[apparmor] [PATCH 2/5] Remove the restriction that unattached profiles must be started with the profile keyword. It is not required for parsing and there doesn't seem to be an good reason to require it.

John Johansen john.johansen at canonical.com
Tue Nov 23 09:18:52 GMT 2010 

Signed-off-by: John Johansen <john.johansen at canonical.com>
---
 parser/parser_yacc.y                               |    3 ---
 parser/tst/simple_tests/profile/profile_bad1.sd    |    9 +--------
 .../tst/simple_tests/profile/profile_basic_ok2.sd  |   12 ++++++++++++
 3 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/parser/parser_yacc.y b/parser/parser_yacc.y
index 4c0da5a..bb11331 100644
--- a/parser/parser_yacc.y
+++ b/parser/parser_yacc.y
@@ -226,9 +226,6 @@ profile:	opt_profile_flag opt_namespace TOK_ID flags TOK_OPEN rules TOK_CLOSE
 			yyerror(_("Memory allocation error."));
 		}
 
-		if ($3[0] != '/' && !($1 || $2))
-			yyerror(_("Profile names must begin with a '/', namespace or keyword 'profile' or 'hat'."));
-
 		cod->namespace = $2;
 		cod->name = $3;
 		cod->flags = $4;
diff --git a/parser/tst/simple_tests/profile/profile_bad1.sd b/parser/tst/simple_tests/profile/profile_bad1.sd
index 601233e..4bcf87d 100644
--- a/parser/tst/simple_tests/profile/profile_bad1.sd
+++ b/parser/tst/simple_tests/profile/profile_bad1.sd
@@ -2,14 +2,7 @@
 # $Id$
 #=DESCRIPTION unattached profile without profile keyword
 #=EXRESULT FAIL
+#=DISABLED
 # vim:syntax=subdomain
 # Last Modified: Sun Apr 17 19:44:44 2005
 #
-unattached {
-  /usr/X11R6/lib/lib*so* rrr,
-  /does/not/exist r,
-  /var/log/messages www,
-  /tmp/sd*.foo rwrwwrll,
-  /bin/cat pxpxpxpxpx,
-  /bin/ls ixixixix,
-}
diff --git a/parser/tst/simple_tests/profile/profile_basic_ok2.sd b/parser/tst/simple_tests/profile/profile_basic_ok2.sd
index 8e11682..c5e50b1 100644
--- a/parser/tst/simple_tests/profile/profile_basic_ok2.sd
+++ b/parser/tst/simple_tests/profile/profile_basic_ok2.sd
@@ -16,3 +16,15 @@ profile notattached {
   /bin/ls ixixixix,
   /bin/echo uxuxuxuxux,
 }
+
+unattached {
+  #include <includes/base>
+
+  /usr/X11R6/lib/lib*so* rrr,
+  /does/not/exist r,
+  /var/log/messages www,
+  /tmp/sd*.foo rwrwwrll,
+  /bin/cat pxpxpxpxpx,
+  /bin/ls ixixixix,
+  /bin/echo uxuxuxuxux,
+}
-- 
1.7.1

More information about the AppArmor mailing list