[apparmor] [patch] some comments for create-apparmor.vim.py

Steve Beattie steve at nxnw.org
Mon Mar 26 17:36:44 UTC 2012 

On Mon, Mar 26, 2012 at 10:22:31AM -0700, Steve Beattie wrote:
> On Sat, Mar 24, 2012 at 12:24:39AM +0100, Christian Boltz wrote:
> > +    'FILENAME':         r'(\/|\@\{\S*\})\S*', # just a filename (taken from @@FILE@@)
> 
> Given the above, it's probably better to make the relation explicit,
> so that if the pattern needs to change at some point, you only need
> to change it in one location:
> 
> ---
>  utils/vim/create-apparmor.vim.py |   11 +++++++----
>  1 file changed, 7 insertions(+), 4 deletions(-)
> 
> Index: b/utils/vim/create-apparmor.vim.py
> ===================================================================
> --- a/utils/vim/create-apparmor.vim.py
> +++ b/utils/vim/create-apparmor.vim.py
> @@ -28,6 +28,8 @@ aa_network_types=r'\s+tcp|\s+udp|\s+icmp
>  
>  aa_flags=r'(complain|audit|attach_disconnect|no_attach_disconnected|chroot_attach|chroot_no_attach|chroot_relative|namespace_relative)'
>  
> +filename=r'(\/|\@\{\S*\})\S*'
> +
>  def cmd(command, input = None, stderr = subprocess.STDOUT, stdout = subprocess.PIPE, stdin = None, timeout = None):
>      '''Try to execute given command (array) and return its stdout, or
>      return a textual error if it failed.'''
> @@ -78,12 +80,13 @@ for af_pair in af_pairs:
>  # -> currently (2011-01-11) not, but might come back
>  
>  aa_regex_map = {
> -    'FILE':             r'\v^\s*(audit\s+)?(deny\s+)?(owner\s+)?(\/|\@\{\S*\})\S*\s+',
> -    'DENYFILE':         r'\v^\s*(audit\s+)?deny\s+(owner\s+)?(\/|\@\{\S*\})\S*\s+',
> +    'FILENAME':         filename,
> +    'FILE':             r'\v^\s*(audit\s+)?(deny\s+)?(owner\s+)?' + filename '\s+', # Start of a file rule

err, without the syntax error and other thinko, obviously (missing
the + after 'filename' and '\s+' should be a raw string r'\s+'):

+    'FILE':             r'\v^\s*(audit\s+)?(deny\s+)?(owner\s+)?' + filename + r'\s+', # Start of a file rule

> +                        # (whitespace_+_, owner etc. flag_?_, filename pattern, whitespace_+_)
> +    'DENYFILE':         r'\v^\s*(audit\s+)?deny\s+(owner\s+)?' + filename + '\s+', # deny, otherwise like FILE

.. and same r'\s+' replacement here.

>      'auditdenyowner':   r'(audit\s+)?(deny\s+)?(owner\s+)?',
>      'auditdeny':        r'(audit\s+)?(deny\s+)?',
> -    'FILENAME':         r'(\/|\@\{\S*\})\S*',
> -    'EOL':              r'\s*,(\s*$|(\s*#.*$)\@=)',
> +    'EOL':              r'\s*,(\s*$|(\s*#.*$)\@=)', # End of a line (whitespace_?_, comma, whitespace_?_ comment.*)
>      'TRANSITION':       r'(\s+-\>\s+\S+)?',
>      'sdKapKey':         " ".join(benign_caps),
>      'sdKapKeyDanger':   " ".join(danger_caps),
> 
> -- 
> Steve Beattie
> <sbeattie at ubuntu.com>
> http://NxNW.org/~steve/



> -- 
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor


-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20120326/a9a48a6d/attachment.pgp>

More information about the AppArmor mailing list