apparmor-functional-demo automated


Image Types:
basesdk-amd64 / fixedfunction-armhf / fixedfunction-arm64 / fixedfunction-amd64 / hmi-armhf / hmi-amd64 / sdk-amd64
Image Deployment:


Show some main AppArmor functionalities, like transitions, net access or resource permissions, under the form of tests.

Pre Conditions

  1. Ensure Rootfs is remounted as read/write.
  2. $ sudo mount -o remount,rw /
  3. Install dependencies
  4. $ sudo apt install bash apparmor-demo busybox apertis-tests-apparmor-report
  5. Restart the system to restore the filesystem state to read-only before running the test.
  6. $ sudo reboot
  7. Clone the tests repository from another computer (Note that the branch being tested may change depending on the release, please make sure to clone the correct branch for the release in question):
  8. $ git clone --branch apertis/v2023
  9. Copy the test directory apertis-tests to the target device:
  10. $ DUT_IP=<device-ip>
    $ scp -r apertis-tests user@$DUT_IP:
  11. Log into the target device:
  12. $ ssh user@$DUT_IP

Execution Steps

  1. Enter test directory:
  2. $ cd apertis-tests
  3. Execute the following commands:
  4. $ common/run-test-in-systemd --name=apparmor-functional-demo --timeout=90 /usr/lib/apparmor-demo/lava_run_tests
    $ sudo journalctl -b -t audit -o cat | /usr/bin/ ALLOWED DENIED


The /usr/lib/apparmor-demo/lava_run_tests script should return 0. The return value indicates the number of tests which failed. A similar output will be shown:

/usr/lib/apparmor-demo/ PASSED - /tmp/apparmor-demo/sdtest.6406-11853-I7WUoO

/usr/lib/apparmor-demo/ FAILED - /tmp/apparmor-demo/sdtest.6704-7180-0VTgAJ


  • Some of the tests included are taken from AppArmor upstream, some are locally developed.