1
{\rtf1\ansi\deff1\adeflang1025
2
{\fonttbl{\f0\froman\fprq2\fcharset0 Nimbus Roman No9 L{\*\falt Times New Roman};}{\f1\froman\fprq2\fcharset0 Nimbus Roman No9 L{\*\falt Times New Roman};}{\f2\froman\fprq2\fcharset0 Times New Roman;}{\f3\froman\fprq2\fcharset0 Nimbus Roman No9 L{\*\falt Times New Roman};}{\f4\fswiss\fprq2\fcharset0 Nimbus Sans L{\*\falt Arial};}{\f5\fswiss\fprq2\fcharset0 Arial;}{\f6\fmodern\fprq0\fcharset0 Courier New;}{\f7\fnil\fprq0\fcharset2 StarSymbol;}{\f8\froman\fprq2\fcharset2 Symbol;}{\f9\fnil\fprq2\fcharset2 Wingdings;}{\f10\fmodern\fprq0\fcharset0 Courier;}{\f11\fnil\fprq2\fcharset0 Andale Sans UI{\*\falt Arial Unicode MS};}{\f12\froman\fprq0\fcharset0 MS Mincho{\*\falt \u65325 ?\u65331 ? \u26126 ?\u26397 ?};}{\f13\fnil\fprq2\fcharset0 Lucidasans;}{\f14\fnil\fprq0\fcharset0 Lucidasans;}}
3
{\colortbl;\red0\green0\blue0;\red128\green128\blue128;}
4
{\stylesheet{\s1{\*\hyphen2\hyphlead2\hyphtrail2\hyphmax0}\aspalpha\rtlch\af2\afs24\lang255\ltrch\dbch\af2\afs24\langfe255\loch\f2\fs24\lang1033\snext1 Default;}
5
{\s2\sa120\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033\sbasedon1\snext2 Text body;}
6
{\s3{\*\hyphen2\hyphlead2\hyphtrail2\hyphmax0}\rtlch\af14\afs24\lang255\ltrch\dbch\afs24\langfe255\loch\fs24\lang1033\sbasedon2\snext3 List;}
7
{\s4\sb120\sa120\rtlch\af14\afs20\lang255\ai\ltrch\dbch\af11\afs20\langfe255\ai\loch\fs20\lang1033\i\sbasedon1\snext4 Caption;}
8
{\s5\rtlch\af14\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033\sbasedon1\snext5 Index;}
9
{\s6\sb240\sa120\keepn\rtlch\afs28\lang255\ltrch\dbch\afs28\langfe255\loch\f4\fs28\lang1033\sbasedon1\snext2 Heading;}
10
{\s7\sb240\sa60\keepn\rtlch\af5\afs32\lang255\ab\ltrch\dbch\af11\afs32\langfe255\ab\loch\f5\fs32\lang1033\b\sbasedon1\snext1{\*\soutlvl0} Heading 1;}
11
{\s8\sb240\sa60\keepn\rtlch\af5\afs28\lang255\ai\ab\ltrch\dbch\af11\afs28\langfe255\ai\ab\loch\f5\fs28\lang1033\i\b\sbasedon1\snext1{\*\soutlvl1} Heading 2;}
12
{\s9\rtlch\af6\afs20\lang255\ltrch\dbch\af11\afs20\langfe255\loch\f6\fs20\lang1033\sbasedon1\snext9 WW-Plain Text;}
13
{\*\cs11\rtlch\afs24\lang255\ltrch\dbch\afs24\langfe255\loch\fs24\lang1033 RTF_Num 2 1;}
14
{\*\cs12\rtlch\afs24\lang255\ltrch\dbch\afs24\langfe255\loch\fs24\lang1033 RTF_Num 2 2;}
15
{\*\cs13\rtlch\afs24\lang255\ltrch\dbch\afs24\langfe255\loch\fs24\lang1033 RTF_Num 2 3;}
16
{\*\cs14\rtlch\afs24\lang255\ltrch\dbch\afs24\langfe255\loch\fs24\lang1033 RTF_Num 2 4;}
17
{\*\cs15\rtlch\afs24\lang255\ltrch\dbch\afs24\langfe255\loch\fs24\lang1033 RTF_Num 2 5;}
18
{\*\cs16\rtlch\afs24\lang255\ltrch\dbch\afs24\langfe255\loch\fs24\lang1033 RTF_Num 2 6;}
19
{\*\cs17\rtlch\afs24\lang255\ltrch\dbch\afs24\langfe255\loch\fs24\lang1033 RTF_Num 2 7;}
20
{\*\cs18\rtlch\afs24\lang255\ltrch\dbch\afs24\langfe255\loch\fs24\lang1033 RTF_Num 2 8;}
21
{\*\cs19\rtlch\afs24\lang255\ltrch\dbch\afs24\langfe255\loch\fs24\lang1033 RTF_Num 2 9;}
22
{\*\cs20\rtlch\afs24\lang255\ltrch\dbch\afs24\langfe255\loch\fs24\lang1033 RTF_Num 2 10;}
23
{\*\cs21\rtlch\af7\afs18\lang255\ltrch\dbch\af7\afs18\langfe255\loch\f7\fs18\lang1033 RTF_Num 3 1;}
24
{\*\cs22\rtlch\af7\afs18\lang255\ltrch\dbch\af7\afs18\langfe255\loch\f7\fs18\lang1033 RTF_Num 3 2;}
25
{\*\cs23\rtlch\af7\afs18\lang255\ltrch\dbch\af7\afs18\langfe255\loch\f7\fs18\lang1033 RTF_Num 3 3;}
26
{\*\cs24\rtlch\af7\afs18\lang255\ltrch\dbch\af7\afs18\langfe255\loch\f7\fs18\lang1033 RTF_Num 3 4;}
27
{\*\cs25\rtlch\af7\afs18\lang255\ltrch\dbch\af7\afs18\langfe255\loch\f7\fs18\lang1033 RTF_Num 3 5;}
28
{\*\cs26\rtlch\af7\afs18\lang255\ltrch\dbch\af7\afs18\langfe255\loch\f7\fs18\lang1033 RTF_Num 3 6;}
29
{\*\cs27\rtlch\af7\afs18\lang255\ltrch\dbch\af7\afs18\langfe255\loch\f7\fs18\lang1033 RTF_Num 3 7;}
30
{\*\cs28\rtlch\af7\afs18\lang255\ltrch\dbch\af7\afs18\langfe255\loch\f7\fs18\lang1033 RTF_Num 3 8;}
31
{\*\cs29\rtlch\af7\afs18\lang255\ltrch\dbch\af7\afs18\langfe255\loch\f7\fs18\lang1033 RTF_Num 3 9;}
32
{\*\cs30\rtlch\af7\afs18\lang255\ltrch\dbch\af7\afs18\langfe255\loch\f7\fs18\lang1033 RTF_Num 3 10;}
33
{\*\cs31\cf0\rtlch\af1\afs24\lang255\ltrch\dbch\af1\afs24\langfe255\loch\f1\fs24\lang1033 RTF_Num 3 1;}
34
{\*\cs32\cf0\rtlch\af1\afs24\lang255\ltrch\dbch\af1\afs24\langfe255\loch\f1\fs24\lang1033 RTF_Num 3 2;}
35
{\*\cs33\cf0\rtlch\af1\afs24\lang255\ltrch\dbch\af1\afs24\langfe255\loch\f1\fs24\lang1033 RTF_Num 3 3;}
36
{\*\cs34\cf0\rtlch\af1\afs24\lang255\ltrch\dbch\af1\afs24\langfe255\loch\f1\fs24\lang1033 RTF_Num 3 4;}
37
{\*\cs35\cf0\rtlch\af1\afs24\lang255\ltrch\dbch\af1\afs24\langfe255\loch\f1\fs24\lang1033 RTF_Num 3 5;}
38
{\*\cs36\cf0\rtlch\af1\afs24\lang255\ltrch\dbch\af1\afs24\langfe255\loch\f1\fs24\lang1033 RTF_Num 3 6;}
39
{\*\cs37\cf0\rtlch\af1\afs24\lang255\ltrch\dbch\af1\afs24\langfe255\loch\f1\fs24\lang1033 RTF_Num 3 7;}
40
{\*\cs38\cf0\rtlch\af1\afs24\lang255\ltrch\dbch\af1\afs24\langfe255\loch\f1\fs24\lang1033 RTF_Num 3 8;}
41
{\*\cs39\cf0\rtlch\af1\afs24\lang255\ltrch\dbch\af1\afs24\langfe255\loch\f1\fs24\lang1033 RTF_Num 3 9;}
42
{\*\cs40\cf0\rtlch\af1\afs24\lang255\ltrch\dbch\af1\afs24\langfe255\loch\f1\fs24\lang1033 RTF_Num 3 10;}
43
{\*\cs41\cf0\rtlch\af7\afs18\lang255\ltrch\dbch\af7\afs18\langfe255\loch\f7\fs18\lang1033 RTF_Num 3 1;}
44
{\*\cs42\cf0\rtlch\af7\afs18\lang255\ltrch\dbch\af7\afs18\langfe255\loch\f7\fs18\lang1033 RTF_Num 3 2;}
45
{\*\cs43\cf0\rtlch\af7\afs18\lang255\ltrch\dbch\af7\afs18\langfe255\loch\f7\fs18\lang1033 RTF_Num 3 3;}
46
{\*\cs44\cf0\rtlch\af7\afs18\lang255\ltrch\dbch\af7\afs18\langfe255\loch\f7\fs18\lang1033 RTF_Num 3 4;}
47
{\*\cs45\cf0\rtlch\af7\afs18\lang255\ltrch\dbch\af7\afs18\langfe255\loch\f7\fs18\lang1033 RTF_Num 3 5;}
48
{\*\cs46\cf0\rtlch\af7\afs18\lang255\ltrch\dbch\af7\afs18\langfe255\loch\f7\fs18\lang1033 RTF_Num 3 6;}
49
{\*\cs47\cf0\rtlch\af7\afs18\lang255\ltrch\dbch\af7\afs18\langfe255\loch\f7\fs18\lang1033 RTF_Num 3 7;}
50
{\*\cs48\cf0\rtlch\af7\afs18\lang255\ltrch\dbch\af7\afs18\langfe255\loch\f7\fs18\lang1033 RTF_Num 3 8;}
51
{\*\cs49\cf0\rtlch\af7\afs18\lang255\ltrch\dbch\af7\afs18\langfe255\loch\f7\fs18\lang1033 RTF_Num 3 9;}
52
{\*\cs50\cf0\rtlch\af7\afs18\lang255\ltrch\dbch\af7\afs18\langfe255\loch\f7\fs18\lang1033 RTF_Num 3 10;}
53
{\*\cs51\rtlch\af8\afs24\lang255\ltrch\dbch\af8\afs24\langfe255\loch\f8\fs24\lang1033 RTF_Num 5 1;}
54
{\*\cs52\rtlch\af6\afs24\lang255\ltrch\dbch\af6\afs24\langfe255\loch\f6\fs24\lang1033 RTF_Num 5 2;}
55
{\*\cs53\rtlch\af9\afs24\lang255\ltrch\dbch\af9\afs24\langfe255\loch\f9\fs24\lang1033 RTF_Num 5 3;}
56
{\*\cs54\rtlch\af8\afs24\lang255\ltrch\dbch\af8\afs24\langfe255\loch\f8\fs24\lang1033 RTF_Num 5 4;}
57
{\*\cs55\rtlch\af6\afs24\lang255\ltrch\dbch\af6\afs24\langfe255\loch\f6\fs24\lang1033 RTF_Num 5 5;}
58
{\*\cs56\rtlch\af9\afs24\lang255\ltrch\dbch\af9\afs24\langfe255\loch\f9\fs24\lang1033 RTF_Num 5 6;}
59
{\*\cs57\rtlch\af8\afs24\lang255\ltrch\dbch\af8\afs24\langfe255\loch\f8\fs24\lang1033 RTF_Num 5 7;}
60
{\*\cs58\rtlch\af6\afs24\lang255\ltrch\dbch\af6\afs24\langfe255\loch\f6\fs24\lang1033 RTF_Num 5 8;}
61
{\*\cs59\rtlch\af9\afs24\lang255\ltrch\dbch\af9\afs24\langfe255\loch\f9\fs24\lang1033 RTF_Num 5 9;}
62
{\*\cs60\cf0\rtlch\af1\afs24\lang255\ltrch\dbch\af1\afs24\langfe255\loch\f1\fs24\lang1033 RTF_Num 5 10;}
63
{\*\cs61\rtlch\afs24\lang255\ltrch\dbch\afs24\langfe255\loch\fs24\lang1033 RTF_Num 4 1;}
64
{\*\cs62\rtlch\afs24\lang255\ltrch\dbch\afs24\langfe255\loch\fs24\lang1033 RTF_Num 4 2;}
65
{\*\cs63\rtlch\afs24\lang255\ltrch\dbch\afs24\langfe255\loch\fs24\lang1033 RTF_Num 4 3;}
66
{\*\cs64\rtlch\afs24\lang255\ltrch\dbch\afs24\langfe255\loch\fs24\lang1033 RTF_Num 4 4;}
67
{\*\cs65\rtlch\afs24\lang255\ltrch\dbch\afs24\langfe255\loch\fs24\lang1033 RTF_Num 4 5;}
68
{\*\cs66\rtlch\afs24\lang255\ltrch\dbch\afs24\langfe255\loch\fs24\lang1033 RTF_Num 4 6;}
69
{\*\cs67\rtlch\afs24\lang255\ltrch\dbch\afs24\langfe255\loch\fs24\lang1033 RTF_Num 4 7;}
70
{\*\cs68\rtlch\afs24\lang255\ltrch\dbch\afs24\langfe255\loch\fs24\lang1033 RTF_Num 4 8;}
71
{\*\cs69\rtlch\afs24\lang255\ltrch\dbch\afs24\langfe255\loch\fs24\lang1033 RTF_Num 4 9;}
72
{\*\cs70\rtlch\afs24\lang255\ltrch\dbch\afs24\langfe255\loch\fs24\lang1033 RTF_Num 4 10;}
73
{\*\cs71\cf0\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\f1\fs24\lang1033 Numbering Symbols;}
74
{\*\cs72\cf0\rtlch\af7\afs18\lang255\ltrch\dbch\af7\afs18\langfe255\loch\f7\fs18\lang1033 Bullets;}
75
{\*\cs73\cf0\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\f8\fs24\lang1033 WW8Num1z0;}
76
{\*\cs74\cf0\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\f6\fs24\lang1033 WW8Num1z1;}
77
{\*\cs75\cf0\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\f9\fs24\lang1033 WW8Num1z2;}
78
{\*\cs76\cf0\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\f1\fs24\lang1033 WW-Default Paragraph Font;}
79
}{\*\listtable{\list\listtemplateid1
80
{\listlevel\levelnfc0\leveljc0\levelstartat3\levelfollow2{\leveltext \'02\'00.;}{\levelnumbers\'01;}\f8\f8\f8\fi-283\li283}
81
{\listlevel\levelnfc0\leveljc0\levelstartat1\levelfollow2{\leveltext \'02\'01.;}{\levelnumbers\'01;}\f6\f6\f6\fi-283\li567}
82
{\listlevel\levelnfc0\leveljc0\levelstartat1\levelfollow2{\leveltext \'02\'02.;}{\levelnumbers\'01;}\f9\f9\f9\fi-283\li850}
83
{\listlevel\levelnfc0\leveljc0\levelstartat1\levelfollow2{\leveltext \'02\'03.;}{\levelnumbers\'01;}\f8\f8\f8\fi-283\li1134}
84
{\listlevel\levelnfc0\leveljc0\levelstartat1\levelfollow2{\leveltext \'02\'04.;}{\levelnumbers\'01;}\f6\f6\f6\fi-283\li1417}
85
{\listlevel\levelnfc0\leveljc0\levelstartat1\levelfollow2{\leveltext \'02\'05.;}{\levelnumbers\'01;}\f9\f9\f9\fi-283\li1701}
86
{\listlevel\levelnfc0\leveljc0\levelstartat1\levelfollow2{\leveltext \'02\'06.;}{\levelnumbers\'01;}\f8\f8\f8\fi-283\li1984}
87
{\listlevel\levelnfc0\leveljc0\levelstartat1\levelfollow2{\leveltext \'02\'07.;}{\levelnumbers\'01;}\f6\f6\f6\fi-283\li2268}
88
{\listlevel\levelnfc0\leveljc0\levelstartat1\levelfollow2{\leveltext \'02\'08.;}{\levelnumbers\'01;}\f9\f9\f9\fi-283\li2551}
89
{\*\soutlvl{\listlevel\levelnfc0\leveljc0\levelstartat1\levelfollow2{\leveltext \'02\'09.;}{\levelnumbers\'01;}\fi-283\li2835}}{\listname RTF_Num 5;}\listid1}
90
{\list\listtemplateid2
91
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow2{\leveltext \'01\u9679 ?;}{\levelnumbers;}\f7\fs18\f7\fs18\f7\fs18\f7\fi-283\li283}
92
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow2{\leveltext \'01\u9679 ?;}{\levelnumbers;}\f7\fs18\f7\fs18\f7\fs18\f7\fi-283\li567}
93
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow2{\leveltext \'01\u9679 ?;}{\levelnumbers;}\f7\fs18\f7\fs18\f7\fs18\f7\fi-283\li850}
94
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow2{\leveltext \'01\u9679 ?;}{\levelnumbers;}\f7\fs18\f7\fs18\f7\fs18\f7\fi-283\li1134}
95
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow2{\leveltext \'01\u9679 ?;}{\levelnumbers;}\f7\fs18\f7\fs18\f7\fs18\f7\fi-283\li1417}
96
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow2{\leveltext \'01\u9679 ?;}{\levelnumbers;}\f7\fs18\f7\fs18\f7\fs18\f7\fi-283\li1701}
97
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow2{\leveltext \'01\u9679 ?;}{\levelnumbers;}\f7\fs18\f7\fs18\f7\fs18\f7\fi-283\li1984}
98
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow2{\leveltext \'01\u9679 ?;}{\levelnumbers;}\f7\fs18\f7\fs18\f7\fs18\f7\fi-283\li2268}
99
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow2{\leveltext \'01\u9679 ?;}{\levelnumbers;}\f7\fs18\f7\fs18\f7\fs18\f7\fi-283\li2551}
100
{\*\soutlvl{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow2{\leveltext \'01\u9679 ?;}{\levelnumbers;}\f7\fs18\f7\fs18\f7\fs18\f7\fi-283\li2835}}{\listname RTF_Num 3;}\listid2}
101
{\list\listtemplateid3
102
{\listlevel\levelnfc0\leveljc0\levelstartat1\levelfollow2{\leveltext \'02\'00.;}{\levelnumbers\'01;}\fi-283\li283}
103
{\listlevel\levelnfc0\leveljc0\levelstartat1\levelfollow2{\leveltext \'02\'01.;}{\levelnumbers\'01;}\fi-283\li567}
104
{\listlevel\levelnfc0\leveljc0\levelstartat1\levelfollow2{\leveltext \'02\'02.;}{\levelnumbers\'01;}\fi-283\li850}
105
{\listlevel\levelnfc0\leveljc0\levelstartat1\levelfollow2{\leveltext \'02\'03.;}{\levelnumbers\'01;}\fi-283\li1134}
106
{\listlevel\levelnfc0\leveljc0\levelstartat1\levelfollow2{\leveltext \'02\'04.;}{\levelnumbers\'01;}\fi-283\li1417}
107
{\listlevel\levelnfc0\leveljc0\levelstartat1\levelfollow2{\leveltext \'02\'05.;}{\levelnumbers\'01;}\fi-283\li1701}
108
{\listlevel\levelnfc0\leveljc0\levelstartat1\levelfollow2{\leveltext \'02\'06.;}{\levelnumbers\'01;}\fi-283\li1984}
109
{\listlevel\levelnfc0\leveljc0\levelstartat1\levelfollow2{\leveltext \'02\'07.;}{\levelnumbers\'01;}\fi-283\li2268}
110
{\listlevel\levelnfc0\leveljc0\levelstartat1\levelfollow2{\leveltext \'02\'08.;}{\levelnumbers\'01;}\fi-283\li2551}
111
{\*\soutlvl{\listlevel\levelnfc0\leveljc0\levelstartat1\levelfollow2{\leveltext \'02\'09.;}{\levelnumbers\'01;}\fi-283\li2835}}{\listname RTF_Num 4;}\listid3}
112
{\list\listtemplateid4\listsimple
113
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow2{\leveltext \'01\u61623 ?;}{\levelnumbers;}\f7\fs18\f7\fs18\f7\fs18\f8\fi-360\li720}
114
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow2{\leveltext \'01\u111 ?;}{\levelnumbers;}\f7\fs18\f7\fs18\f7\fs18\f6\fi-360\li1440}
115
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow2{\leveltext \'01\u61607 ?;}{\levelnumbers;}\f7\fs18\f7\fs18\f7\fs18\f9\fi-360\li2160}
116
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow2{\leveltext \'01\u61623 ?;}{\levelnumbers;}\f7\fs18\f7\fs18\f7\fs18\f8\fi-360\li2880}
117
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow2{\leveltext \'01\u111 ?;}{\levelnumbers;}\f7\fs18\f7\fs18\f7\fs18\f6\fi-360\li3600}
118
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow2{\leveltext \'01\u61607 ?;}{\levelnumbers;}\f7\fs18\f7\fs18\f7\fs18\f9\fi-360\li4320}
119
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow2{\leveltext \'01\u61623 ?;}{\levelnumbers;}\f7\fs18\f7\fs18\f7\fs18\f8\fi-360\li5040}
120
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow2{\leveltext \'01\u111 ?;}{\levelnumbers;}\f7\fs18\f7\fs18\f7\fs18\f6\fi-360\li5760}
121
{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow2{\leveltext \'01\u61607 ?;}{\levelnumbers;}\f7\fs18\f7\fs18\f7\fs18\f9\fi-360\li6480}
122
{\*\soutlvl{\listlevel\levelnfc23\leveljc0\levelstartat1\levelfollow2{\leveltext \'01\u61623 ?;}{\levelnumbers;}\f7\fs18\f7\fs18\f7\fs18\f8\fi-360\li7200}}{\listname WW8Num1;}\listid4}
123
{\list\listtemplateid5
124
{\listlevel\levelnfc0\leveljc0\levelstartat1\levelfollow2{\leveltext \'02\'00.;}{\levelnumbers\'01;}\fi-283\li283}
125
{\listlevel\levelnfc0\leveljc0\levelstartat1\levelfollow2{\leveltext \'02\'01.;}{\levelnumbers\'01;}\fi-283\li567}
126
{\listlevel\levelnfc0\leveljc0\levelstartat1\levelfollow2{\leveltext \'02\'02.;}{\levelnumbers\'01;}\fi-283\li850}
127
{\listlevel\levelnfc0\leveljc0\levelstartat1\levelfollow2{\leveltext \'02\'03.;}{\levelnumbers\'01;}\fi-283\li1134}
128
{\listlevel\levelnfc0\leveljc0\levelstartat1\levelfollow2{\leveltext \'02\'04.;}{\levelnumbers\'01;}\fi-283\li1417}
129
{\listlevel\levelnfc0\leveljc0\levelstartat1\levelfollow2{\leveltext \'02\'05.;}{\levelnumbers\'01;}\fi-283\li1701}
130
{\listlevel\levelnfc0\leveljc0\levelstartat1\levelfollow2{\leveltext \'02\'06.;}{\levelnumbers\'01;}\fi-283\li1984}
131
{\listlevel\levelnfc0\leveljc0\levelstartat1\levelfollow2{\leveltext \'02\'07.;}{\levelnumbers\'01;}\fi-283\li2268}
132
{\listlevel\levelnfc0\leveljc0\levelstartat1\levelfollow2{\leveltext \'02\'08.;}{\levelnumbers\'01;}\fi-283\li2551}
133
{\*\soutlvl{\listlevel\levelnfc0\leveljc0\levelstartat1\levelfollow2{\leveltext \'02\'09.;}{\levelnumbers\'01;}\fi-283\li2835}}{\listname RTF_Num 2;}\listid5}
134
}{\listoverridetable{\listoverride\listid1\listoverridecount0\ls0}{\listoverride\listid2\listoverridecount0\ls1}{\listoverride\listid3\listoverridecount0\ls2}{\listoverride\listid4\listoverridecount0\ls3}{\listoverride\listid5\listoverridecount0\ls4}}
136
{\info{\comment StarWriter}{\vern6450}}\deftab720
138
{\pgdsc0\pgdscuse195\pgwsxn12240\pghsxn15840\marglsxn1800\margrsxn1800\margtsxn1440\margbsxn1440\pgdscnxt0 Default;}}
139
{\*\pgdscno0}\paperh15840\paperw12240\margl1800\margr1800\margt1440\margb1440\sectd\sbknone\pgwsxn12240\pghsxn15840\marglsxn1800\margrsxn1800\margtsxn1440\margbsxn1440\ftnbj\ftnstart1\ftnrstcont\ftnnar\aenddoc\aftnrstcont\aftnstart1\aftnnrlc
140
\pard\plain \sb240\sa60\keepn\f2\fs32\b\f12\fs32\b\f2\fs32\b\qc\aspalpha \ltrpar\s7\qc\aspalpha\sb240\sa60\keepn\rtlch\af2\afs32\lang255\ab\ltrch\dbch\af12\afs32\langfe255\ab\loch\f2\fs32\lang1033\b {\loch\f2\fs32\lang1033\i0\b AppArmor regression test suite}
141
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033
142
\par \pard\plain \sb240\sa60\keepn\f2\fs28\i\b\f12\fs28\i\b\f2\fs28\i\b\aspalpha \ltrpar\s8\aspalpha\sb240\sa60\keepn\ql\rtlch\af2\afs28\lang255\ai\ab\ltrch\dbch\af12\afs28\langfe255\ai\ab\loch\f2\fs28\lang1033\i\b {\loch\f2\fs28\lang1033\i\b Overview}
143
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033 {\loch\f2\fs20\lang1033\i0\b0 The AppArmor regression test suite is designed to be an easily extensible family of tests where the individual tests are highly decomposed. Tests exist to check for regressions in the key areas of AppArmor functionality.}
144
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033
145
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033 {\loch\f2\fs20\lang1033\i0\b0 At the time of writing there are 26 tests that comprise the regression test suite. A dedicated shell script implements each test. Some of these tests are very simple verifying just a few basic operations ('open' for example) whilst others are highly compl
146
ex involving many subtests and techniques such as iteration over features and comparison of behavior ('capabilities' and 'exec_qual' for example). Regardless of the varying complexity each of these examples (shell scripts) utilize a common format and inf
147
rastructure support.}
148
\par \pard\plain \sb240\sa60\keepn\f2\fs28\i\b\f12\fs28\i\b\f2\fs28\i\b\aspalpha \ltrpar\s8\aspalpha\sb240\sa60\keepn\ql\rtlch\af2\afs28\lang255\ai\ab\ltrch\dbch\af12\afs28\langfe255\ai\ab\loch\f2\fs28\lang1033\i\b {\loch\f2\fs28\lang1033\i\b Running the Test Suite}
149
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af12\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 The test suite is designed to be built and run from the main makefile using the command \lquote make tests\rquote . The test suite may be built without running it using the command \lquote make. Individual tests may be sun by the command \lquote sh <testname>.sh\rquote . The set of tes
150
tnames is defined in the makefile as variable TESTS.}
151
\par \pard\plain \sb240\sa60\keepn\f2\fs28\i\b\f12\fs28\i\b\f2\fs28\i\b\aspalpha \ltrpar\s8\aspalpha\sb240\sa60\keepn\ql\rtlch\af2\afs28\lang255\ai\ab\ltrch\dbch\af12\afs28\langfe255\ai\ab\loch\f2\fs28\lang1033\i\b {\loch\f2\fs28\lang1033\i\b Parsing the Results}
152
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af12\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 As detailed above, each test comprising the test suite is controlled by a dedicated shell script (normally called <testname>.sh). This test will cycle through its subtests. Most shell scripts produce no output to the tty for a successful run (although t
153
he controlling makefile outputs \lquote running <testname>' before running each shell script) although some tests (capabilities for example) output the name of each subtest as it is run.}
154
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af12\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 In the case of an error, the test framework will output a diagnostic to the tty. Diagnostics are divided into two main areas, functional errors and unexpected errors. Functional errors occur are when the test executed but it did not function as expected
155
. For functional failure the test suite will output \lquote Error:\rdblquote followed by a description of the error. Unexpected errors are when either a test did executed in a way whereby the framework could not determine it\rquote s behavior or the framework itself experienced
157
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033
158
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033 {\loch\f2\fs20\lang1033\i0\b0 Examples:}
159
\par \pard\plain {\listtext\pard\plain \li720\ri0\lin720\rin0\fi-360\f2\fs20\f12\fs20\f2\fs20\f7\fs18\f7\fs18\f7\fs18 \u61623 ?}\ilvl0 \ltrpar\s9\ls3\li720\ri0\lin720\rin0\fi-360\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033 {\loch\f2\fs20\lang1033\i0\b0 Functional error, test was expected to fail due to receipt of a signal but it passed:}
160
\par \pard\plain \ltrpar\s9\li1440\ri0\lin1440\rin0\fi0\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 Error: changehat_twice passed. Test 'CHANGEHAT (subprofile->subprofile w/ bad magic)' was expected to 'signal9'}
161
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033
162
\par \pard\plain {\listtext\pard\plain \li720\ri0\lin720\rin0\fi-360\f2\fs20\f12\fs20\f2\fs20\f7\fs18\f7\fs18\f7\fs18 \u61623 ?}\ilvl0 \ltrpar\s9\ls3\li720\ri0\lin720\rin0\fi-360\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033 {\loch\f2\fs20\lang1033\i0\b0 Functional error, test was expected to pass but it failed:}
163
\par \pard\plain \ltrpar\s9\li1440\ri0\lin1440\rin0\fi0\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 Error: open failed. Test 'OPEN RW' was expected to 'pass'.}
164
\par \pard\plain \ltrpar\s9\li1440\ri0\lin1440\rin0\fi0\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 Reason for failure 'FAIL: open /tmp/sdtest.13983-32704-z13990/file failed - Permission denied'}
165
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033
166
\par \pard\plain {\listtext\pard\plain \li720\ri0\lin720\rin0\fi-360\f2\fs20\f12\fs20\f2\fs20\f7\fs18\f7\fs18\f7\fs18 \u61623 ?}\ilvl0 \ltrpar\s9\ls3\li720\ri0\lin720\rin0\fi-360\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033 {\loch\f2\fs20\lang1033\i0\b0 Unexpected error, unable to execute a test:}
167
\par \pard\plain \ltrpar\s9\li1440\ri0\lin1440\rin0\fi0\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 Fatal Error (open): Unable to run test sub-executable}
168
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033
169
\par \pard\plain {\listtext\pard\plain \li720\ri0\lin720\rin0\fi-360\f2\fs20\f12\fs20\f2\fs20\f7\fs18\f7\fs18\f7\fs18 \u61623 ?}\ilvl0 \ltrpar\s9\ls3\li720\ri0\lin720\rin0\fi-360\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033 {\loch\f2\fs20\lang1033\i0\b0 Unexpected error< error in shell script (or in framework):}
170
\par \pard\plain \ltrpar\s9\li1440\ri0\lin1440\rin0\fi0\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 Fatal Error (open): Unexpected shell error. }
171
\par \pard\plain \ltrpar\s9\li1440\ri0\lin1440\rin0\fi0\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 Run with -x to debug}
172
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033
173
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033
174
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af12\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 In dealing with a failure, the first step is to determine reproducibility. As previously mentioned, if you are running all of the tests via \lquote make tests\rquote you can rerun an individual test via \lquote sh <testname>.sh\rquote .}
175
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af12\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 If the problem is reproducible, running the test with \lquote -r\rquote as the first argument, i.e. \lquote sh <testname>.sh -r\rquote will retain the files for the test that failed and the directory path to these files will be output to the tty. In this directory a script called
176
\lquote runtest\rquote will be present which can be used to rerun the first failing component of the test script outside of the test harness where it is easier to determine the problem. }
177
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af12\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 Beyond this, knowledge of the actual test may be required to debug the problem further. See \ldblquote Design of Test Suite\rdblquote for technical information on how the tests are implemented.}
178
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af12\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 In the case of an unexpected error, running with the \lquote -r\rquote option will usually not he helpful as the test script or framework may have a problem. At this point, as indicated by the diagnostic, it is normally necessary to run the script with the -x option (
179
\lquote sh -x testname.sh\rquote ) and debug either the test script or the base framework. This is not for the uninitiated.}
180
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033
181
\par \pard\plain \sb240\sa60\keepn\f5\fs28\i\b\f12\fs28\i\b\f5\fs28\i\b\aspalpha \ltrpar\s8\aspalpha\sb240\sa60\keepn\ql\rtlch\af5\afs28\lang255\ai\ab\ltrch\dbch\af12\afs28\langfe255\ai\ab\loch\f5\fs28\lang1033\i\b {\loch\f5\fs28\lang1033\i\b Pre-Requisites for running the suite}
182
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033
183
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af12\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 In order to compile the test suite the GNU C compiler (gcc) must be installed on the system plus necessary development tools such as make.}
184
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af12\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 In order to execute the tests the AppArmor module must be loaded and the AppArmor filesystem (normally /subdomain) must be mounted. In addition the AppArmor parser (normally /sbin/subdomain_parser but an alternate location may be specified in uservars.inc
185
) must be present. The parser and module must be compatible or errors will result during the loading of profiles during test suite execution.}
186
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af12\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 You must be root to run the test suite (it is not necessary to be root to build the suite however).}
187
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033 {\loch\f2\fs20\lang1033\i0\b0 Note: Executing /etc/init.d/subdomain start as root will ensure that these requirements are met on a system with the SHASS software correctly installed.}
188
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033
189
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033
190
\par \pard\plain \sb240\sa60\keepn\f5\fs28\i\b\f12\fs28\i\b\f5\fs28\i\b\aspalpha \ltrpar\s8\aspalpha\sb240\sa60\keepn\ql\rtlch\af5\afs28\lang255\ai\ab\ltrch\dbch\af12\afs28\langfe255\ai\ab\loch\f5\fs28\lang1033\i\b {\loch\f5\fs28\lang1033\i\b Design of Test Suite}
191
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033
192
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af12\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 Each test consists of one controlling shell script and one or more executable files. This is a requirement of the test harness. Practically speaking most of the test functionality is of sufficient complexity that no shell api exists and functionality mus
193
t be implemented in an executable. Currently all executables are written in the C programming language.}
194
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af12\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 It is important to note that a functioning test is achieved by the correct operation of both the shell script and the executable. The framework requires certain behavior but outside of this the test author is free to design the test as they wish but the sh
195
ell script and executables must agree on their conventions in order to correctly implement the test.}
196
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033
197
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af12\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 The file \lquote prologue.inc\rquote implements most of the underlying shell framework. It must be loaded into the shell script before any other test functionality is performed. You will see it loaded via the shell \lquote .\rquote function at the start of each test shell script.}
198
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af12\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 By default, prologue.inc assumes the test binary is the same name as the shell script, with \lquote .sh\rquote removed. For test scripts with only one executable this makes things simple. You may want to have a single shell script run multiple executables (syscall.sh
199
for example). In this case, the \lquote settest\rquote function is used to select a new binary executable for this test.}
200
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af12\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 The \lquote genprofile\rquote function generates a profile based on passed arguments. The function automatically adds the necessary shared libraries and output files necessary to support the execution, it is not necessary to specify these manually. Therefore a call t
201
o genprofile without arguments will build a profile allowing the executable to run but without any additional access (which assuming the test application attempts to access files will most likely cause AppArmor to report a REJECTION). Specifying additional
202
arguments to genprofile in the form of <filename>:<perm> will allow additional access.}
203
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af12\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 Genprofile also allows capabilities to be specified, it uses the same syntax as specifying file permissions except the filename component is always the literal \lquote capability\rquote . For example, specifying \lquote capability:admin\rquote as an argument to genprofile will grant
204
the profile CAP_SYS_ADMIN.}
205
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af12\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 By default genprofile assumes it is creating a profile for the test binary corresponding to the current testname (shell script name minus trailing .sh or the name specified in a subsequent \lquote settest\rquote command). Normally this is sufficient but certain tests
206
require more complex profiles. Genprofile now supports two keywords \lquote subhat\rquote and \lquote image\rdblquote that allow complex profiles to be built which include subhats (necessary if the parent calls changehat) and support for more than one executable (useful if the primar
207
y test wants to pass control to a different executable which also must be controlled by a profile). The \lquote \emdash \lquote separator is used to separate each portion of the argument stream. The separator may be used multiple times on the same argument line but after ea
208
ch use the only token that may follow it is \lquote subhat=\rquote or \lquote image=\rquote .}
209
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033
210
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af12\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 The following is a simple example showing the use of the \lquote subhat\rquote keyword:}
211
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033
212
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 settest changehat_write}
213
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 genprofile -- subhat=hat1 /tmp/file:rw -- subhat=hat2 /tmp/file2:rw}
214
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033
215
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 runchecktest "changehat (hat1 w access sub file1)" pass hat1 /tmp/file}
216
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 runchecktest "changehat (hat1 w access sub file2)" fail hat1 /tmp/file2}
217
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 runchecktest "changehat (hat2 w access sub file1)" pass hat2 /tmp/file}
218
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 runchecktest "changehat (hat2 w access sub file2)" fail hat2 /tmp/file2}
219
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033
220
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af12\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 This sequence of actions generates a profile for the executable changehat_write. You will note that \lquote \emdash \lquote is the first argument after genprofile. This terminates the generation of files for the parent profile. This means that the only file entries for the p
221
arent hat will be those shared libraries and other support files automatically generated for changehat_write to begin execution (these files are determined by the function resolve_libs).}
222
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af12\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 It also creates two subhats for the profile called \lquote hat1\rquote and \lquote hat2\rquote . Hat1 has rw access to file\rquote /tmp/file\rquote and hat2 has rw access to file \lquote /tmp/file2\rquote .}
223
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af12\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 The changehat_write test attempts to change to the specified hat (passed to changehat_write as argv[1]), open, read and write to the file passed as argv[2].}
224
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af12\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 It should be obvious from the profile and from the 4 calls to runchecktest (see below for a description of this function) that hat1 only has the necessary access to /tmp/file and hat2 only to /tmp/file2.}
225
\par \pard\plain \ltrpar\s1{\*\hyphen2\hyphlead2\hyphtrail2\hyphmax0}\aspalpha\ql\rtlch\af2\afs24\lang255\ltrch\dbch\af12\afs24\langfe255\loch\f2\fs24\lang1033
226
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af12\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 The following is an example showing the use of the \lquote image\rquote keyword:}
227
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033
228
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 settest fork_child}
229
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 genprofile $bin/fork_child2:px -- image=$bin/fork_child2 /tmp/file1:rw}
230
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033
231
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 runchecktest "subexecutable w access" fail $bin/fork_child3 /tmp/file1}
232
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 runchecktest "subexecutable w access" pass $bin/fork_child2 /tmp/file1}
233
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 runchecktest "subexecutable w access" fail $bin/fork_child2 /tmp/file2}
234
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033
235
\par \pard\plain \ltrpar\s1{\*\hyphen2\hyphlead2\hyphtrail2\hyphmax0}\aspalpha\ql\rtlch\af2\afs24\lang255\ltrch\dbch\af12\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 This generates two profiles, which are loaded in one operation. First is a profile for \lquote fork_child\rquote (implicitly $bin/fork_child) which in addition to containing access to the necessary library/support files also has \lquote px\rquote (meaning the profile must exist) a
236
ccess to fork_child2. A profile for the executable fork_child2 is also created again with access to the necessary libraries and support files and also with rw access to /tmp/file1. In this example, the executable fork_child forks and execs the file speci
237
fied as its argv[1] passing to this image argv[2] as the child\rquote s argv[1]. The child attempts to open, read and write it\rquote s argv[1]. Clearly the first test fails because the profile for fork_child does not grant execute access to fork_child3. The third te
238
st also fails because although fork_test2 was successfully executed, it\rquote s profile does not allow access to /tmp/file2.}
239
\par \pard\plain \ltrpar\s1{\*\hyphen2\hyphlead2\hyphtrail2\hyphmax0}\aspalpha\ql\rtlch\af2\afs24\lang255\ltrch\dbch\af12\afs24\langfe255\loch\f2\fs24\lang1033
240
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af12\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 Executing a test is achieved by calling the \lquote runchecktest\rquote function which will run either the executable matching the name of the shell script, or specified by settest. The first argument is a brief description of what the executable does in this mode, wh
241
ich is displayed in the event of an error. The second argument is either \ldblquote pass\rdblquote or \ldblquote fail\rdblquote indicating whether the test is expected to pass or fail. The executable is expected to output \ldblquote PASS\rdblquote for success and \ldblquote FAIL: <error message>\rdblquote in the event of a failu
242
re. If the executable outputs something other than this, the controlling shell script will interpret this as a test failure and output \ldblquote unable to run test sub executable\rdblquote and terminate. Remaining arguments to runchecktest are passed to the executable as
244
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af12\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 The runchecktest command executes and checks the test serially. If a test requires to be run in the background, so that the shell may do subsequent operations, such as sending it a signal before checking it\rquote s output, this is accomplished by separately cal
245
ling \lquote runtestbg\rquote and \lquote checktestbg\rquote instead of calling \lquote runchecktest\rquote .}
246
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033
247
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af12\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 Profile loading, replacing and unloading is automatically handled by the shell script (via prologue.inc). Also, cleanup (tempfile removal and profile unloading) on exit is automatic.}
248
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033
249
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033
250
\par \pard\plain \sb240\sa60\keepn\f5\fs28\i\b\f12\fs28\i\b\f5\fs28\i\b\aspalpha \ltrpar\s8\aspalpha\sb240\sa60\keepn\ql\rtlch\af5\afs28\lang255\ai\ab\ltrch\dbch\af12\afs28\langfe255\ai\ab\loch\f5\fs28\lang1033\i\b {\loch\f5\fs28\lang1033\i\b Implementing a new test case}
251
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033
252
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033 {\loch\f2\fs20\lang1033\i0\b0 As an example, the text shell script for exec (exec.sh) is 24 lines and}
253
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033 {\loch\f2\fs20\lang1033\i0\b0 may be used as a template for creating new simple tests (changehat.sh is}
254
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033 {\loch\f2\fs20\lang1033\i0\b0 a good template for subprofile tests and rw.sh is a template for tests}
255
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033 {\loch\f2\fs20\lang1033\i0\b0 requiring signal passing)}
256
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033
257
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 #! /bin/bash}
258
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033
259
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 pwd=`dirname $0`}
260
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 pwd=`cd $pwd ; pwd`}
261
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033
262
\par \pard\plain \ltrpar\s9\li720\ri0\lin720\rin0\fi0\ql\rtlch\af2\afs20\lang255\ai\ltrch\dbch\af12\afs20\langfe255\ai\loch\f2\fs20\lang1033\i {\loch\f2\fs20\lang1033\i\b0 bin must be set prior to including prologue.inc. This is the only requirement placed on the shell script author by prologue.inc}
263
\par \pard\plain \ltrpar\s9\li720\ri0\lin720\rin0\fi0\ql\rtlch\af2\afs20\lang255\ai\ltrch\dbch\af12\afs20\langfe255\ai\loch\f2\fs20\lang1033\i
264
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 bin=$pwd}
265
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033
266
\par \pard\plain \ltrpar\s9\li720\ri0\lin720\rin0\fi0\ql\rtlch\af2\afs20\lang255\ai\ltrch\dbch\af12\afs20\langfe255\ai\loch\f2\fs20\lang1033\i {\loch\f2\fs20\lang1033\i\b0 prologie.inc must be included before running any tests}
267
\par \pard\plain \ltrpar\s9\li720\ri0\lin720\rin0\fi0\ql\rtlch\af2\afs20\lang255\ai\ltrch\dbch\af12\afs20\langfe255\ai\loch\f2\fs20\lang1033\i
268
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 . $bin/prologue.inc}
269
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033
270
\par \pard\plain \ltrpar\s9\li720\ri0\lin720\rin0\fi0\ql\rtlch\af2\afs20\lang255\ai\ltrch\dbch\af12\afs20\langfe255\ai\loch\f2\fs20\lang1033\i {\loch\f2\fs20\lang1033\i\b0 variable definitions used by this script}
271
\par \pard\plain \ltrpar\s9\li720\ri0\lin720\rin0\fi0\ql\rtlch\af2\afs20\lang255\ai\ltrch\dbch\af12\afs20\langfe255\ai\loch\f2\fs20\lang1033\i
272
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 file=/bin/true}
273
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 okperm=ix}
274
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 badperm=r}
275
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033
276
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 # PASS TEST}
277
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033
278
\par \pard\plain \ltrpar\s9\li720\ri0\lin720\rin0\fi0\ql\rtlch\af2\afs20\lang255\ai\ltrch\dbch\af12\afs20\langfe255\ai\loch\f2\fs20\lang1033\i {\loch\f2\fs20\lang1033\i\b0 generate a profile allowing ix access to /bin/true}
279
\par \pard\plain \ltrpar\s9\li720\ri0\lin720\rin0\fi0\ql\rtlch\af2\afs20\lang255\ai\ltrch\dbch\af12\afs20\langfe255\ai\loch\f2\fs20\lang1033\i
280
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 genprofile $file:$okperm}
281
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033
282
\par \pard\plain \ltrpar\s9\li720\ri0\lin720\rin0\fi0\ql\rtlch\af2\afs20\lang255\ai\ltrch\dbch\af12\afs20\langfe255\ai\loch\f2\fs20\lang1033\i {\loch\f2\fs20\lang1033\i\b0 run this test (exec) passing /bin/true as argv[1]}
283
\par \pard\plain \ltrpar\s9\li720\ri0\lin720\rin0\fi0\ql\rtlch\af2\afs20\lang255\ai\ltrch\dbch\af12\afs20\langfe255\ai\loch\f2\fs20\lang1033\i {\loch\f2\fs20\lang1033\i\b0 check it's output, it is expected to pass}
284
\par \pard\plain \ltrpar\s9\li720\ri0\lin720\rin0\fi0\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033
285
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 runchecktest "EXEC with x" pass $file}
286
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033
287
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 # NOLINK PERMTEST}
288
\par \pard\plain \ltrpar\s9\li720\ri0\lin720\rin0\fi0\ql\rtlch\af2\afs20\lang255\ai\ltrch\dbch\af12\afs20\langfe255\ai\loch\f2\fs20\lang1033\i {\loch\f2\fs20\lang1033\i\b0 generate a new profile allowing only r access to /bin/true}
289
\par \pard\plain \ltrpar\s9\li720\ri0\lin720\rin0\fi0\ql\rtlch\af2\afs20\lang255\ai\ltrch\dbch\af12\afs20\langfe255\ai\loch\f2\fs20\lang1033\i {\loch\f2\fs20\lang1033\i\b0 subdomain_parser will automatically be invoked in -r mode}
290
\par \pard\plain \ltrpar\s9\li720\ri0\lin720\rin0\fi0\ql\rtlch\af2\afs20\lang255\ai\ltrch\dbch\af12\afs20\langfe255\ai\loch\f2\fs20\lang1033\i
291
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 genprofile $file:$badperm}
292
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033
293
\par \pard\plain \ltrpar\s9\li720\ri0\lin720\rin0\fi0\ql\rtlch\af2\afs20\lang255\ai\ltrch\dbch\af12\afs20\langfe255\ai\loch\f2\fs20\lang1033\i {\loch\f2\fs20\lang1033\i\b0 run this test (exec) passing /bin/true as argv[1]}
294
\par \pard\plain \ltrpar\s9\li720\ri0\lin720\rin0\fi0\ql\rtlch\af2\afs20\lang255\ai\ltrch\dbch\af12\afs20\langfe255\ai\loch\f2\fs20\lang1033\i {\loch\f2\fs20\lang1033\i\b0 check it's output, it is expected to FAIL}
295
\par \pard\plain \ltrpar\s9\li720\ri0\lin720\rin0\fi0\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033
296
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 runchecktest "EXEC no x" fail $file}
297
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033
298
\par \pard\plain \ltrpar\s9\li720\ri0\lin720\rin0\fi0\ql\rtlch\af2\afs20\lang255\ai\ltrch\dbch\af12\afs20\langfe255\ai\loch\f2\fs20\lang1033\i {\loch\f2\fs20\lang1033\i\b0 That\rquote s it. Exit status $rc is automatically returned by epilogue.inc}
299
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033
300
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033
301
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af12\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 The above shows the controlling shell script but this is only \'bd of the test. The other half is the source code for the \lquote exec\rquote executable. The following is the sample code:}
302
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033
303
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab #include <stdio.h>}
304
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab #include <unistd.h>}
305
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab #include <errno.h>}
306
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab #include <sys/types.h>}
307
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab #include <sys/wait.h>}
308
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab #include <signal.h>}
309
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab }
310
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab int main(int argc, char *argv[])}
311
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab \{}
312
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab pid_t pid;}
313
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab }
314
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab extern char **environ;}
315
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab }
316
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab \tab /* basic check of arguments}
317
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab \tab * runchecktest will pass the image to exec as argv[1]}
318
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab \tab */}
319
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab if (argc < 2)\{}
320
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab fprintf(stderr, "usage: %s program [args] \\n", argv[0]);}
321
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab return 1;}
322
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab \}}
323
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab }
324
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab pid=fork();}
325
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab }
326
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab if (pid)\{ /* parent */}
327
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab int status;}
328
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab }
329
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab while (wait(&status) != pid);}
330
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab }
331
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab \tab \tab /* runchecktest requires output of}
332
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab \tab \tab * PASS}
333
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab \tab \tab * -or-}
334
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab \tab \tab * FAILED - reason}
335
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab \tab \tab */}
336
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab if (WIFEXITED(status))\{}
337
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab printf("PASS\\n");}
338
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab \}else\{}
339
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab \tab \tab \tab /* most likely because child sent us a sigkill}
340
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab \tab \tab \tab * because the exec was denied by AppArmor}
341
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab \tab \tab \tab */}
342
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab fprintf(stderr, "FAILED, child did not exit"}
343
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab \tab \tab \tab \tab \tab "normally\\n");}
344
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab \}}
345
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab \}else\{}
346
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab /* child */}
347
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab (void)execve(argv[1], &argv[1], environ);}
348
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab }
349
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab /* exec failed, kill outselves to flag parent */}
350
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab (void)kill(getpid(), SIGKILL);}
351
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab \}}
352
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab return 0;}
353
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033 {\loch\f10\fs20\lang1033\i0\b0 \tab \}}
354
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f10\fs20\lang1033
355
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033
356
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af12\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 As you can see from these two examples, the test framework has certain requirements that the executable must adhere to (outputting PASS/FAIL and argument passing conventions are examples) but there is a fair degree of latitude in how to implement the test
357
to achieve the goals required (for example, the decision to fork a subprocess inside the executable, other tests pass signals back and forth between the shell script and the executable). What is important to understand is that although you may pick a diff
358
erent implementation strategy for different tests, for a given test, the functionality is achieved by both the shell script and the executable and they must operate correctly together.}
359
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033
360
\par \pard\plain \sb240\sa60\keepn\f5\fs28\i\b\f11\fs28\i\b\f5\fs28\i\b\aspalpha \ltrpar\s8\aspalpha\sb240\sa60\keepn\ql\rtlch\af5\afs28\lang255\ai\ab\ltrch\dbch\af11\afs28\langfe255\ai\ab\loch\f5\fs28\lang1033\i\b {\loch\f5\fs28\lang1033\i\b Test Coverage}
361
\par \pard\plain \ltrpar\s1{\*\hyphen2\hyphlead2\hyphtrail2\hyphmax0}\aspalpha\ql\rtlch\af2\afs24\lang255\ltrch\dbch\af2\afs24\langfe255\loch\f2\fs24\lang1033
362
\par \pard\plain {\listtext\pard\plain \li283\ri0\lin283\rin0\fi-283\sa120\f11\f13 1.}\ilvl0 \ltrpar\s2\ls4\li283\ri0\lin283\rin0\fi-283\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 capabilities }
363
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 The capabilities test is an attempt to determine that for a variety of syscalls, the expected capability (especially since Immunix intercepts capability processing for confined processes) and no others allows successful access. For every syscall in the t
364
est, we iterate over each capability individually (plus no capabilities) in order to verify that only the expected capability grants access to the privileged operation. The same is repeated for capabilities within hats. }
365
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033
366
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 The goal is to eventually extend this test verifying additional syscalls and also to perhaps do combinations of capabilities rather than just each individually.}
367
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033
368
\par \pard\plain {\listtext\pard\plain \li283\ri0\lin283\rin0\fi-283\sa120\f11\f13 2.}\ilvl0 \ltrpar\s2\ls4\li283\ri0\lin283\rin0\fi-283\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 changehat }
369
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 verifies basic file access permission checks for a parent profile and one subprofile/hat}
370
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033
371
\par \pard\plain {\listtext\pard\plain \li283\ri0\lin283\rin0\fi-283\sa120\f11\f13 3.}\ilvl0 \ltrpar\s2\ls4\li283\ri0\lin283\rin0\fi-283\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 changehat_fork }
372
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 As 'changehat' but access checks for hats are verified across a fork}
373
\par \pard\plain \ltrpar\s2\li283\ri0\lin283\rin0\fi0\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033
374
\par \pard\plain {\listtext\pard\plain \li283\ri0\lin283\rin0\fi-283\sa120\f11\f13 4.}\ilvl0 \ltrpar\s2\ls4\li283\ri0\lin283\rin0\fi-283\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 changehat_misc }
375
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 Variety of tests verifying entry to subprofiles and return back to parent. AppArmor has rigid requirements around the correct use of the magic# token passed to changehat.}
376
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033
377
\par \pard\plain {\listtext\pard\plain \li283\ri0\lin283\rin0\fi-283\sa120\f11\f13 5.}\ilvl0 \ltrpar\s2\ls4\li283\ri0\lin283\rin0\fi-283\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 chdir }
378
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 Verify change directory functions correctly for a confined process. Subdomain should allow 'x' access on a directory without it being explicitly listed in tasks profile.}
379
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033
380
\par \pard\plain {\listtext\pard\plain \li283\ri0\lin283\rin0\fi-283\sa120\f11\f13 6.}\ilvl0 \ltrpar\s2\ls4\li283\ri0\lin283\rin0\fi-283\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 exec }
381
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 Currently this test verifies inherit (ix) functionality. Ensure that 'ix' is required in order to exec an executable. Support for 'px' and 'ux' needs to be added (see Future Work)}
382
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033
383
\par \pard\plain {\listtext\pard\plain \li283\ri0\lin283\rin0\fi-283\sa120\f11\f13 7.}\ilvl0 \ltrpar\s2\ls4\li283\ri0\lin283\rin0\fi-283\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 exec_qual }
384
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 See 'matrix.doc' in the SubDomain/Documentation directory. This test currently verifies the enforce mode handling of exec between the various confinement conditions for execer and execee. }
385
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 It needs to be extended to include the complain mode verification.}
386
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033
387
\par \pard\plain {\listtext\pard\plain \li283\ri0\lin283\rin0\fi-283\sa120\f11\f13 8.}\ilvl0 \ltrpar\s2\ls4\li283\ri0\lin283\rin0\fi-283\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 fork }
388
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 Verifies that profiles are duplicated correctly for fork (the subtask receives a copy of it's parents profile). The test attempts to access the files passed as arguments for both a parent and a child. The test is repeated for permissive and restrictive
390
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033
391
\par \pard\plain {\listtext\pard\plain \li283\ri0\lin283\rin0\fi-283\sa120\f11\f13 9.}\ilvl0 \ltrpar\s2\ls4\li283\ri0\lin283\rin0\fi-283\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 link }
392
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 Link requires 'l' permission and that permissions on the src and target must match. This test verifies matching, non-matching and missing link permissions in a profile.}
393
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033
394
\par \pard\plain {\listtext\pard\plain \li283\ri0\lin283\rin0\fi-283\sa120\f11\f13 10.}\ilvl0 \ltrpar\s2\ls4\li283\ri0\lin283\rin0\fi-283\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 mmap }
395
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 This test verifies that mmap based access control is also subject to the AppArmor profiles access specification. The test needs some attention/rethought, It is unclear what it's purpose really is. Also why does it fail when the profile is replaced with
396
just read permission as no mapped write is reattempted. Also a test should be added which causes the initial mmap write to fail (due to lack of write permission). }
397
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033
398
\par \pard\plain {\listtext\pard\plain \li283\ri0\lin283\rin0\fi-283\sa120\f11\f13 11.}\ilvl0 \ltrpar\s2\ls4\li283\ri0\lin283\rin0\fi-283\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 mount }
399
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 This test verifies that the mount syscall is indeed restricted for confined processes.}
400
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033
401
\par \pard\plain {\listtext\pard\plain \li283\ri0\lin283\rin0\fi-283\sa120\f11\f13 12.}\ilvl0 \ltrpar\s2\ls4\li283\ri0\lin283\rin0\fi-283\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 named_pipe }
402
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 This test verifies that subdomain file access checks function correctly for named piped (nodes in the filesystem created with mknod). The test creates a parent/child process relationship which attempt to rendevous via the named pipe. The tests are attem
403
pted for unconfined and confined processes and also for subhats.}
404
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033
405
\par \pard\plain {\listtext\pard\plain \li283\ri0\lin283\rin0\fi-283\sa120\f11\f13 13.}\ilvl0 \ltrpar\s2\ls4\li283\ri0\lin283\rin0\fi-283\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 open }
406
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 Verify that the open syscall is correctly managed for confined profiles. A test should be added verifying for non-confined.}
407
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033
408
\par \pard\plain {\listtext\pard\plain \li283\ri0\lin283\rin0\fi-283\sa120\f11\f13 14.}\ilvl0 \ltrpar\s2\ls4\li283\ri0\lin283\rin0\fi-283\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 owlsm }
409
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 AppArmor implements a portion of the OWLSM functionality related to hard and symbolic links.}
410
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 Creating a hard link (as a non root user or more accurately, without CAP_FUSER) to a file owned by another user is disallowed. Following a symbolic link in a directory with the sticky bit set is not allowed if the link is owned by a different user than th
411
e directory. Note that these restrictions are for all processes, not just confined ones.}
412
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033
413
\par \pard\plain {\listtext\pard\plain \li283\ri0\lin283\rin0\fi-283\sa120\f11\f13 15.}\ilvl0 \ltrpar\s2\ls4\li283\ri0\lin283\rin0\fi-283\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 pipe }
414
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 This test is structured similarly to named_pipe except it uses the pipe(2) call to create a communication channel between parent and child rather than a node in the filesystem. AppArmor does not mediate pipe io for either confined or non confined process
415
es. This test verifies that io functions as expected for both an unconfined process and a confined process with an empty profile.}
416
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033
417
\par \pard\plain {\listtext\pard\plain \li283\ri0\lin283\rin0\fi-283\sa120\f11\f13 16.}\ilvl0 \ltrpar\s2\ls4\li283\ri0\lin283\rin0\fi-283\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 ptrace}
418
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 Read permission is required for a confined process to be able to be traced using ptrace. This test verifies this. Currently is it not functioning correctly. It stopped functioning correctly somewhere between 2.4.18 and 2.4.20.}
419
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033
420
\par \pard\plain {\listtext\pard\plain \li283\ri0\lin283\rin0\fi-283\sa120\f11\f13 17.}\ilvl0 \ltrpar\s2\ls4\li283\ri0\lin283\rin0\fi-283\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 regex }
421
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 This test verifies that tail globbing and regex globbing (perl regex engine) are functioning correctly for confined processes. Single character, multi character and character class regexes are verified.}
422
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033
423
\par \pard\plain {\listtext\pard\plain \li283\ri0\lin283\rin0\fi-283\sa120\f11\f13 18.}\ilvl0 \ltrpar\s2\ls4\li283\ri0\lin283\rin0\fi-283\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 rename }
424
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 The rename system call changes the name of a file in the filesystem. The test verifies that this operation (which involves AppArmor write and link permission checks) functions correctly for a confined process.}
425
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033
426
\par \pard\plain {\listtext\pard\plain \li283\ri0\lin283\rin0\fi-283\sa120\f11\f13 19.}\ilvl0 \ltrpar\s2\ls4\li283\ri0\lin283\rin0\fi-283\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 readdir }
427
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 AppArmor requires 'r' permission on a directory in order for a confined task to be able to read the directory contents. This test verifies this.}
428
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033
429
\par \pard\plain {\listtext\pard\plain \li283\ri0\lin283\rin0\fi-283\sa120\f11\f13 20.}\ilvl0 \ltrpar\s2\ls4\li283\ri0\lin283\rin0\fi-283\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 rw }
430
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 This test verifies read/write operation. AppArmor caches a successful open but checks (on read/write) to see if a confined processes profile has been replaced asynchronously. If it has, access is reevaluated. The test waits for a signal at which point
431
it reattempts to write, read and verify data. The controlling script performs a profile replacement before sending the signal for the test to reattempt the io.}
432
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033
433
\par \pard\plain {\listtext\pard\plain \li283\ri0\lin283\rin0\fi-283\sa120\f11\f13 21.}\ilvl0 \ltrpar\s2\ls4\li283\ri0\lin283\rin0\fi-283\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 swap }
434
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 Confined processes are prohibited from executing certain system calls entirely, including swapon(2) swapoff (2). This test verifies that unconfined processes can call these syscalls but confined processes cannot.}
435
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033
436
\par \pard\plain {\listtext\pard\plain \li283\ri0\lin283\rin0\fi-283\sa120\f11\f13 22.}\ilvl0 \ltrpar\s2\ls4\li283\ri0\lin283\rin0\fi-283\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 setattr }
437
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 Write permission is required in a confined processes profile in order to change the mode (chmod, chgrp, chown) of a file. This test verifies these system calls for unconfined and confined processes.}
438
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033
439
\par \pard\plain {\listtext\pard\plain \li283\ri0\lin283\rin0\fi-283\sa120\f11\f13 23.}\ilvl0 \ltrpar\s2\ls4\li283\ri0\lin283\rin0\fi-283\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 symlink }
440
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 As the 'link' test but for symbolic rather than hard links.}
441
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033
442
\par \pard\plain {\listtext\pard\plain \li283\ri0\lin283\rin0\fi-283\sa120\f11\f13 24.}\ilvl0 \ltrpar\s2\ls4\li283\ri0\lin283\rin0\fi-283\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 syscall }
443
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 Confined processes are prohibited from executing certain system calls entirely. This test checks a variety of such syscalls including ptrace, mknod, sysctl (write), sethostname, setdomainname, ioperm, iopl and reboot}
444
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033
445
\par \pard\plain {\listtext\pard\plain \li283\ri0\lin283\rin0\fi-283\sa120\f11\f13 25.}\ilvl0 \ltrpar\s2\ls4\li283\ri0\lin283\rin0\fi-283\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 unlink}
446
\par \pard\plain \ltrpar\s2\sa120\ql\rtlch\af13\afs24\lang255\ltrch\dbch\af11\afs24\langfe255\loch\fs24\lang1033 {\loch\f1\fs24\lang1033\i0\b0 In order to unlink a file, a confined process must have 'l' permission in it's profile for the relevant file. This test verifies this.}
447
\par \pard\plain \sb240\sa60\keepn\f5\fs28\i\b\f11\fs28\i\b\f5\fs28\i\b\aspalpha \ltrpar\s8\aspalpha\sb240\sa60\keepn\ql\rtlch\af5\afs28\lang255\ai\ab\ltrch\dbch\af11\afs28\langfe255\ai\ab\loch\f5\fs28\lang1033\i\b {\loch\f5\fs28\lang1033\i\b Future work/changes}
448
\par \pard\plain \ltrpar\s1{\*\hyphen2\hyphlead2\hyphtrail2\hyphmax0}\aspalpha\ql\rtlch\af2\afs24\lang255\ltrch\dbch\af2\afs24\langfe255\loch\f2\fs24\lang1033
449
\par \pard\plain {\listtext\pard\plain \li283\ri0\lin283\rin0\fi-283\f2\f2\f2\aspalpha 1.}\ilvl0 \ltrpar\s1{\*\hyphen2\hyphlead2\hyphtrail2\hyphmax0}\ls2\aspalpha\li283\ri0\lin283\rin0\fi-283\ql\rtlch\af2\afs24\lang255\ltrch\dbch\af2\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 Add metadata (comments) to each test which can be used to automatically generate test coverage data (as the above section risks getting out of date quickly).}
450
\par \pard\plain \ltrpar\s1{\*\hyphen2\hyphlead2\hyphtrail2\hyphmax0}\aspalpha\li283\ri0\lin283\rin0\fi0\ql\rtlch\af2\afs24\lang255\ltrch\dbch\af2\afs24\langfe255\loch\f2\fs24\lang1033
451
\par \pard\plain {\listtext\pard\plain \li283\ri0\lin283\rin0\fi-283\f2\f2\f2\aspalpha 2.}\ilvl0 \ltrpar\s1{\*\hyphen2\hyphlead2\hyphtrail2\hyphmax0}\ls2\aspalpha\li283\ri0\lin283\rin0\fi-283\ql\rtlch\af2\afs24\lang255\ltrch\dbch\af2\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 Test cases for the following need to be added:}
452
\par \pard\plain {\listtext\pard\plain \li1003\ri0\lin1003\rin0\fi-283\f2\f2\f2\aspalpha\f7\fs18\f7\fs18\f7\fs18 \u9679 ?}\ilvl0 \ltrpar\s1{\*\hyphen2\hyphlead2\hyphtrail2\hyphmax0}\ls1\aspalpha\li1003\ri0\lin1003\rin0\fi-283\ql\rtlch\af2\afs24\lang255\ltrch\dbch\af2\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 exec (unconstrained/ux and profile/px)}
453
\par \pard\plain {\listtext\pard\plain \li1003\ri0\lin1003\rin0\fi-283\f2\f2\f2\aspalpha\f7\fs18\f7\fs18\f7\fs18 \u9679 ?}\ilvl0 \ltrpar\s1{\*\hyphen2\hyphlead2\hyphtrail2\hyphmax0}\ls1\aspalpha\li1003\ri0\lin1003\rin0\fi-283\ql\rtlch\af2\afs24\lang255\ltrch\dbch\af2\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 add fork tests (for clone, vfork etc)}
454
\par \pard\plain {\listtext\pard\plain \li1003\ri0\lin1003\rin0\fi-283\f2\f2\f2\aspalpha\f7\fs18\f7\fs18\f7\fs18 \u9679 ?}\ilvl0 \ltrpar\s1{\*\hyphen2\hyphlead2\hyphtrail2\hyphmax0}\ls1\aspalpha\li1003\ri0\lin1003\rin0\fi-283\ql\rtlch\af2\afs24\lang255\ltrch\dbch\af2\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 add read/write tests (pread/pwrite/readv/writev)}
455
\par \pard\plain {\listtext\pard\plain \li1003\ri0\lin1003\rin0\fi-283\f2\f2\f2\aspalpha\f7\fs18\f7\fs18\f7\fs18 \u9679 ?}\ilvl0 \ltrpar\s1{\*\hyphen2\hyphlead2\hyphtrail2\hyphmax0}\ls1\aspalpha\li1003\ri0\lin1003\rin0\fi-283\ql\rtlch\af2\afs24\lang255\ltrch\dbch\af2\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 complain mode verification for exec (exec_qual). The enforce portion of the matrix has been completed.}
456
\par \pard\plain {\listtext\pard\plain \li1003\ri0\lin1003\rin0\fi-283\f2\f2\f2\aspalpha\f7\fs18\f7\fs18\f7\fs18 \u9679 ?}\ilvl0 \ltrpar\s1{\*\hyphen2\hyphlead2\hyphtrail2\hyphmax0}\ls1\aspalpha\li1003\ri0\lin1003\rin0\fi-283\ql\rtlch\af2\afs24\lang255\ltrch\dbch\af2\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 netdomain (complete tcp tests. Create udp tests including sendmsg). Lots to do.}
457
\par \pard\plain {\listtext\pard\plain \li1003\ri0\lin1003\rin0\fi-283\f2\f2\f2\aspalpha\f7\fs18\f7\fs18\f7\fs18 \u9679 ?}\ilvl0 \ltrpar\s1{\*\hyphen2\hyphlead2\hyphtrail2\hyphmax0}\ls1\aspalpha\li1003\ri0\lin1003\rin0\fi-283\ql\rtlch\af2\afs24\lang255\ltrch\dbch\af2\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 /proc/pid/attr tests. Verify current restrictions on who can changehat, who can setprofile etc.}
458
\par \pard\plain {\listtext\pard\plain \li1003\ri0\lin1003\rin0\fi-283\f2\f2\f2\aspalpha\f7\fs18\f7\fs18\f7\fs18 \u9679 ?}\ilvl0 \ltrpar\s1{\*\hyphen2\hyphlead2\hyphtrail2\hyphmax0}\ls1\aspalpha\li1003\ri0\lin1003\rin0\fi-283\ql\rtlch\af2\afs24\lang255\ltrch\dbch\af2\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 file descriptor passing via Unix domain sockets (normal and inside hat)}
459
\par \pard\plain {\listtext\pard\plain \li1003\ri0\lin1003\rin0\fi-283\f2\f2\f2\aspalpha\f7\fs18\f7\fs18\f7\fs18 \u9679 ?}\ilvl0 \ltrpar\s1{\*\hyphen2\hyphlead2\hyphtrail2\hyphmax0}\ls1\aspalpha\li1003\ri0\lin1003\rin0\fi-283\ql\rtlch\af2\afs24\lang255\ltrch\dbch\af2\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 reorganise structure of various changehat tests. }
460
\par \pard\plain {\listtext\pard\plain \li1003\ri0\lin1003\rin0\fi-283\f2\f2\f2\aspalpha\f7\fs18\f7\fs18\f7\fs18 \u9679 ?}\ilvl0 \ltrpar\s1{\*\hyphen2\hyphlead2\hyphtrail2\hyphmax0}\ls1\aspalpha\li1003\ri0\lin1003\rin0\fi-283\ql\rtlch\af2\afs24\lang255\ltrch\dbch\af2\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 Add more globbing (perl regex) tests}
461
\par \pard\plain \ltrpar\s1{\*\hyphen2\hyphlead2\hyphtrail2\hyphmax0}\aspalpha\li720\ri0\lin720\rin0\fi0\ql\rtlch\af2\afs24\lang255\ltrch\dbch\af2\afs24\langfe255\loch\f2\fs24\lang1033
462
\par \pard\plain {\listtext\pard\plain \li283\ri0\lin283\rin0\fi-283\f2\f2\f2\aspalpha\f8\f8\f8 3.}\ilvl0 \ltrpar\s1{\*\hyphen2\hyphlead2\hyphtrail2\hyphmax0}\ls0\aspalpha\li283\ri0\lin283\rin0\fi-283\ql\rtlch\af2\afs24\lang255\ltrch\dbch\af2\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 Resolve mediation of mkdir/rmdir}
463
\par \pard\plain {\listtext\pard\plain \li283\ri0\lin283\rin0\fi-283\f2\f2\f2\aspalpha\f8\f8\f8 4.}\ilvl0 \ltrpar\s1{\*\hyphen2\hyphlead2\hyphtrail2\hyphmax0}\ls0\aspalpha\li283\ri0\lin283\rin0\fi-283\ql\rtlch\af2\afs24\lang255\ltrch\dbch\af2\afs24\langfe255\loch\f2\fs24\lang1033 {\loch\f2\fs24\lang1033\i0\b0 Resolve issues with ptrace failing (see README)}
464
\par \pard\plain \sb240\sa60\keepn\f5\fs28\i\b\f12\fs28\i\b\f5\fs28\i\b\aspalpha \ltrpar\s8\aspalpha\sb240\sa60\keepn\ql\rtlch\af5\afs28\lang255\ai\ab\ltrch\dbch\af12\afs28\langfe255\ai\ab\loch\f5\fs28\lang1033\i\b {\loch\f5\fs28\lang1033\i\b Additional Documentation}
465
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033 {\loch\f2\fs20\lang1033\i0\b0 For additional information see the file 'README' in the test suite package.}
466
\par \pard\plain \ltrpar\s9\ql\rtlch\af2\afs20\lang255\ltrch\dbch\af12\afs20\langfe255\loch\f2\fs20\lang1033
467
\par \pard\plain \ltrpar\s1{\*\hyphen2\hyphlead2\hyphtrail2\hyphmax0}\aspalpha\ql\rtlch\af2\afs24\lang255\ltrch\dbch\af2\afs24\langfe255\loch\f2\fs24\lang1033
b'\\ No newline at end of file'
added
removed
tests/regression/apparmor/AppArmor.rtf
