[apparmor] [PATCH] tests: Add ptrace tests for LP: #1390592
Steve Beattie
steve at nxnw.org
Thu Nov 13 08:50:30 UTC 2014
On Thu, Nov 13, 2014 at 01:07:54AM -0600, Tyler Hicks wrote:
> These regression tests are for an Ubuntu-specific bug. However, they
> should benefit the upstream project, as well. Ubuntu took an incomplete
> version of a patch, which introduced the bug. The version of that patch
> that landed upstream did not contain the bug.
>
> The bug was in policy compilation of certain combinations of rule types,
> conditionals, and conditional values. The easiest such combination to
> test is a rule such as:
>
> ptrace peer=ABC,
>
> Buggy parsers will generate binary policy that causes the kernel to deny
> a ptrace of a process confined by ABC, despite the presence of the above
> rule.
>
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
Acked-by: Steve Beattie <steve at nxnw.org>
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20141113/11a27a22/attachment.pgp>
More information about the AppArmor
mailing list