[apparmor] [PATCH] utils: Ignore unsupported rules
John Johansen
john.johansen at canonical.com
Mon Aug 26 22:28:15 UTC 2013
On 08/26/2013 02:57 PM, Tyler Hicks wrote:
> The profile parsing in the Immunix::AppArmor perl module has fallen
> behind when it comes to some of the newer rule types and syntax
> supported by apparmor_parser.
>
> When an unsupported rule is found, it causes aa-logprof and aa-genprof
> to error out. This patch creates a list of valid, but unsupported rule
> types that should be ignored by the perl module when parsing policy.
>
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
>
> === modified file 'utils/Immunix/AppArmor.pm'
> --- utils/Immunix/AppArmor.pm 2013-08-23 20:02:15 +0000
> +++ utils/Immunix/AppArmor.pm 2013-08-26 21:49:46 +0000
> @@ -5423,6 +5423,8 @@
> $initial_comment .= "$_\n";
> }
> }
> + } elsif (/^\s*(audit\s+)?(deny\s+)?(owner\s+)?(capability|dbus|file|mount|pivot_root|remount|umount)/) {
> + # ignore valid rules that are currently unsupported by AppArmor.pm
> } else {
> # we hit something we don't understand in a profile...
> die sprintf(gettext('%s contains syntax errors. Line [%s]'), $file, $_) . "\n";
>
Ackedby: John Johansen <john.johansen at canonical.com>
More information about the AppArmor
mailing list