1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
summary: Check security profile generation for apps and hooks.
details: |
This test verifies that profiles are properly generated and loaded for
a set of apps and hooks.
prepare: |
snap pack "$TESTSLIB"/snaps/basic-hooks
execute: |
if [ "$(snap debug confinement)" = partial ] ; then
exit 0
fi
seccomp_profile_directory="/var/lib/snapd/seccomp/bpf"
echo "Security profiles are generated and loaded for apps"
"$TESTSTOOLS"/snaps-state install-local test-snapd-tools
loaded_profiles=$(cat /sys/kernel/security/apparmor/profiles)
for profile in snap.test-snapd-tools.block snap.test-snapd-tools.cat snap.test-snapd-tools.echo snap.test-snapd-tools.fail snap.test-snapd-tools.success
do
MATCH "^${profile} \\(enforce\\)$" <<<"$loaded_profiles"
[ -f "$seccomp_profile_directory/${profile}.bin2" ]
done
echo "Security profiles are generated and loaded for hooks"
snap install --dangerous basic-hooks_1.0_all.snap
loaded_profiles=$(cat /sys/kernel/security/apparmor/profiles)
echo "$loaded_profiles" | MATCH '^snap.basic-hooks.hook.configure \(enforce\)$'
[ -f "$seccomp_profile_directory/snap.basic-hooks.hook.configure.bin2" ]
|
