog" fail -h -n 100 $helper ${bin_true}
|
|
#an unconfined app can't ask a confined app to trace it
|
|
runchecktest "test 15c -hc" fail -h -c -n 100 $helper
|
|
-runchecktest "test 15c -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
+runchecktest "test 15c -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
|
|
#confined app can't ptrace an app confined by a different profile
|
|
genprofile $helper:rpx signal:ALL cap:sys_ptrace -- image=$helper signal:ALL cap:sys_ptrace
|
|
runchecktest "test 15c -h" fail -h -n 100 $helper
|
|
-runchecktest "test 15c -h prog" fail -h -n 100 $helper /bin/true
|
|
+runchecktest "test 15c -h prog" fail -h -n 100 $helper ${bin_true}
|
|
#a confined app can't ask another confined app with a different profile to
|
|
#trace it
|
|
runchecktest "test 15c -hc" fail -h -c -n 100 $helper
|
|
-runchecktest "test 15c -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
+runchecktest "test 15c -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
|
|
|
|
################################################################################
|
|
@@ -213,163 +213,163 @@ runchecktest "test 15c -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
|
|
##### Now do tests with ptrace rules in profiles #######
|
|
# pass in v5 allowed to ix self
|
|
-genprofile /bin/true:rix $helper:rix signal:ALL ptrace:ALL
|
|
-runchecktest "test 12p" pass -n 100 /bin/true
|
|
-runchecktest "test 12p -c" pass -c -n 100 /bin/true
|
|
+genprofile ${bin_true}:rix $helper:rix signal:ALL ptrace:ALL
|
|
+runchecktest "test 12p" pass -n 100 ${bin_true}
|
|
+runchecktest "test 12p -c" pass -c -n 100 ${bin_true}
|
|
runchecktest "test 12p -h" pass -h -n 100 $helper
|
|
runchecktest "test 12p -hc" pass -h -c -n 100 $helper
|
|
-runchecktest "test 12p -h prog" pass -h -n 100 $helper /bin/true
|
|
-runchecktest "test 12p -hc prog" pass -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rix $helper:rix signal:ALL ptrace:peer=$test
|
|
-runchecktest "test 12p1" pass -n 100 /bin/true
|
|
-runchecktest "test 12p1 -c" pass -c -n 100 /bin/true
|
|
+runchecktest "test 12p -h prog" pass -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 12p -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rix $helper:rix signal:ALL ptrace:peer=$test
|
|
+runchecktest "test 12p1" pass -n 100 ${bin_true}
|
|
+runchecktest "test 12p1 -c" pass -c -n 100 ${bin_true}
|
|
runchecktest "test 12p1 -h" pass -h -n 100 $helper
|
|
runchecktest "test 12p1 -hc" pass -h -c -n 100 $helper
|
|
-runchecktest "test 12p1 -h prog" pass -h -n 100 $helper /bin/true
|
|
-runchecktest "test 12p1 -hc prog" pass -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rix $helper:rix signal:ALL ptrace:peer=notaprofile
|
|
-runchecktest "test 12p2" fail -n 100 /bin/true
|
|
-runchecktest "test 12p2 -c" fail -c -n 100 /bin/true
|
|
+runchecktest "test 12p1 -h prog" pass -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 12p1 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rix $helper:rix signal:ALL ptrace:peer=notaprofile
|
|
+runchecktest "test 12p2" fail -n 100 ${bin_true}
|
|
+runchecktest "test 12p2 -c" fail -c -n 100 ${bin_true}
|
|
runchecktest "test 12p2 -h" fail -h -n 100 $helper
|
|
runchecktest "test 12p2 -hc" fail -h -c -n 100 $helper
|
|
-runchecktest "test 12p2 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 12p2 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
+runchecktest "test 12p2 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 12p2 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
|
|
|
|
#ptraced confined app traced by profile can px
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix
|
|
-runchecktest "test 13p1 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13p2 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby
|
|
-runchecktest "test 13p3 -h prog" pass -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13p4 -hc prog" pass -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=$test
|
|
-runchecktest "test 13p5 -h prog" pass -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13p6 -hc prog" pass -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=notaprofile
|
|
-runchecktest "test 13p7 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13p8 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:trace
|
|
-runchecktest "test 13p9 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13pa -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:trace:peer=$test
|
|
-runchecktest "test 13pb -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13pc -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:trace:peer=notaprofile
|
|
-runchecktest "test 13pd -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13pe -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
-
|
|
-
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=/bin/true -- image=/bin/true /bin/true:rix
|
|
-runchecktest "test 13p11 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13p21 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby
|
|
-runchecktest "test 13p31 -h prog" pass -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13p41 -hc prog" pass -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=$test
|
|
-runchecktest "test 13p51 -h prog" pass -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13p61 -hc prog" pass -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=notaprofile
|
|
-runchecktest "test 13p71 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13p81 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:trace
|
|
-runchecktest "test 13p91 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13pa1 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:trace:peer=$test
|
|
-runchecktest "test 13pb1 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13pc1 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=/bin/true -- image=/bin/true /bin/true:rix ptrace:trace:peer=notaprofile
|
|
-runchecktest "test 13pd1 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13pe1 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
-
|
|
-
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix
|
|
-runchecktest "test 13p12 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13p22 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:tracedby
|
|
-runchecktest "test 13p32 -h prog" pass -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13p42 -hc prog" pass -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=$test
|
|
-runchecktest "test 13p52 -h prog" pass -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13p62 -hc prog" pass -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=notaprofile
|
|
-runchecktest "test 13p72 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13p82 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:trace
|
|
-runchecktest "test 13p92 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13pa2 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:trace:peer=$test
|
|
-runchecktest "test 13pb2 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13pc2 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=/bin/true /bin/true:rix ptrace:trace:peer=notaprofile
|
|
-runchecktest "test 13pd2 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13pe2 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
-
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix
|
|
-runchecktest "test 13p13 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13p23 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:tracedby
|
|
-runchecktest "test 13p33 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13p43 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=$test
|
|
-runchecktest "test 13p53 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13p63 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=notaprofile
|
|
-runchecktest "test 13p73 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13p83 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:trace
|
|
-runchecktest "test 13p93 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13pa3 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:trace:peer=$test
|
|
-runchecktest "test 13pb3 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13pc3 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=/bin/true /bin/true:rix ptrace:trace:peer=notaprofile
|
|
-runchecktest "test 13pd3 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13pe3 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
-
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix
|
|
-runchecktest "test 13p14 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13p24 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby
|
|
-runchecktest "test 13p34 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13p44 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=$test
|
|
-runchecktest "test 13p54 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13p64 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=notaprofile
|
|
-runchecktest "test 13p74 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13p84 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:trace
|
|
-runchecktest "test 13p94 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13pa4 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:trace:peer=$test
|
|
-runchecktest "test 13pb4 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13pc4 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:trace:peer=notaprofile
|
|
-runchecktest "test 13pd4 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13pe4 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
-
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix
|
|
-runchecktest "test 13p15 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13p25 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby
|
|
-runchecktest "test 13p35 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13p45 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=$test
|
|
-runchecktest "test 13p55 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13p65 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:tracedby:peer=notaprofile
|
|
-runchecktest "test 13p75 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13p85 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:trace
|
|
-runchecktest "test 13p95 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13pa5 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:trace:peer=$test
|
|
-runchecktest "test 13pb5 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13pc5 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
-genprofile /bin/true:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=/bin/true /bin/true:rix ptrace:trace:peer=notaprofile
|
|
-runchecktest "test 13pd5 -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 13pe5 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix
|
|
+runchecktest "test 13p1 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13p2 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:tracedby
|
|
+runchecktest "test 13p3 -h prog" pass -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13p4 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=$test
|
|
+runchecktest "test 13p5 -h prog" pass -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13p6 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=notaprofile
|
|
+runchecktest "test 13p7 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13p8 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:trace
|
|
+runchecktest "test 13p9 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13pa -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=$test
|
|
+runchecktest "test 13pb -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13pc -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=notaprofile
|
|
+runchecktest "test 13pd -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13pe -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
+
|
|
+
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix
|
|
+runchecktest "test 13p11 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13p21 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:tracedby
|
|
+runchecktest "test 13p31 -h prog" pass -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13p41 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=$test
|
|
+runchecktest "test 13p51 -h prog" pass -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13p61 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=notaprofile
|
|
+runchecktest "test 13p71 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13p81 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:trace
|
|
+runchecktest "test 13p91 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13pa1 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=$test
|
|
+runchecktest "test 13pb1 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13pc1 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:trace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=notaprofile
|
|
+runchecktest "test 13pd1 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13pe1 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
+
|
|
+
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=${bin_true} ${bin_true}:rix
|
|
+runchecktest "test 13p12 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13p22 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=${bin_true} ${bin_true}:rix ptrace:tracedby
|
|
+runchecktest "test 13p32 -h prog" pass -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13p42 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=$test
|
|
+runchecktest "test 13p52 -h prog" pass -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13p62 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=notaprofile
|
|
+runchecktest "test 13p72 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13p82 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=${bin_true} ${bin_true}:rix ptrace:trace
|
|
+runchecktest "test 13p92 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13pa2 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=$test
|
|
+runchecktest "test 13pb2 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13pc2 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:ALL -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=notaprofile
|
|
+runchecktest "test 13pd2 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13pe2 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
+
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=${bin_true} ${bin_true}:rix
|
|
+runchecktest "test 13p13 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13p23 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=${bin_true} ${bin_true}:rix ptrace:tracedby
|
|
+runchecktest "test 13p33 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13p43 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=$test
|
|
+runchecktest "test 13p53 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13p63 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=notaprofile
|
|
+runchecktest "test 13p73 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13p83 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=${bin_true} ${bin_true}:rix ptrace:trace
|
|
+runchecktest "test 13p93 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13pa3 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=$test
|
|
+runchecktest "test 13pb3 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13pc3 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=notaprofile
|
|
+runchecktest "test 13pd3 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13pe3 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
+
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=${bin_true} ${bin_true}:rix
|
|
+runchecktest "test 13p14 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13p24 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:tracedby
|
|
+runchecktest "test 13p34 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13p44 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=$test
|
|
+runchecktest "test 13p54 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13p64 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=notaprofile
|
|
+runchecktest "test 13p74 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13p84 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:trace
|
|
+runchecktest "test 13p94 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13pa4 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=$test
|
|
+runchecktest "test 13pb4 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13pc4 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:tracedby:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=notaprofile
|
|
+runchecktest "test 13pd4 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13pe4 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
+
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=${bin_true} ${bin_true}:rix
|
|
+runchecktest "test 13p15 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13p25 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:tracedby
|
|
+runchecktest "test 13p35 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13p45 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=$test
|
|
+runchecktest "test 13p55 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13p65 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:tracedby:peer=notaprofile
|
|
+runchecktest "test 13p75 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13p85 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:trace
|
|
+runchecktest "test 13p95 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13pa5 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=$test
|
|
+runchecktest "test 13pb5 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13pc5 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
+genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=notaprofile -- image=${bin_true} ${bin_true}:rix ptrace:trace:peer=notaprofile
|
|
+runchecktest "test 13pd5 -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 13pe5 -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
|
|
|
|
### todo Variations of below tests
|
|
@@ -377,30 +377,30 @@ runchecktest "test 13pe5 -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
|
|
#ptraced confined app can ux - if the tracer is unconfined
|
|
#
|
|
-genprofile image=$helper $helper:rix /bin/true:rux signal:ALL
|
|
-runchecktest "test 14pa -h prog" pass -h -n 100 $helper /bin/true
|
|
-runchecktest "test 14pa -hc prog" pass -h -c -n 100 $helper /bin/true
|
|
+genprofile image=$helper $helper:rix ${bin_true}:rux signal:ALL
|
|
+runchecktest "test 14pa -h prog" pass -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 14pa -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
|
#ptraced confined app can't ux - if the tracer can't trace unconfined
|
|
-genprofile $helper:rpx signal:ALL -- image=$helper $helper:rix /bin/true:rux signal:ALL
|
|
-runchecktest "test 14pb -h prog" fail -h -n 100 $helper /bin/true
|
|
-runchecktest "test 14pb -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
+genprofile $helper:rpx signal:ALL -- image=$helper $helper:rix ${bin_true}:rux signal:ALL
|
|
+runchecktest "test 14pb -h prog" fail -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test 14pb -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
|
|
#confined app can't ptrace an unconfined app
|
|
genprofile $helper:rux signal:ALL
|
|
runchecktest "test 15p -h" fail -h -n 100 $helper
|
|
-runchecktest "test 15p -h prog" fail -h -n 100 $helper /bin/true
|
|
+runchecktest "test 15p -h prog" fail -h -n 100 $helper ${bin_true}
|
|
#an unconfined app can't ask a confined app to trace it
|
|
runchecktest "test 15p -hc" fail -h -c -n 100 $helper
|
|
-runchecktest "test 15p -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
+runchecktest "test 15p -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
|
|
#confined app can't ptrace an app confined by a different profile
|
|
genprofile $helper:rpx signal:ALL -- image=$helper signal:ALL
|
|
runchecktest "test 15p -h" fail -h -n 100 $helper
|
|
-runchecktest "test 15p -h prog" fail -h -n 100 $helper /bin/true
|
|
+runchecktest "test 15p -h prog" fail -h -n 100 $helper ${bin_true}
|
|
#a confined app can't ask another confined app with a different profile to
|
|
#trace it
|
|
runchecktest "test 15p -hc" fail -h -c -n 100 $helper
|
|
-runchecktest "test 15p -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
+runchecktest "test 15p -hc prog" fail -h -c -n 100 $helper ${bin_true}
|
|
|
|
# Test LP: #1390592
|
|
# The bug was a policy compilation bug that triggers in a rule such as
|
|
@@ -408,9 +408,9 @@ runchecktest "test 15p -hc prog" fail -h -c -n 100 $helper /bin/true
|
|
# a-f|A-F|0-9 to trigger the bug. A parser affected by this bug will create a
|
|
# bad binary policy that causes the kernel to unexpectedly deny the ptrace
|
|
# 'trace' of a process confined by profile ABC.
|
|
-genprofile "$helper rpx -> ABC" signal:ALL ptrace:trace:peer=ABC -- image=ABC addimage:$helper /bin/true:rix signal:ALL ptrace:tracedby:peer=$test
|
|
-runchecktest "test LP: #1390592 -h prog" pass -h -n 100 $helper /bin/true
|
|
-runchecktest "test LP: #1390592 -hc prog" pass -h -c -n 100 $helper /bin/true
|
|
+genprofile "$helper rpx -> ABC" signal:ALL ptrace:trace:peer=ABC -- image=ABC addimage:$helper ${bin_true}:rix signal:ALL ptrace:tracedby:peer=$test
|
|
+runchecktest "test LP: #1390592 -h prog" pass -h -n 100 $helper ${bin_true}
|
|
+runchecktest "test LP: #1390592 -hc prog" pass -h -c -n 100 $helper ${bin_true}
|
|
|
|
## TODO: ptrace read tests
|
|
## TODO: ptrace + change_profile
|
|
diff --git a/utils/test/fake_ldd b/utils/test/fake_ldd
|
|
index 60f5c675..afec6eba 100755
|
|
--- a/utils/test/fake_ldd
|
|
+++ b/utils/test/fake_ldd
|
|
@@ -5,7 +5,7 @@ import sys
|
|
if len(sys.argv) != 2:
|
|
raise Exception('wrong number of arguments in fake_ldd')
|
|
|
|
-if sys.argv[1] == '/AATest/bin/bash' or sys.argv[1] == '/bin/bash':
|
|
+if sys.argv[1] in ['/AATest/bin/bash', '/bin/bash', '/usr/bin/bash']:
|
|
print(' linux-vdso.so.1 (0x00007ffcf97f4000)')
|
|
print(' libreadline.so.6 => /AATest/lib64/libreadline.so.6 (0x00007f2c41324000)')
|
|
print(' libtinfo.so.6 => /AATest/lib64/libtinfo.so.6 (0x00007f2c410f9000)')
|
|
diff --git a/utils/test/test-aa.py b/utils/test/test-aa.py
|
|
index d93b8eae..56b14c6e 100644
|
|
--- a/utils/test/test-aa.py
|
|
+++ b/utils/test/test-aa.py
|
|
@@ -135,6 +135,9 @@ class AaTest_create_new_profile(AATest):
|
|
apparmor.aa.load_include('abstractions/bash')
|
|
|
|
exp_interpreter_path, exp_abstraction = expected
|
|
+ # damn symlinks!
|
|
+ if exp_interpreter_path:
|
|
+ exp_interpreter_path = os.path.realpath(exp_interpreter_path)
|
|
|
|
program = self.writeTmpfile('script', params)
|
|
profile = create_new_profile(program)
|
|
@@ -178,11 +181,8 @@ class AaTest_get_interpreter_and_abstraction(AATest):
|
|
interpreter_path, abstraction = get_interpreter_and_abstraction(program)
|
|
|
|
# damn symlinks!
|
|
- if exp_interpreter_path and os.path.islink(exp_interpreter_path):
|
|
- dirname = os.path.dirname(exp_interpreter_path)
|
|
- exp_interpreter_path = os.readlink(exp_interpreter_path)
|
|
- if not exp_interpreter_path.startswith('/'):
|
|
- exp_interpreter_path = os.path.join(dirname, exp_interpreter_path)
|
|
+ if exp_interpreter_path:
|
|
+ exp_interpreter_path = os.path.realpath(exp_interpreter_path)
|
|
|
|
self.assertEqual(interpreter_path, exp_interpreter_path)
|
|
self.assertEqual(abstraction, exp_abstraction)
|