interfaces: adjust docker-support test to handle mqueue

Signed-off-by: Zygmunt Krynicki <[email protected]>
canonical · Jul 8, 2024 · 6ff315b · 6ff315b
1 parent c52a550
commit 6ff315b
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/interfaces/builtin/docker_support_test.go b/interfaces/builtin/docker_support_test.go
@@ -320,6 +320,11 @@ func (s *DockerSupportInterfaceSuite) TestGenerateAAREExclusionPatterns(c *C) {
 	const dockerSupportConnectedPlugAppArmorUserNS = `
 # allow use of user namespaces
 userns,
+`
+
+	const dockerSupportConnectedPlugAppArmorMqueue = `
+# allow unrestricted use of posix message queues
+mqueue,
 `
 
 	const dockerSupportConnectedPlugAppArmor = `
@@ -845,17 +850,22 @@ ptrace (read, trace) peer=unconfined,
 	// Generate profile to compare with
 	privilegedProfile := dockerSupportPrivilegedAppArmor + dockerSupportConnectedPlugAppArmor
 
-	// if apparmor supports userns mediation then add this too
 	if (apparmor_sandbox.ProbedLevel() != apparmor_sandbox.Partial) && (apparmor_sandbox.ProbedLevel() != apparmor_sandbox.Full) {
 		c.Skip(apparmor_sandbox.Summary())
 	}
 
+	// if apparmor supports userns mediation then add this too
 	features, err := apparmor_sandbox.ParserFeatures()
 	c.Assert(err, IsNil)
 	if strutil.ListContains(features, "userns") {
 		privilegedProfile += dockerSupportConnectedPlugAppArmorUserNS
 	}
 
+	// if apparmor supports mqueue mediation then add this too
+	if strutil.ListContains(features, "mqueue") {
+		privilegedProfile += dockerSupportConnectedPlugAppArmorMqueue
+	}
+
 	// Profile existing profile
 	expectedHash, err := testutil.AppArmorParseAndHashHelper("#include <tunables/global> \nprofile docker_support {" + privilegedProfile + "}")
 	c.Assert(err, IsNil)