kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #81428
[Bug 1373172] [NEW] unix_socket_unnamed.sh confined server dgram peer label tests fail
Public bug reported:
The AF_UNIX unnamed dgram tests that involve a peer label are failing.
Note that only the dgram tests of unix_socket_unnamed.sh result in this
failure. The identical stream and seqpacket tests pass. It seems like
the socket labeling may be applied differently between connected and
connectionless sockets.
* The test failures:
Error: unix_socket failed. Test 'AF_UNIX unnamed socket (dgram); confined server (peer label w/ implicit perms)' was expected to 'pass'. Reason for failure 'FAIL CLIENT - sendto: Permission denied
FAIL - recvfrom: Resource temporarily unavailable'
Error: unix_socket failed. Test 'AF_UNIX unnamed socket (dgram); confined server (peer label w/ explicit perms)' was expected to 'pass'. Reason for failure 'FAIL CLIENT - sendto: Permission denied
FAIL - recvfrom: Resource temporarily unavailable'
Error: unix_socket failed. Test 'AF_UNIX unnamed socket (dgram); confined server (peer label, peer addr)' was expected to 'pass'. Reason for failure 'FAIL CLIENT - sendto: Permission denied
FAIL - recvfrom: Resource temporarily unavailable'
Error: unix_socket failed. Test 'AF_UNIX unnamed socket (dgram); confined server (type, peer label, peer addr)' was expected to 'pass'. Reason for failure 'FAIL CLIENT - sendto: Permission denied
FAIL - recvfrom: Resource temporarily unavailable'
Error: unix_socket failed. Test 'AF_UNIX unnamed socket (dgram); confined server (type, addr, peer label)' was expected to 'pass'. Reason for failure 'FAIL CLIENT - sendto: Permission denied
FAIL - recvfrom: Resource temporarily unavailable'
Error: unix_socket failed. Test 'AF_UNIX unnamed socket (dgram); confined server (type, addr, peer label, peer addr)' was expected to 'pass'. Reason for failure 'FAIL CLIENT - sendto: Permission denied
FAIL - recvfrom: Resource temporarily unavailable'
* The denial from the first failed test is:
apparmor="DENIED" operation="sendmsg"
profile="/home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket"
pid=15736 comm="unix_socket_cli" family="unix" sock_type="dgram"
protocol=0 requested_mask="receive" denied_mask="receive" addr=none
peer_addr=none peer="unconfined"
* The profile for the first failed test is:
/home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket {
/etc/ld.so.cache r,
/proc/*/attr/current w,
/dev/urandom r,
/home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket rix,
/lib/x86_64-linux-gnu/libc-2.19.so mr,
/lib/x86_64-linux-gnu/ld-2.19.so rix,
/tmp/sdtest.14144-11270-bx3zOK/output.unix_socket w,
/home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket_client Ux,
unix (create,getopt,setopt,shutdown),
unix peer=(label=/home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket),
}
** Affects: linux (Ubuntu)
Importance: High
Assignee: John Johansen (jjohansen)
Status: Triaged
** Tags: apparmor bot-stop-nagging
** Attachment added: "strace of first test failure"
https://bugs.launchpad.net/bugs/1373172/+attachment/4212937/+files/strace
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1373172
Title:
unix_socket_unnamed.sh confined server dgram peer label tests fail
Status in “linux” package in Ubuntu:
Triaged
Bug description:
The AF_UNIX unnamed dgram tests that involve a peer label are failing.
Note that only the dgram tests of unix_socket_unnamed.sh result in
this failure. The identical stream and seqpacket tests pass. It seems
like the socket labeling may be applied differently between connected
and connectionless sockets.
* The test failures:
Error: unix_socket failed. Test 'AF_UNIX unnamed socket (dgram); confined server (peer label w/ implicit perms)' was expected to 'pass'. Reason for failure 'FAIL CLIENT - sendto: Permission denied
FAIL - recvfrom: Resource temporarily unavailable'
Error: unix_socket failed. Test 'AF_UNIX unnamed socket (dgram); confined server (peer label w/ explicit perms)' was expected to 'pass'. Reason for failure 'FAIL CLIENT - sendto: Permission denied
FAIL - recvfrom: Resource temporarily unavailable'
Error: unix_socket failed. Test 'AF_UNIX unnamed socket (dgram); confined server (peer label, peer addr)' was expected to 'pass'. Reason for failure 'FAIL CLIENT - sendto: Permission denied
FAIL - recvfrom: Resource temporarily unavailable'
Error: unix_socket failed. Test 'AF_UNIX unnamed socket (dgram); confined server (type, peer label, peer addr)' was expected to 'pass'. Reason for failure 'FAIL CLIENT - sendto: Permission denied
FAIL - recvfrom: Resource temporarily unavailable'
Error: unix_socket failed. Test 'AF_UNIX unnamed socket (dgram); confined server (type, addr, peer label)' was expected to 'pass'. Reason for failure 'FAIL CLIENT - sendto: Permission denied
FAIL - recvfrom: Resource temporarily unavailable'
Error: unix_socket failed. Test 'AF_UNIX unnamed socket (dgram); confined server (type, addr, peer label, peer addr)' was expected to 'pass'. Reason for failure 'FAIL CLIENT - sendto: Permission denied
FAIL - recvfrom: Resource temporarily unavailable'
* The denial from the first failed test is:
apparmor="DENIED" operation="sendmsg"
profile="/home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket"
pid=15736 comm="unix_socket_cli" family="unix" sock_type="dgram"
protocol=0 requested_mask="receive" denied_mask="receive" addr=none
peer_addr=none peer="unconfined"
* The profile for the first failed test is:
/home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket {
/etc/ld.so.cache r,
/proc/*/attr/current w,
/dev/urandom r,
/home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket rix,
/lib/x86_64-linux-gnu/libc-2.19.so mr,
/lib/x86_64-linux-gnu/ld-2.19.so rix,
/tmp/sdtest.14144-11270-bx3zOK/output.unix_socket w,
/home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket_client Ux,
unix (create,getopt,setopt,shutdown),
unix peer=(label=/home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket),
}
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1373172/+subscriptions
Follow ups
-
[Bug 1373172] Re: unix_socket_unnamed.sh confined server dgram peer label tests fail
From: Tyler Hicks, 2014-09-30
-
[Bug 1373172] Re: unix_socket_unnamed.sh confined server dgram peer label tests fail
From: Tyler Hicks, 2014-09-30
-
[Bug 1373172] WifiSyslog.txt
From: Tyler Hicks, 2014-09-24
-
[Bug 1373172] UdevLog.txt
From: Tyler Hicks, 2014-09-24
-
[Bug 1373172] UdevDb.txt
From: Tyler Hicks, 2014-09-24
-
[Bug 1373172] PulseList.txt
From: Tyler Hicks, 2014-09-24
-
[Bug 1373172] ProcModules.txt
From: Tyler Hicks, 2014-09-24
-
[Bug 1373172] ProcInterrupts.txt
From: Tyler Hicks, 2014-09-24
-
[Bug 1373172] ProcEnviron.txt
From: Tyler Hicks, 2014-09-24
-
[Bug 1373172] ProcCpuinfo.txt
From: Tyler Hicks, 2014-09-24
-
[Bug 1373172] Lspci.txt
From: Tyler Hicks, 2014-09-24
-
[Bug 1373172] CurrentDmesg.txt
From: Tyler Hicks, 2014-09-24
-
[Bug 1373172] CRDA.txt
From: Tyler Hicks, 2014-09-24
-
[Bug 1373172] BootDmesg.txt
From: Tyler Hicks, 2014-09-24
-
[Bug 1373172] AudioDevicesInUse.txt
From: Tyler Hicks, 2014-09-24
-
[Bug 1373172] Re: unix_socket_unnamed.sh confined server dgram peer label tests fail
From: Tyler Hicks, 2014-09-24
-
[Bug 1373172] [NEW] unix_socket_unnamed.sh confined server dgram peer label tests fail
From: Tyler Hicks, 2014-09-24
References
