[apparmor] PATCH [5/6] - add target key
Steve Beattie
steve at nxnw.org
Thu Sep 9 23:02:44 BST 2010
On Thu, Sep 09, 2010 at 08:39:51AM -0700, John Johansen wrote:
> The new apparmor module uses has added a target key that is used to report
> the target of an operation instead of name2 used in previous kernels
>
> Index: libapparmor/src/grammar.y
> ===================================================================
> --- libapparmor.orig/src/grammar.y 2010-09-09 08:06:21.004193401 -0700
> +++ libapparmor/src/grammar.y 2010-09-09 08:08:35.774193758 -0700
> @@ -164,6 +164,7 @@
> %token TOK_KEY_CAPABILITY
> %token TOK_KEY_CAPNAME
> %token TOK_KEY_OFFSET
> +%token TOK_KEY_TARGET
>
> %token TOK_SYSLOG_KERNEL
>
> @@ -460,6 +461,10 @@
> * loaded policy. We can just drop this currently
> */
> }
> + | TOK_KEY_TARGET TOK_EQUALS safe_string
> + { /* target was always name2 in the past */
> + ret_record->name2 = $3;
> + }
> ;
>
> apparmor_event:
> Index: libapparmor/src/scanner.l
> ===================================================================
> --- libapparmor.orig/src/scanner.l 2010-09-09 08:06:16.584193401 -0700
> +++ libapparmor/src/scanner.l 2010-09-09 08:09:23.624193491 -0700
> @@ -162,6 +162,7 @@
> key_capability "capability"
> key_capname "capname"
> key_offset "offset"
> +key_target "target"
> audit "audit"
>
> /* syslog tokens */
> @@ -350,6 +351,7 @@
> {key_capability} { return(TOK_KEY_CAPABILITY); }
> {key_capname} { return(TOK_KEY_CAPNAME); }
> {key_offset} { return(TOK_KEY_OFFSET); }
> +{key_target} { return(TOK_KEY_TARGET); }
>
> {syslog_kernel} { BEGIN(dmesg_timestamp); return(TOK_SYSLOG_KERNEL); }
> {syslog_month} { yylval->t_str = strdup(yytext); return(TOK_DATE_MONTH); }
ACKed for 2.5.1. Here's a patch for a testcase for it:
=== added file 'libraries/libapparmor/testsuite/test_multi/testcase_syslog_link_01.err'
=== added file 'libraries/libapparmor/testsuite/test_multi/testcase_syslog_link_01.in'
--- libraries/libapparmor/testsuite/test_multi/testcase_syslog_link_01.in 1970-01-01 00:00:00 +0000
+++ libraries/libapparmor/testsuite/test_multi/testcase_syslog_link_01.in 2010-09-09 21:59:48 +0000
@@ -0,0 +1,1 @@
+Sep 9 12:58:28 ubuntu-desktop kernel: [ 2010.738449] type=1400 audit(1284062308.965:276251): apparmor="DENIED" operation="link" parent=19088 profile="/home/ubuntu/bzr/apparmor/tests/regression/apparmor/link" name="/tmp/sdtest.19088-12382-HWH57d/linkfile" pid=19142 comm="link" requested_mask="l" denied_mask="l" fsuid=0 ouid=0 target="/tmp/sdtest.19088-12382-HWH57d/target"
=== added file 'libraries/libapparmor/testsuite/test_multi/testcase_syslog_link_01.out'
--- libraries/libapparmor/testsuite/test_multi/testcase_syslog_link_01.out 1970-01-01 00:00:00 +0000
+++ libraries/libapparmor/testsuite/test_multi/testcase_syslog_link_01.out 2010-09-09 22:00:35 +0000
@@ -0,0 +1,17 @@
+START
+File: test_multi/testcase_syslog_link_01.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1284062308.965:276251
+Operation: link
+Mask: l
+Denied Mask: l
+fsuid: 0
+ouid: 0
+Profile: /home/ubuntu/bzr/apparmor/tests/regression/apparmor/link
+Name: /tmp/sdtest.19088-12382-HWH57d/linkfile
+Command: link
+Name2: /tmp/sdtest.19088-12382-HWH57d/target
+Parent: 19088
+PID: 19142
+Epoch: 1284062308
+Audit subid: 276251
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/apparmor/attachments/20100909/60bdd46b/attachment-0001.pgp
More information about the AppArmor
mailing list