On Mon, Sep 22, 2014 at 07:09:14PM -0500, Tyler Hicks wrote: > The client will now do a getsockname() on its socket in order to test > the AppArmor 'getattr' unix rule permission. > > Signed-off-by: Tyler Hicks <[email protected]>
Acked-by: Steve Beattie <[email protected]> Though I'd like to see a couple of future changes: 1) only the client needs the getattr permission, would be better to only grant it there. 2) negative test for the getattr permission on the client. Thanks. > diff --git a/tests/regression/apparmor/unix_socket_pathname.sh > b/tests/regression/apparmor/unix_socket_pathname.sh > index af73593..78f62b4 100755 > --- a/tests/regression/apparmor/unix_socket_pathname.sh > +++ b/tests/regression/apparmor/unix_socket_pathname.sh > @@ -49,9 +49,10 @@ fi > # af_unix support requires 'unix create' to call socket() > # af_unix support requires 'unix getopt' to call getsockopt() > # af_unix support requires 'unix setopt' to call setsockopt() > +# af_unix support requires 'unix getattr' to call getsockname() > af_unix= > if [ "$(have_features network/af_unix)" == "true" ] ; then > - af_unix="unix:(create,getopt,setopt)" > + af_unix="unix:(create,getopt,setopt,getattr)" > fi > > okclient=rw -- Steve Beattie <[email protected]> http://NxNW.org/~steve/
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
