projects / mirror_lxc.git / blame
| Commit | Line | Data |
|---|---|---|
| e7311a84 WB |
1 | #!/bin/sh |
| 2 | ||
| 3 | # lxc: linux Container library | |
| 4 | ||
| 5 | # This is a test script for generated apparmor profiles | |
| 6 | ||
| 7 | # This library is free software; you can redistribute it and/or | |
| 8 | # modify it under the terms of the GNU Lesser General Public | |
| 9 | # License as published by the Free Software Foundation; either | |
| 10 | # version 2.1 of the License, or (at your option) any later version. | |
| 11 | ||
| 12 | # This library is distributed in the hope that it will be useful, | |
| 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
| 15 | # Lesser General Public License for more details. | |
| 16 | ||
| 17 | # You should have received a copy of the GNU Lesser General Public | |
| 18 | # License along with this library; if not, write to the Free Software | |
| 19 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA | |
| 20 | ||
| 21 | if ! which apparmor_parser >/dev/null 2>&1; then | |
| 22 | echo 'SKIP: test for generated apparmor profiles: apparmor_parser missing' | |
| 23 | fi | |
| 24 | exit 0 | |
| 25 | ||
| 26 | DONE=0 | |
| e7311a84 WB |
27 | LOGFILE="/tmp/lxc-test-$$.log" |
| 28 | cleanup() { | |
| 29 | lxc-destroy -n $CONTAINER_NAME >/dev/null 2>&1 || true | |
| 30 | ||
| 31 | if [ $DONE -eq 0 ]; then | |
| 32 | [ -f "$LOGFILE" ] && cat "$LOGFILE" >&2 | |
| 33 | rm -f "$LOGFILE" | |
| 34 | echo "FAIL" | |
| 35 | exit 1 | |
| 36 | fi | |
| 37 | rm -f "$LOGFILE" | |
| 38 | echo "PASS" | |
| 39 | } | |
| 40 | ||
| e7311a84 WB |
41 | trap cleanup EXIT HUP INT TERM |
| 42 | set -eu | |
| 43 | ||
| 44 | # Create a container | |
| 45 | CONTAINER_NAME=lxc-test-apparmor-generated | |
| 46 | ||
| acd792c9 | 47 | lxc-create -t busybox -n $CONTAINER_NAME -B dir |
| e7311a84 WB |
48 | CONTAINER_PATH=$(dirname $(lxc-info -n $CONTAINER_NAME -c lxc.rootfs.path -H) | sed -e 's/dir://') |
| 49 | cp $CONTAINER_PATH/config $CONTAINER_PATH/config.bak | |
| 50 | ||
| 51 | # Set the profile to be auto-generated | |
| 52 | echo "lxc.apparmor.profile = generated" >> $CONTAINER_PATH/config | |
| 53 | ||
| 54 | # Start it | |
| 55 | lxc-start -n $CONTAINER_NAME -lDEBUG -o "$LOGFILE" | |
| 56 | lxc-wait -n $CONTAINER_NAME -t 5 -s RUNNING || (echo "Container didn't start" && exit 1) | |
| 57 | pid=`lxc-info -p -H -n $CONTAINER_NAME` | |
| 58 | profile=`cat /proc/$pid/attr/current` | |
| 59 | expected_profile="lxc-${CONTAINER_NAME}_</var/lib/lxc>//&:lxc-${CONTAINER_NAME}_<-var-lib-lxc>:unconfined (enforce)" | |
| 60 | lxc-stop -n $CONTAINER_NAME -k | |
| 61 | if [ "x$profile" != "x$expected_profile" ]; then | |
| 62 | echo "FAIL: container was in profile $profile" >&2 | |
| 63 | echo "expected profile: $expected_profile" >&2 | |
| 64 | exit 1 | |
| 65 | fi | |
| 66 | ||
| 67 | DONE=1 |