[apparmor] [patch 21/26] change syntax of ptrace target

Steve Beattie steve at nxnw.org
Mon Apr 21 18:17:54 UTC 2014 

On Tue, Apr 15, 2014 at 10:22:28AM -0700, john.johansen at canonical.com wrote:
> change from
>   ptrace /foo,
> 
> to
>   ptrace peer=/foo,
> 
> Signed-off-by: John Johansen <john.johansen at canonical.com>
Signed-off-by: Steve Beattie <steve at nxnw.org>

> ---
>  parser/parser_yacc.y |    7 +------
>  parser/ptrace.c      |   13 ++++++++-----
>  parser/ptrace.h      |    2 +-
>  3 files changed, 10 insertions(+), 12 deletions(-)
> 
> --- 2.9-test.orig/parser/parser_yacc.y
> +++ 2.9-test/parser/parser_yacc.y
> @@ -1349,12 +1349,7 @@
>  
>  ptrace_rule: TOK_PTRACE opt_ptrace_perm opt_conds TOK_END_OF_RULE
>  	{
> -		ptrace_rule *ent = new ptrace_rule($2, $3, NULL);
> -		$$ = ent;
> -	}
> -	|  TOK_PTRACE opt_ptrace_perm opt_conds TOK_ID TOK_END_OF_RULE
> -	{
> -		ptrace_rule *ent = new ptrace_rule($2, $3, $4);
> +		ptrace_rule *ent = new ptrace_rule($2, $3);
>  		$$ = ent;
>  	}
>  
> --- 2.9-test.orig/parser/ptrace.c
> +++ 2.9-test/parser/ptrace.c
> @@ -39,14 +39,17 @@
>  		if (!cond_ent->eq)
>  			yyerror("keyword \"in\" is not allowed in ptrace rules\n");
>  
> -		/* no valid conditionals atm */
> -		yyerror("invalid ptrace rule conditional \"%s\"\n",
> -			cond_ent->name);
> +		if (strcmp(cond_ent->name, "peer") == 0) {
> +			move_conditional_value("ptrace", &peer_label, cond_ent);
> +		} else {
> +			yyerror("invalid ptrace rule conditional \"%s\"\n",
> +				cond_ent->name);
> +		}
>  	}
>  }
>  
> -ptrace_rule::ptrace_rule(int mode_p, struct cond_entry *conds, char *peer):
> -	peer_label(peer), audit(0), deny(0)
> +ptrace_rule::ptrace_rule(int mode_p, struct cond_entry *conds):
> +	peer_label(NULL), audit(0), deny(0)
>  {
>  	if (mode_p) {
>  		if (mode_p & ~AA_VALID_PTRACE_PERMS)
> --- 2.9-test.orig/parser/ptrace.h
> +++ 2.9-test/parser/ptrace.h
> @@ -37,7 +37,7 @@
>  	int audit;
>  	int deny;
>  
> -	ptrace_rule(int mode, struct cond_entry *conds, char *peer);
> +	ptrace_rule(int mode, struct cond_entry *conds);
>  	virtual ~ptrace_rule()
>  	{
>  		free(peer_label);
> 
> 
> -- 
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140421/ae0b630e/attachment.pgp>

More information about the AppArmor mailing list