← Back to team overview

kernel-packages team mailing list archive

[Bug 1373172] Re: unix_socket_unnamed.sh confined server dgram peer label tests fail

 

** Description changed:

  The AF_UNIX unnamed dgram tests that involve a peer label are failing.
  Note that only the dgram tests of unix_socket_unnamed.sh result in this
  failure. The identical stream and seqpacket tests pass. It seems like
  the socket labeling may be applied differently between connected and
  connectionless sockets.
+ 
+ Note that you need a branch of lp:apparmor at r2715 or newer plus the
+ following patch to reproduce this failure:
+ 
+   https://lists.ubuntu.com/archives/apparmor/2014-September/006534.html
  
  * The test failures:
  
  Error: unix_socket failed. Test 'AF_UNIX unnamed socket (dgram); confined server (peer label w/ implicit perms)' was expected to 'pass'. Reason for failure 'FAIL CLIENT - sendto: Permission denied
  FAIL - recvfrom: Resource temporarily unavailable'
  
  Error: unix_socket failed. Test 'AF_UNIX unnamed socket (dgram); confined server (peer label w/ explicit perms)' was expected to 'pass'. Reason for failure 'FAIL CLIENT - sendto: Permission denied
  FAIL - recvfrom: Resource temporarily unavailable'
  
  Error: unix_socket failed. Test 'AF_UNIX unnamed socket (dgram); confined server (peer label, peer addr)' was expected to 'pass'. Reason for failure 'FAIL CLIENT - sendto: Permission denied
  FAIL - recvfrom: Resource temporarily unavailable'
  
  Error: unix_socket failed. Test 'AF_UNIX unnamed socket (dgram); confined server (type, peer label, peer addr)' was expected to 'pass'. Reason for failure 'FAIL CLIENT - sendto: Permission denied
  FAIL - recvfrom: Resource temporarily unavailable'
  
  Error: unix_socket failed. Test 'AF_UNIX unnamed socket (dgram); confined server (type, addr, peer label)' was expected to 'pass'. Reason for failure 'FAIL CLIENT - sendto: Permission denied
  FAIL - recvfrom: Resource temporarily unavailable'
  
  Error: unix_socket failed. Test 'AF_UNIX unnamed socket (dgram); confined server (type, addr, peer label, peer addr)' was expected to 'pass'. Reason for failure 'FAIL CLIENT - sendto: Permission denied
  FAIL - recvfrom: Resource temporarily unavailable'
  
  * The denial from the first failed test is:
  
  apparmor="DENIED" operation="sendmsg"
  profile="/home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket"
  pid=15736 comm="unix_socket_cli" family="unix" sock_type="dgram"
  protocol=0 requested_mask="receive" denied_mask="receive" addr=none
  peer_addr=none peer="unconfined"
  
  * The profile for the first failed test is:
  
  /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket {
-   /etc/ld.so.cache r,
-   /proc/*/attr/current w,
-   /dev/urandom r,
-   /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket rix,
-   /lib/x86_64-linux-gnu/libc-2.19.so mr,
-   /lib/x86_64-linux-gnu/ld-2.19.so rix,
-   /tmp/sdtest.14144-11270-bx3zOK/output.unix_socket w,
-   /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket_client Ux,
-   unix (create,getopt,setopt,shutdown),
-   unix  peer=(label=/home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket),
+   /etc/ld.so.cache r,
+   /proc/*/attr/current w,
+   /dev/urandom r,
+   /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket rix,
+   /lib/x86_64-linux-gnu/libc-2.19.so mr,
+   /lib/x86_64-linux-gnu/ld-2.19.so rix,
+   /tmp/sdtest.14144-11270-bx3zOK/output.unix_socket w,
+   /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket_client Ux,
+   unix (create,getopt,setopt,shutdown),
+   unix  peer=(label=/home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket),
  }
- --- 
+ ---
  ApportVersion: 2.14.7-0ubuntu2
  Architecture: amd64
  DistroRelease: Ubuntu 14.10
  HibernationDevice: RESUME=UUID=4001a47a-4b23-4a0a-9301-da2c20cb2d34
  InstallationDate: Installed on 2014-05-01 (145 days ago)
  InstallationMedia: Ubuntu 14.10 "Utopic Unicorn" - Alpha amd64 (20140501)
  IwConfig:
-  eth0      no wireless extensions.
-  
-  lo        no wireless extensions.
+  eth0      no wireless extensions.
+ 
+  lo        no wireless extensions.
  Lsusb: Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
  MachineType: QEMU Standard PC (i440FX + PIIX, 1996)
  Package: linux (not installed)
  ProcFB:
-  
+ 
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.16.0-17-generic root=UUID=9f38a1c7-dfce-4e54-b8d9-5d6ee0b7874c ro quiet splash
  ProcVersionSignature: User Name 3.16.0-17.23-generic 3.16.3
  RelatedPackageVersions:
-  linux-restricted-modules-3.16.0-17-generic N/A
-  linux-backports-modules-3.16.0-17-generic  N/A
-  linux-firmware                             1.134
+  linux-restricted-modules-3.16.0-17-generic N/A
+  linux-backports-modules-3.16.0-17-generic  N/A
+  linux-firmware                             1.134
  RfKill:
-  
+ 
  Tags:  utopic
  Uname: Linux 3.16.0-17-generic x86_64
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo
  _MarkForUpload: True
  dmi.bios.date: 01/01/2011
  dmi.bios.vendor: Bochs
  dmi.bios.version: Bochs
  dmi.chassis.type: 1
  dmi.chassis.vendor: Bochs
  dmi.modalias: dmi:bvnBochs:bvrBochs:bd01/01/2011:svnQEMU:pnStandardPC(i440FX+PIIX,1996):pvrpc-i440fx-trusty:cvnBochs:ct1:cvr:
  dmi.product.name: Standard PC (i440FX + PIIX, 1996)
  dmi.product.version: pc-i440fx-trusty
  dmi.sys.vendor: QEMU

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1373172

Title:
  unix_socket_unnamed.sh confined server dgram peer label tests fail

Status in “linux” package in Ubuntu:
  Triaged

Bug description:
  The AF_UNIX unnamed dgram tests that involve a peer label are failing.
  Note that only the dgram tests of unix_socket_unnamed.sh result in
  this failure. The identical stream and seqpacket tests pass. It seems
  like the socket labeling may be applied differently between connected
  and connectionless sockets.

  Note that you need a branch of lp:apparmor at r2715 or newer plus the
  following patch to reproduce this failure:

  https://lists.ubuntu.com/archives/apparmor/2014-September/006534.html

  * The test failures:

  Error: unix_socket failed. Test 'AF_UNIX unnamed socket (dgram); confined server (peer label w/ implicit perms)' was expected to 'pass'. Reason for failure 'FAIL CLIENT - sendto: Permission denied
  FAIL - recvfrom: Resource temporarily unavailable'

  Error: unix_socket failed. Test 'AF_UNIX unnamed socket (dgram); confined server (peer label w/ explicit perms)' was expected to 'pass'. Reason for failure 'FAIL CLIENT - sendto: Permission denied
  FAIL - recvfrom: Resource temporarily unavailable'

  Error: unix_socket failed. Test 'AF_UNIX unnamed socket (dgram); confined server (peer label, peer addr)' was expected to 'pass'. Reason for failure 'FAIL CLIENT - sendto: Permission denied
  FAIL - recvfrom: Resource temporarily unavailable'

  Error: unix_socket failed. Test 'AF_UNIX unnamed socket (dgram); confined server (type, peer label, peer addr)' was expected to 'pass'. Reason for failure 'FAIL CLIENT - sendto: Permission denied
  FAIL - recvfrom: Resource temporarily unavailable'

  Error: unix_socket failed. Test 'AF_UNIX unnamed socket (dgram); confined server (type, addr, peer label)' was expected to 'pass'. Reason for failure 'FAIL CLIENT - sendto: Permission denied
  FAIL - recvfrom: Resource temporarily unavailable'

  Error: unix_socket failed. Test 'AF_UNIX unnamed socket (dgram); confined server (type, addr, peer label, peer addr)' was expected to 'pass'. Reason for failure 'FAIL CLIENT - sendto: Permission denied
  FAIL - recvfrom: Resource temporarily unavailable'

  * The denial from the first failed test is:

  apparmor="DENIED" operation="sendmsg"
  profile="/home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket"
  pid=15736 comm="unix_socket_cli" family="unix" sock_type="dgram"
  protocol=0 requested_mask="receive" denied_mask="receive" addr=none
  peer_addr=none peer="unconfined"

  * The profile for the first failed test is:

  /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket {
    /etc/ld.so.cache r,
    /proc/*/attr/current w,
    /dev/urandom r,
    /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket rix,
    /lib/x86_64-linux-gnu/libc-2.19.so mr,
    /lib/x86_64-linux-gnu/ld-2.19.so rix,
    /tmp/sdtest.14144-11270-bx3zOK/output.unix_socket w,
    /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket_client Ux,
    unix (create,getopt,setopt,shutdown),
    unix  peer=(label=/home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket),
  }
  ---
  ApportVersion: 2.14.7-0ubuntu2
  Architecture: amd64
  DistroRelease: Ubuntu 14.10
  HibernationDevice: RESUME=UUID=4001a47a-4b23-4a0a-9301-da2c20cb2d34
  InstallationDate: Installed on 2014-05-01 (145 days ago)
  InstallationMedia: Ubuntu 14.10 "Utopic Unicorn" - Alpha amd64 (20140501)
  IwConfig:
   eth0      no wireless extensions.

   lo        no wireless extensions.
  Lsusb: Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
  MachineType: QEMU Standard PC (i440FX + PIIX, 1996)
  Package: linux (not installed)
  ProcFB:

  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.16.0-17-generic root=UUID=9f38a1c7-dfce-4e54-b8d9-5d6ee0b7874c ro quiet splash
  ProcVersionSignature: User Name 3.16.0-17.23-generic 3.16.3
  RelatedPackageVersions:
   linux-restricted-modules-3.16.0-17-generic N/A
   linux-backports-modules-3.16.0-17-generic  N/A
   linux-firmware                             1.134
  RfKill:

  Tags:  utopic
  Uname: Linux 3.16.0-17-generic x86_64
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo
  _MarkForUpload: True
  dmi.bios.date: 01/01/2011
  dmi.bios.vendor: Bochs
  dmi.bios.version: Bochs
  dmi.chassis.type: 1
  dmi.chassis.vendor: Bochs
  dmi.modalias: dmi:bvnBochs:bvrBochs:bd01/01/2011:svnQEMU:pnStandardPC(i440FX+PIIX,1996):pvrpc-i440fx-trusty:cvnBochs:ct1:cvr:
  dmi.product.name: Standard PC (i440FX + PIIX, 1996)
  dmi.product.version: pc-i440fx-trusty
  dmi.sys.vendor: QEMU

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1373172/+subscriptions


References