[apparmor] [PATCH] utils: Clean up file rule parsing
Christian Boltz
apparmor at cboltz.de
Wed Apr 23 20:52:45 UTC 2014
Hello,
Am Mittwoch, 23. April 2014 schrieb Tyler Hicks:
> This patch backs out most of the changes from r2448 in favor of a
> better approach.
>
> The optional "file" keyword is handled under the pre-existing
> RE_PROFILE_PATH_ENTRY regex and a new regex,
> RE_PROFILE_BARE_FILE_ENTRY, is created for handling bare file rules.
>
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
> Cc: Christian Boltz <apparmor at cboltz.de>
> ---
>
> This patch is meant to address the feedback from cboltz regarding the
> duplicated code in aa.py (not the duplicated test code):
>
> https://lists.ubuntu.com/archives/apparmor/2014-April/005616.html
>
> utils/apparmor/aa.py | 218
> ++++++++++++++------------------------- utils/apparmor/aamode.py
> | 1 +
> utils/test/test-regex_matches.py | 82 ++++++---------
> 3 files changed, 107 insertions(+), 194 deletions(-)
>
> diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py
> index ea1487b..05ed2d0 100644
> --- a/utils/apparmor/aa.py
> +++ b/utils/apparmor/aa.py
> + elif RE_PROFILE_BARE_FILE_ENTRY.search(line):
...
> + path_rule =
> profile_data[profile][hat][allow]['path'][ALL] +
> path_rule['mode'] = mode
> + path_rule['audit'] = audit
> + path_rule['file_prefix'] = True
Please add a TODO note to cleanup the then-superfluous file rules.
(A follow-up patch to solve that TODO is of course also welcome ;-)
Thanks for the cleanup!
With the TODO note added,
Acked-by: Christian Boltz <apparmor at cboltz.de>
Regards,
Christian Boltz
--
Du kannst dir einen Kernel so geschwaetzig eingestellt kompilieren, dass
die HDD kaum noch mit dem loggen hinterherkommt (was wiederum Bugs im
HDD-Treiber ausloesen koennte ;)) [David Haller in suse-linux]
More information about the AppArmor
mailing list