Comment 0 for bug 1373172

The AF_UNIX unnamed dgram tests that involve a peer label are failing. Note that only the dgram tests of unix_socket_unnamed.sh result in this failure. The identical stream and seqpacket tests pass. It seems like the socket labeling may be applied differently between connected and connectionless sockets.

* The test failures:

Error: unix_socket failed. Test 'AF_UNIX unnamed socket (dgram); confined server (peer label w/ implicit perms)' was expected to 'pass'. Reason for failure 'FAIL CLIENT - sendto: Permission denied
FAIL - recvfrom: Resource temporarily unavailable'

Error: unix_socket failed. Test 'AF_UNIX unnamed socket (dgram); confined server (peer label w/ explicit perms)' was expected to 'pass'. Reason for failure 'FAIL CLIENT - sendto: Permission denied
FAIL - recvfrom: Resource temporarily unavailable'

Error: unix_socket failed. Test 'AF_UNIX unnamed socket (dgram); confined server (peer label, peer addr)' was expected to 'pass'. Reason for failure 'FAIL CLIENT - sendto: Permission denied
FAIL - recvfrom: Resource temporarily unavailable'

Error: unix_socket failed. Test 'AF_UNIX unnamed socket (dgram); confined server (type, peer label, peer addr)' was expected to 'pass'. Reason for failure 'FAIL CLIENT - sendto: Permission denied
FAIL - recvfrom: Resource temporarily unavailable'

Error: unix_socket failed. Test 'AF_UNIX unnamed socket (dgram); confined server (type, addr, peer label)' was expected to 'pass'. Reason for failure 'FAIL CLIENT - sendto: Permission denied
FAIL - recvfrom: Resource temporarily unavailable'

Error: unix_socket failed. Test 'AF_UNIX unnamed socket (dgram); confined server (type, addr, peer label, peer addr)' was expected to 'pass'. Reason for failure 'FAIL CLIENT - sendto: Permission denied
FAIL - recvfrom: Resource temporarily unavailable'

* The denial from the first failed test is:

apparmor="DENIED" operation="sendmsg" profile="/home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket" pid=15736 comm="unix_socket_cli" family="unix" sock_type="dgram" protocol=0 requested_mask="receive" denied_mask="receive" addr=none peer_addr=none peer="unconfined"

* The profile for the first failed test is:

/home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket {
  /etc/ld.so.cache r,
  /proc/*/attr/current w,
  /dev/urandom r,
  /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket rix,
  /lib/x86_64-linux-gnu/libc-2.19.so mr,
  /lib/x86_64-linux-gnu/ld-2.19.so rix,
  /tmp/sdtest.14144-11270-bx3zOK/output.unix_socket w,
  /home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket_client Ux,
  unix (create,getopt,setopt,shutdown),
  unix peer=(label=/home/tyhicks/apparmor.git/tests/regression/apparmor/unix_socket),
}