[apparmor] PATCH [5/6] - add target key
John Johansen
john.johansen at canonical.com
Fri Sep 10 00:47:12 BST 2010
On 09/09/2010 03:02 PM, Steve Beattie wrote:
> On Thu, Sep 09, 2010 at 08:39:51AM -0700, John Johansen wrote:
>> The new apparmor module uses has added a target key that is used to report
>> the target of an operation instead of name2 used in previous kernels
>>
>> Index: libapparmor/src/grammar.y
>> ===================================================================
>> --- libapparmor.orig/src/grammar.y 2010-09-09 08:06:21.004193401 -0700
>> +++ libapparmor/src/grammar.y 2010-09-09 08:08:35.774193758 -0700
>> @@ -164,6 +164,7 @@
>> %token TOK_KEY_CAPABILITY
>> %token TOK_KEY_CAPNAME
>> %token TOK_KEY_OFFSET
>> +%token TOK_KEY_TARGET
>>
>> %token TOK_SYSLOG_KERNEL
>>
>> @@ -460,6 +461,10 @@
>> * loaded policy. We can just drop this currently
>> */
>> }
>> + | TOK_KEY_TARGET TOK_EQUALS safe_string
>> + { /* target was always name2 in the past */
>> + ret_record->name2 = $3;
>> + }
>> ;
>>
>> apparmor_event:
>> Index: libapparmor/src/scanner.l
>> ===================================================================
>> --- libapparmor.orig/src/scanner.l 2010-09-09 08:06:16.584193401 -0700
>> +++ libapparmor/src/scanner.l 2010-09-09 08:09:23.624193491 -0700
>> @@ -162,6 +162,7 @@
>> key_capability "capability"
>> key_capname "capname"
>> key_offset "offset"
>> +key_target "target"
>> audit "audit"
>>
>> /* syslog tokens */
>> @@ -350,6 +351,7 @@
>> {key_capability} { return(TOK_KEY_CAPABILITY); }
>> {key_capname} { return(TOK_KEY_CAPNAME); }
>> {key_offset} { return(TOK_KEY_OFFSET); }
>> +{key_target} { return(TOK_KEY_TARGET); }
>>
>> {syslog_kernel} { BEGIN(dmesg_timestamp); return(TOK_SYSLOG_KERNEL); }
>> {syslog_month} { yylval->t_str = strdup(yytext); return(TOK_DATE_MONTH); }
>
> ACKed for 2.5.1. Here's a patch for a testcase for it:
>
ACK for the test
> === added file 'libraries/libapparmor/testsuite/test_multi/testcase_syslog_link_01.err'
> === added file 'libraries/libapparmor/testsuite/test_multi/testcase_syslog_link_01.in'
> --- libraries/libapparmor/testsuite/test_multi/testcase_syslog_link_01.in 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/testcase_syslog_link_01.in 2010-09-09 21:59:48 +0000
> @@ -0,0 +1,1 @@
> +Sep 9 12:58:28 ubuntu-desktop kernel: [ 2010.738449] type=1400 audit(1284062308.965:276251): apparmor="DENIED" operation="link" parent=19088 profile="/home/ubuntu/bzr/apparmor/tests/regression/apparmor/link" name="/tmp/sdtest.19088-12382-HWH57d/linkfile" pid=19142 comm="link" requested_mask="l" denied_mask="l" fsuid=0 ouid=0 target="/tmp/sdtest.19088-12382-HWH57d/target"
>
> === added file 'libraries/libapparmor/testsuite/test_multi/testcase_syslog_link_01.out'
> --- libraries/libapparmor/testsuite/test_multi/testcase_syslog_link_01.out 1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/testcase_syslog_link_01.out 2010-09-09 22:00:35 +0000
> @@ -0,0 +1,17 @@
> +START
> +File: test_multi/testcase_syslog_link_01.in
> +Event type: AA_RECORD_DENIED
> +Audit ID: 1284062308.965:276251
> +Operation: link
> +Mask: l
> +Denied Mask: l
> +fsuid: 0
> +ouid: 0
> +Profile: /home/ubuntu/bzr/apparmor/tests/regression/apparmor/link
> +Name: /tmp/sdtest.19088-12382-HWH57d/linkfile
> +Command: link
> +Name2: /tmp/sdtest.19088-12382-HWH57d/target
> +Parent: 19088
> +PID: 19142
> +Epoch: 1284062308
> +Audit subid: 276251
>
>
>
More information about the AppArmor
mailing list