[apparmor] [patch] some comments for create-apparmor.vim.py
Steve Beattie
steve at nxnw.org
Mon Mar 26 17:36:44 UTC 2012
On Mon, Mar 26, 2012 at 10:22:31AM -0700, Steve Beattie wrote:
> On Sat, Mar 24, 2012 at 12:24:39AM +0100, Christian Boltz wrote:
> > + 'FILENAME': r'(\/|\@\{\S*\})\S*', # just a filename (taken from @@FILE@@)
>
> Given the above, it's probably better to make the relation explicit,
> so that if the pattern needs to change at some point, you only need
> to change it in one location:
>
> ---
> utils/vim/create-apparmor.vim.py | 11 +++++++----
> 1 file changed, 7 insertions(+), 4 deletions(-)
>
> Index: b/utils/vim/create-apparmor.vim.py
> ===================================================================
> --- a/utils/vim/create-apparmor.vim.py
> +++ b/utils/vim/create-apparmor.vim.py
> @@ -28,6 +28,8 @@ aa_network_types=r'\s+tcp|\s+udp|\s+icmp
>
> aa_flags=r'(complain|audit|attach_disconnect|no_attach_disconnected|chroot_attach|chroot_no_attach|chroot_relative|namespace_relative)'
>
> +filename=r'(\/|\@\{\S*\})\S*'
> +
> def cmd(command, input = None, stderr = subprocess.STDOUT, stdout = subprocess.PIPE, stdin = None, timeout = None):
> '''Try to execute given command (array) and return its stdout, or
> return a textual error if it failed.'''
> @@ -78,12 +80,13 @@ for af_pair in af_pairs:
> # -> currently (2011-01-11) not, but might come back
>
> aa_regex_map = {
> - 'FILE': r'\v^\s*(audit\s+)?(deny\s+)?(owner\s+)?(\/|\@\{\S*\})\S*\s+',
> - 'DENYFILE': r'\v^\s*(audit\s+)?deny\s+(owner\s+)?(\/|\@\{\S*\})\S*\s+',
> + 'FILENAME': filename,
> + 'FILE': r'\v^\s*(audit\s+)?(deny\s+)?(owner\s+)?' + filename '\s+', # Start of a file rule
err, without the syntax error and other thinko, obviously (missing
the + after 'filename' and '\s+' should be a raw string r'\s+'):
+ 'FILE': r'\v^\s*(audit\s+)?(deny\s+)?(owner\s+)?' + filename + r'\s+', # Start of a file rule
> + # (whitespace_+_, owner etc. flag_?_, filename pattern, whitespace_+_)
> + 'DENYFILE': r'\v^\s*(audit\s+)?deny\s+(owner\s+)?' + filename + '\s+', # deny, otherwise like FILE
.. and same r'\s+' replacement here.
> 'auditdenyowner': r'(audit\s+)?(deny\s+)?(owner\s+)?',
> 'auditdeny': r'(audit\s+)?(deny\s+)?',
> - 'FILENAME': r'(\/|\@\{\S*\})\S*',
> - 'EOL': r'\s*,(\s*$|(\s*#.*$)\@=)',
> + 'EOL': r'\s*,(\s*$|(\s*#.*$)\@=)', # End of a line (whitespace_?_, comma, whitespace_?_ comment.*)
> 'TRANSITION': r'(\s+-\>\s+\S+)?',
> 'sdKapKey': " ".join(benign_caps),
> 'sdKapKeyDanger': " ".join(danger_caps),
>
> --
> Steve Beattie
> <sbeattie at ubuntu.com>
> http://NxNW.org/~steve/
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20120326/a9a48a6d/attachment.pgp>
More information about the AppArmor
mailing list