[apparmor] [PATCH 2/5] Remove the restriction that unattached profiles must be started with the profile keyword. It is not required for parsing and there doesn't seem to be an good reason to require it.

Steve Beattie steve at nxnw.org
Mon Nov 29 20:29:50 GMT 2010 

On Tue, Nov 23, 2010 at 01:18:52AM -0800, John Johansen wrote:
> Remove the restriction that unattached profiles must be started with
> the profile keyword. It is not required for parsing and there doesn't
> seem to be an good reason to require it.

It looks like the restriction got added in (bzr) commit 939 with the
basic addition of namespaces, but there's no explanation as to why.

> Signed-off-by: John Johansen <john.johansen at canonical.com>
Acked-By: Steve Beattie <sbeattie at ubuntu.com>

> ---
>  parser/parser_yacc.y                               |    3 ---
>  parser/tst/simple_tests/profile/profile_bad1.sd    |    9 +--------
>  .../tst/simple_tests/profile/profile_basic_ok2.sd  |   12 ++++++++++++
>  3 files changed, 13 insertions(+), 11 deletions(-)
> 
> diff --git a/parser/parser_yacc.y b/parser/parser_yacc.y
> index 4c0da5a..bb11331 100644
> --- a/parser/parser_yacc.y
> +++ b/parser/parser_yacc.y
> @@ -226,9 +226,6 @@ profile:	opt_profile_flag opt_namespace TOK_ID flags TOK_OPEN rules TOK_CLOSE
>  			yyerror(_("Memory allocation error."));
>  		}
>  
> -		if ($3[0] != '/' && !($1 || $2))
> -			yyerror(_("Profile names must begin with a '/', namespace or keyword 'profile' or 'hat'."));
> -
>  		cod->namespace = $2;
>  		cod->name = $3;
>  		cod->flags = $4;
> diff --git a/parser/tst/simple_tests/profile/profile_bad1.sd b/parser/tst/simple_tests/profile/profile_bad1.sd
> index 601233e..4bcf87d 100644
> --- a/parser/tst/simple_tests/profile/profile_bad1.sd
> +++ b/parser/tst/simple_tests/profile/profile_bad1.sd
> @@ -2,14 +2,7 @@
>  # $Id$
>  #=DESCRIPTION unattached profile without profile keyword
>  #=EXRESULT FAIL
> +#=DISABLED
>  # vim:syntax=subdomain
>  # Last Modified: Sun Apr 17 19:44:44 2005
>  #
> -unattached {
> -  /usr/X11R6/lib/lib*so* rrr,
> -  /does/not/exist r,
> -  /var/log/messages www,
> -  /tmp/sd*.foo rwrwwrll,
> -  /bin/cat pxpxpxpxpx,
> -  /bin/ls ixixixix,
> -}
> diff --git a/parser/tst/simple_tests/profile/profile_basic_ok2.sd b/parser/tst/simple_tests/profile/profile_basic_ok2.sd
> index 8e11682..c5e50b1 100644
> --- a/parser/tst/simple_tests/profile/profile_basic_ok2.sd
> +++ b/parser/tst/simple_tests/profile/profile_basic_ok2.sd
> @@ -16,3 +16,15 @@ profile notattached {
>    /bin/ls ixixixix,
>    /bin/echo uxuxuxuxux,
>  }
> +
> +unattached {
> +  #include <includes/base>
> +
> +  /usr/X11R6/lib/lib*so* rrr,
> +  /does/not/exist r,
> +  /var/log/messages www,
> +  /tmp/sd*.foo rwrwwrll,
> +  /bin/cat pxpxpxpxpx,
> +  /bin/ls ixixixix,
> +  /bin/echo uxuxuxuxux,
> +}
> -- 
> 1.7.1
> 
> 
> -- 
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/apparmor/attachments/20101129/6b82c101/attachment.pgp

More information about the AppArmor mailing list