- Image Types:
- basesdk-amd64 / minimal-armhf-internal / minimal-armhf / minimal-arm64 / minimal-amd64 / sdk-amd64 / target-armhf-internal / target-amd64
- Image Deployment:
Test that the session lockdown profile is not blocking more than it should.
- Ensure Rootfs is remounted as read/write.
- Install dependencies
- Restart the system to restore the filesystem state to read-only before running the test.
$ sudo mount -o remount,rw /
$ sudo apt install apertis-tests-apparmor-report apparmor-utils aa-status
$ sudo reboot
- Ensure pulseaudio is running:
- No need to check the output of the command.
- Now ensure AppArmor is enabled and working, by running aa-status:
- Then ensure the audit log file has no AppArmor complaints:
$ pactl stat
$ sudo aa-status
$ sudo journalctl -b -t audit -o cat | ./aa_log_extract_tokens.sh DENIED
aa-status should show at least the following processes in complain mode:
And at least the following processes in enforce mode:
Note that there may be processes in other modes, such as in enforce mode, uncontained, or complain mode. Also note that the confinement status of profiles is irrelevant.
The aa_log_extract_tokens.sh command above should have no output.