[apparmor] [patch] Two patches to AppArmor.pm/autodep

Steve Beattie steve at nxnw.org
Mon Jan 9 15:59:19 UTC 2012 

This patch updates the initial profile generation for python and ruby
scripts to include the respective abstractions.

---
 utils/Immunix/AppArmor.pm |    4 ++++
 1 file changed, 4 insertions(+)

Index: b/utils/Immunix/AppArmor.pm
===================================================================
--- a/utils/Immunix/AppArmor.pm
+++ b/utils/Immunix/AppArmor.pm
@@ -776,6 +776,10 @@ sub create_new_profile($) {
                 $profile->{$fqdbin}{include}->{"abstractions/perl"} = 1;
             } elsif ($interpreter =~ m/\/bin\/(bash|sh)/) {
                 $profile->{$fqdbin}{include}->{"abstractions/bash"} = 1;
+            } elsif ($interpreter =~ m/python/) {
+                $profile->{$fqdbin}{include}->{"abstractions/python"} = 1;
+            } elsif ($interpreter =~ m/ruby/) {
+                $profile->{$fqdbin}{include}->{"abstractions/ruby"} = 1;
             }
             handle_binfmt($profile->{$fqdbin}, $interpreter);
         } else {


This patch fixes the profile autogeneration code to include read access
to the script itself for interpreted scripts.

---
 utils/Immunix/AppArmor.pm |    2 ++
 1 file changed, 2 insertions(+)

Index: b/utils/Immunix/AppArmor.pm
===================================================================
--- a/utils/Immunix/AppArmor.pm
+++ b/utils/Immunix/AppArmor.pm
@@ -770,6 +770,8 @@ sub create_new_profile($) {
         my $hashbang = head($fqdbin);
         if ($hashbang && $hashbang =~ /^#!\s*(\S+)/) {
             my $interpreter = get_full_path($1);
+            $profile->{$fqdbin}{allow}{path}->{$fqdbin}{mode} |= str_to_mode("r");
+            $profile->{$fqdbin}{allow}{path}->{$fqdbin}{mode} |= 0;
             $profile->{$fqdbin}{allow}{path}->{$interpreter}{mode} |= str_to_mode("ix");
             $profile->{$fqdbin}{allow}{path}->{$interpreter}{audit} |= 0;
             if ($interpreter =~ /perl/) {

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20120109/a7d1e903/attachment.pgp>

More information about the AppArmor mailing list