[apparmor] [patch] some comments for create-apparmor.vim.py

Steve Beattie steve at nxnw.org
Mon Mar 26 17:22:31 UTC 2012 

On Sat, Mar 24, 2012 at 12:24:39AM +0100, Christian Boltz wrote:
> +    'FILENAME':         r'(\/|\@\{\S*\})\S*', # just a filename (taken from @@FILE@@)

Given the above, it's probably better to make the relation explicit,
so that if the pattern needs to change at some point, you only need
to change it in one location:

---
 utils/vim/create-apparmor.vim.py |   11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

Index: b/utils/vim/create-apparmor.vim.py
===================================================================
--- a/utils/vim/create-apparmor.vim.py
+++ b/utils/vim/create-apparmor.vim.py
@@ -28,6 +28,8 @@ aa_network_types=r'\s+tcp|\s+udp|\s+icmp
 
 aa_flags=r'(complain|audit|attach_disconnect|no_attach_disconnected|chroot_attach|chroot_no_attach|chroot_relative|namespace_relative)'
 
+filename=r'(\/|\@\{\S*\})\S*'
+
 def cmd(command, input = None, stderr = subprocess.STDOUT, stdout = subprocess.PIPE, stdin = None, timeout = None):
     '''Try to execute given command (array) and return its stdout, or
     return a textual error if it failed.'''
@@ -78,12 +80,13 @@ for af_pair in af_pairs:
 # -> currently (2011-01-11) not, but might come back
 
 aa_regex_map = {
-    'FILE':             r'\v^\s*(audit\s+)?(deny\s+)?(owner\s+)?(\/|\@\{\S*\})\S*\s+',
-    'DENYFILE':         r'\v^\s*(audit\s+)?deny\s+(owner\s+)?(\/|\@\{\S*\})\S*\s+',
+    'FILENAME':         filename,
+    'FILE':             r'\v^\s*(audit\s+)?(deny\s+)?(owner\s+)?' + filename '\s+', # Start of a file rule
+                        # (whitespace_+_, owner etc. flag_?_, filename pattern, whitespace_+_)
+    'DENYFILE':         r'\v^\s*(audit\s+)?deny\s+(owner\s+)?' + filename + '\s+', # deny, otherwise like FILE
     'auditdenyowner':   r'(audit\s+)?(deny\s+)?(owner\s+)?',
     'auditdeny':        r'(audit\s+)?(deny\s+)?',
-    'FILENAME':         r'(\/|\@\{\S*\})\S*',
-    'EOL':              r'\s*,(\s*$|(\s*#.*$)\@=)',
+    'EOL':              r'\s*,(\s*$|(\s*#.*$)\@=)', # End of a line (whitespace_?_, comma, whitespace_?_ comment.*)
     'TRANSITION':       r'(\s+-\>\s+\S+)?',
     'sdKapKey':         " ".join(benign_caps),
     'sdKapKeyDanger':   " ".join(danger_caps),

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20120326/42dada5c/attachment.pgp>

More information about the AppArmor mailing list