[apparmor] [patch 1/8] testsuite - move /proc/attr generation to mkprofile
John Johansen
john.johansen at canonical.com
Thu Jan 12 10:08:24 UTC 2012
On 01/12/2012 10:08 AM, Steve Beattie wrote:
> This patch moves the generation of the rules that grant write access
> to /proc/*/attr/current to mkprofile.pl from prologue.inc.
>
Acked-by: John Johansen <john.johansen at canonical.com>
> ---
> tests/regression/apparmor/mkprofile.pl | 8 ++++++--
> tests/regression/apparmor/prologue.inc | 13 ++-----------
> 2 files changed, 8 insertions(+), 13 deletions(-)
>
> Index: b/tests/regression/apparmor/mkprofile.pl
> ===================================================================
> --- a/tests/regression/apparmor/mkprofile.pl
> +++ b/tests/regression/apparmor/mkprofile.pl
> @@ -32,7 +32,7 @@ sub usage {
> print STDERR " help: print this message\n";
> }
>
> -&usage && exit 0 if ($help || @ARGV < 1);
> +&usage && exit 0 if ($help || @ARGV < 1);
>
> sub emit_netdomain {
> my $rule = shift;
> @@ -95,13 +95,17 @@ sub emit_hat {
> (!$nowarn) && print STDERR "Warning: invalid hat description '$rule', ignored\n";
> } else {
> $hat = $rules[1];
> - $output_rules{$hat} = ( );
> + # give every profile/hat access to change_hat
> + @{$output_rules{$hat}} = ( " /proc/*/attr/current w,\n",);
> }
> }
>
> my $bin = shift @ARGV;
> !(-e $bin || $nowarn) && print STDERR "Warning: execname '$bin': no such file or directory\n";
>
> +# give every profile/hat access to change_hat
> +emit_file("/proc/*/attr/current:w");
> +
> for my $rule (@ARGV) {
> #($fn, @rules) = split (/:/, $rule);
> if ($rule =~ /^(tcp|udp)/) {
> Index: b/tests/regression/apparmor/prologue.inc
> ===================================================================
> --- a/tests/regression/apparmor/prologue.inc
> +++ b/tests/regression/apparmor/prologue.inc
> @@ -433,9 +433,7 @@ fi
> ;;
> esac
>
> - #give every profile/hat access to change_hat
> - args[0]="/proc/*/attr/current:w"
> - num_args=1
> + num_args=0
> while [ $# -gt 0 ]
> do
> arg="$1"
> @@ -447,15 +445,8 @@ fi
> eval emit_profile \"$imagename\" \"$imageperm\" \
> $(for i in $(seq 0 $((${num_args} - 1))) ; do echo \"\${args[${i}]}\" ; done)
> num_emitted=$((num_emitted + 1))
> - #give every profile/hat access to change_hat
> - args[0]="/proc/*/attr/current:w"
> - num_args=1
> + num_args=0
> continue 2
> - elif [ ${arg:0:4} == "hat:" ] ; then
> - args[${num_args}]=${arg}
> - num_args=$(($num_args + 1))
> - args[${num_args}]="/proc/*/attr/current:w"
> - num_args=$(($num_args + 1))
> else
> args[${num_args}]=${arg}
> num_args=$(($num_args + 1))
>
>
> -- AppArmor mailing list AppArmor at lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
>
More information about the AppArmor
mailing list