[apparmor] [PATCH] Fix mount rule preprocessor output
Tyler Hicks
tyhicks at canonical.com
Mon Jun 24 18:31:32 UTC 2013
On 2013-06-24 11:15:47, Seth Arnold wrote:
> On Sun, Jun 23, 2013 at 03:50:45PM -0700, Tyler Hicks wrote:
> > Currently, mount rule preprocessor output is incorrect:
> >
> > $ echo '/t { mount options=(rw,nosuid) /dev/sda3 -> /home, }' \
> > | apparmor_parser -p
> > /t { mountmount =(rw,nosuid) /dev/sda3 -> /home, }
> >
> > This is due to incorrect placement of DUMP_PREPROCESS in parser_lex.l
> >
> > Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
> > ---
> > parser/parser_lex.l | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/parser/parser_lex.l b/parser/parser_lex.l
> > index 1258b01..78ee0bf 100644
> > --- a/parser/parser_lex.l
> > +++ b/parser/parser_lex.l
> > @@ -286,6 +286,7 @@ LT_EQUAL <=
> > * as bison may have requested the next
> > * token from the scanner
> > */
> > + DUMP_PREPROCESS;
> > PDEBUG("conditional %s=\n", yytext);
> > yylval.id = processid(yytext, yyleng);
> > yy_push_state(EXTCOND_MODE);
>
> I'm not sure this is sufficient; there are two branches here and I
> think both need the DUMP_PREPROCESS:
>
> <INITIAL,MOUNT_MODE>{
> {VARIABLE_NAME}/{WS}*= {
> /* we match to the = in the lexer so that
> * can switch scanner state. By the time
> * the parser see the = it may be to late
> * as bison may have requested the next
> * token from the scanner
> */
The patch adds DUMP_PREPROCESS here, so "options=()" is taken care of.
> PDEBUG("conditional %s=\n", yytext);
> yylval.id = processid(yytext, yyleng);
> yy_push_state(EXTCOND_MODE);
> return TOK_CONDID;
> }
> {VARIABLE_NAME}/{WS}+in{WS}*\( {
> /* we match to 'in' in the lexer so that
> * we can switch scanner state. By the time
> * the parser see the 'in' it may be to late
> * as bison may have requested the next
> * token from the scanner
> */
The patch does not add DUMP_PREPROCESS here, so "options in ()" may
still be broke. Time for a quick test:
$ echo '/t { mount options in (rw,nosuid) /dev/sda3 -> /home, }' | ./apparmor_parser -p
/t { mount in (rw,nosuid) /dev/sda3 -> /home, }
Still broke. Nice catch! Patch to follow...
Tyler
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130624/4c4eed8c/attachment.pgp>
More information about the AppArmor
mailing list