Skip to content
Snippets Groups Projects
Commit 065e15e8 authored by Luis Araujo's avatar Luis Araujo Committed by Emanuele Aina
Browse files

Automate apparmor-session-lockdown-no-deny test case


Update test case to use the automated script.

Signed-off-by: default avatarLuis Araujo <luis.araujo@collabora.co.uk>
parent df54bce9
No related branches found
No related tags found
No related merge requests found
......@@ -8,38 +8,40 @@ metadata:
image-deployment:
- APT
type: functional
exec-type: manual
exec-type: automated
priority: medium
maintainer: "Apertis Project"
description: "Test that the session lockdown profile is not blocking more than
it should."
macro_install_packages_preconditions: apertis-tests-apparmor-report
apparmor-utils
aa-status
expected:
- "aa-status should show at least the following processes in complain mode:"
- |
>/usr/bin/Xorg
/usr/sbin/connmand
- "And at least the following processes in enforce mode:"
- "Script should report 'pass' for all the tests, something like:"
- |
>/usr/bin/pulseaudio
/usr/lib/tracker/tracker-miner-fs
/usr/lib/tracker/tracker-store
/usr/sbin/ofonod
- "Note that there may be processes in other modes, such as in enforce mode,
uncontained, or complain mode. Also note that the confinement status of
profiles is irrelevant."
- "The aa_log_extract_tokens.sh command above should have no output."
>RESULT:pulseaudio_running:pass
RESULT:apparmor_enabled:pass
RESULT:/usr/sbin/connmand_complain_mode:pass
RESULT:/usr/bin/pulseaudio_enforce_mode:pass
RESULT:/usr/lib/tracker/tracker-miner-fs_enforce_mode:pass
RESULT:/usr/lib/tracker/tracker-store_enforce_mode:pass
RESULT:/usr/sbin/ofonod_enforce_mode:pass
RESULT:audit_log_complaints:pass
install:
deps:
- apertis-tests-apparmor-report
- apparmor-utils
- aa-status
- python3
git-repos:
- url: https://gitlab.apertis.org/infrastructure/apertis-tests.git
branch: 'apertis/v2021dev1'
run:
steps:
- "Ensure pulseaudio is running:"
- $ pactl stat
- "No need to check the output of the command."
- "Now ensure AppArmor is enabled and working, by running aa-status:"
- $ sudo aa-status
- "Then ensure the audit log file has no AppArmor complaints:"
- $ sudo journalctl -b -t audit -o cat | aa_log_extract_tokens.sh DENIED
- "# Enter test directory:"
- cd apertis-tests
- "# Execute the following command:"
- common/run-test-in-systemd --timeout=900 --user=user --basename apparmor/apparmor-session-lockdown-no-deny.py
parse:
pattern: 'RESULT:(?P<test_case_id>[^:]+):(?P<result>\w+)'
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment