1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
summary: Check basic apparmor confinement rules.
details: |
Check that a strictly confined snap can access paths available to it
but accesses to paths out of its confinement are denied.
prepare: |
echo "Given a basic snap is installed"
"$TESTSTOOLS"/snaps-state install-local test-snapd-sh
execute: |
if [ "$(snap debug confinement)" = partial ] ; then
exit 0
fi
echo "Then an unconfined action should succeed"
test-snapd-sh.sh -c 'touch /dev/shm/snap.test-snapd-sh.foo'
test -f /dev/shm/snap.test-snapd-sh.foo
echo "Then a confined action should fail"
if test-snapd-sh.sh -c 'touch /dev/shm/snap.not-test-snapd-sh.foo' 2>touch.error; then
echo "Expected error"
exit 1
fi
MATCH "touch: cannot touch '/dev/shm/snap.not-test-snapd-sh.foo': Permission denied" <touch.error
|
