The AF_UNIX unnamed dgram tests that involve a peer label are failing. Note that only the dgram tests of unix_socket_unnamed.sh result in this failure. The identical stream and seqpacket tests pass. It seems like the socket labeling may be applied differently between connected and connectionless sockets.
Note that you need a branch of lp:apparmor at r2716 or newer to reproduce this failure.
* The test failures:
Error: unix_socket failed. Test 'AF_UNIX unnamed socket (dgram); confined server (peer label w/ implicit perms)' was expected to 'pass'. Reason for failure 'FAIL CLIENT - sendto: Permission denied
FAIL - recvfrom: Resource temporarily unavailable'
Error: unix_socket failed. Test 'AF_UNIX unnamed socket (dgram); confined server (peer label w/ explicit perms)' was expected to 'pass'. Reason for failure 'FAIL CLIENT - sendto: Permission denied
FAIL - recvfrom: Resource temporarily unavailable'
Error: unix_socket failed. Test 'AF_UNIX unnamed socket (dgram); confined server (peer label, peer addr)' was expected to 'pass'. Reason for failure 'FAIL CLIENT - sendto: Permission denied
FAIL - recvfrom: Resource temporarily unavailable'
Error: unix_socket failed. Test 'AF_UNIX unnamed socket (dgram); confined server (type, peer label, peer addr)' was expected to 'pass'. Reason for failure 'FAIL CLIENT - sendto: Permission denied
FAIL - recvfrom: Resource temporarily unavailable'
Error: unix_socket failed. Test 'AF_UNIX unnamed socket (dgram); confined server (type, addr, peer label)' was expected to 'pass'. Reason for failure 'FAIL CLIENT - sendto: Permission denied
FAIL - recvfrom: Resource temporarily unavailable'
Error: unix_socket failed. Test 'AF_UNIX unnamed socket (dgram); confined server (type, addr, peer label, peer addr)' was expected to 'pass'. Reason for failure 'FAIL CLIENT - sendto: Permission denied
FAIL - recvfrom: Resource temporarily unavailable'
* The denial from the first failed test is:
apparmor="DENIED" operation="sendmsg" profile="/home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket" pid=15736 comm="unix_socket_cli" family="unix" sock_type="dgram" protocol=0 requested_mask="receive" denied_mask="receive" addr=none peer_addr=none peer="unconfined"
* The profile for the first failed test is:
/home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket {
/etc/ld.so.cache r,
/proc/*/attr/current w,
/dev/urandom r,
/home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket rix,
/lib/x86_64-linux-gnu/libc-2.19.so mr,
/lib/x86_64-linux-gnu/ld-2.19.so rix,
/tmp/sdtest.14144-11270-bx3zOK/output.unix_socket w,
/home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket_client Ux,
unix (create,getopt,setopt,shutdown),
unix peer=(label=/home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket),
}
---
ApportVersion: 2.14.7-0ubuntu2
Architecture: amd64
DistroRelease: Ubuntu 14.10
HibernationDevice: RESUME=UUID=4001a47a-4b23-4a0a-9301-da2c20cb2d34
InstallationDate: Installed on 2014-05-01 (145 days ago)
InstallationMedia: Ubuntu 14.10 "Utopic Unicorn" - Alpha amd64 (20140501)
IwConfig:
eth0 no wireless extensions.
lo no wireless extensions.
Lsusb: Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
MachineType: QEMU Standard PC (i440FX + PIIX, 1996)
Package: linux (not installed)
ProcFB:
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.16.0-17-generic root=UUID=9f38a1c7-dfce-4e54-b8d9-5d6ee0b7874c ro quiet splash
ProcVersionSignature: User Name 3.16.0-17.23-generic 3.16.3
RelatedPackageVersions:
linux-restricted-modules-3.16.0-17-generic N/A
linux-backports-modules-3.16.0-17-generic N/A
linux-firmware 1.134
RfKill:
Tags: utopic
Uname: Linux 3.16.0-17-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo
_MarkForUpload: True
dmi.bios.date: 01/01/2011
dmi.bios.vendor: Bochs
dmi.bios.version: Bochs
dmi.chassis.type: 1
dmi.chassis.vendor: Bochs
dmi.modalias: dmi:bvnBochs:bvrBochs:bd01/01/2011:svnQEMU:pnStandardPC(i440FX+PIIX,1996):pvrpc-i440fx-trusty:cvnBochs:ct1:cvr:
dmi.product.name: Standard PC (i440FX + PIIX, 1996)
dmi.product.version: pc-i440fx-trusty
dmi.sys.vendor: QEMU
apport information