[apparmor] [PATCH 1/2] utils: Remove unnecessary regex groups

Christian Boltz apparmor at cboltz.de
Wed Apr 23 21:04:38 UTC 2014


Hello,

Am Mittwoch, 23. April 2014 schrieb Tyler Hicks:
> The regexes for signal, ptrace, and pivot_root rules each had an extra
> grouping around the terms 'signal', 'ptrace', and 'pivot_root'. Those
> extra groupings can be safely removed.

Indeed.

> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
> ---
>  utils/apparmor/aa.py | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py
> index 05ed2d0..4f660e2 100644
> --- a/utils/apparmor/aa.py
> +++ b/utils/apparmor/aa.py
> @@ -2624,9 +2624,9 @@ 

>  RE_PROFILE_DBUS =
> re.compile('^\s*(audit\s+)?(allow\s+|deny\s+)?(dbus[^#]*\s*,)\s*(#.*)
> ?$')
> RE_PROFILE_MOUNT =
> re.compile('^\s*(audit\s+)?(allow\s+|deny\s+)?((mount|remount|umount)
> [^#]*\s*,)\s*(#.*)?$') 
...
> +RE_PROFILE_SIGNAL =
> re.compile('^\s*(audit\s+)?(allow\s+|deny\s+)?(signal[^#]*\s*,)\s*(#.
> *)?$') 
> +RE_PROFILE_PTRACE =
> re.compile('^\s*(audit\s+)?(allow\s+|deny\s+)?(ptrace[^#]*\s*,)\s*(#.
> *)?$') 
> +RE_PROFILE_PIVOT_ROOT =
> re.compile('^\s*(audit\s+)?(allow\s+|deny\s+)?(pivot_root[^#]*\s*,)\s
> *(#.*)?$')

Acked-by: Christian Boltz <apparmor at cboltz.de>


Side note: the regex for PIVOT_ROOT will also match "pivot_rootbeer" ;-) 
which is probably not intended (hey, I prefer wine! ;-)
The same applies for all other regexes quoted above, starting with DBUS.

The correct (and untested ;-) solution would be to replace
    (keyword[^#]*)
with
    (keyword(\s+[^#]*)?)
to enforce some space after the keyword.

It would be even better to change it to
    keyword(\s+[^#]*)?
but that would need some follow-up changes because it excludes the 
keyword from the match.

Opinions?


Regards,

Christian Boltz
-- 
Sorry for the rant, I tried for a long time to find nice words but these
were the nicest I could find :-) [Stefan Seyfried in opensuse-factory]




More information about the AppArmor mailing list