apparmor-tumbler automated

medium

Image Types:
basesdk-amd64 / sdk-amd64 / target-armhf-internal / target-armhf / target-amd64
Image Deployment:
APT, OSTree
Type:
functional

Description

Tests that the tumbler AppArmor profile doesn't cause false negatives and that it does not allow arbitrary reading of files in the home directory.


Pre Conditions

  1. Clone the tests repository from another computer (Note that the branch being tested may change depending on the release, please make sure to clone the correct branch for the release in question):
  2. $ git clone --branch apertis/v2021pre https://gitlab.apertis.org/tests/apparmor-tumbler.git
  3. Copy the test directory apparmor-tumbler to the target device:
  4. $ DUT_IP=<device-ip>
    $ scp -r apparmor-tumbler user@$DUT_IP:
  5. Log into the target device:
  6. $ ssh user@$DUT_IP

Execution Steps

  1. Enter test directory:
  2. $ cd apparmor-tumbler
  3. Execute the following commands:
  4. $ common/run-test-in-systemd --name run-test-sh --timeout 900 ./run-test.sh

Expected

Both tests should report pass and not fail:

tumbler.normal.expected: pass

tumbler.malicious.expected: pass

Notes

  • The results of the tests printed to the standard output are enough to determine whether they passed or fail.
  • If you get a failure and need to report a bug please check journalctl, run the test case again, and add the logs you get to the bug report.