[apparmor] [PATCH 3/3] utils: Basic support for pivot_root rules
Steve Beattie
steve at nxnw.org
Fri Apr 4 19:53:38 UTC 2014
On Fri, Apr 04, 2014 at 01:28:20PM -0500, Tyler Hicks wrote:
> On 2014-04-04 11:17:17, Steve Beattie wrote:
> > On Thu, Apr 03, 2014 at 02:56:01PM -0500, Tyler Hicks wrote:
> > > Bug: https://bugs.launchpad.net/bugs/1298678
> > >
> > > This patch does bare bones parsing of pivot_root rules and stores the raw
> > > strings for writing them out later. It is meant to be a simple change to
> > > prevent aa.py from emitting a traceback when encountering pivot_root rules.
> > >
> > > Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
> >
> > A meta question: do we see the pivot_root policy statements as a
> > significantly different class of rules from the rest of the mount
> > rules to be worth handling them separately? (I'm unfortunately not
> > as familiar with the intricacies of those classes of rules.)
>
> I can't say that I'm very familiar with them, either. But they do seem
> different enough that we would handle them differently.
>
> mount rules have fstypes, mount options, and the '->' symbol is used to
> point to the destination mount point.
>
> pivot_root rules don't have variables such as fstype or mount options
> and the '->' symbol is used to point to another profile to change to
> when pivoting.
>
> I say that they should be treated differently, but we probably need JJ
> to weigh in.
Okay, that seems reasonable. Acked-by: Steve Beattie <steve at nxnw.org> as
long as:
> > > + elif RE_PROFILE_PIVOT_ROOT.search(line):
> > > + matches = RE_PROFILE_PIVOT_ROOT.search(line).groups()
> > > +
> > > + if not profile:
> > > + raise AppArmorException(_('Syntax Error: Unexpected ptrace entry found in file: %s line: %s') % (file, lineno + 1))
> >
> > s/ptrace/pivot_root/ here
> >
and the print statement in the tests are addressed.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140404/7dfdc8a2/attachment.pgp>
More information about the AppArmor
mailing list