[apparmor] [patch 02/12] parser: Add support for unix domain socket rules.
Seth Arnold
seth.arnold at canonical.com
Tue Aug 26 22:32:18 UTC 2014
On Tue, Aug 26, 2014 at 03:31:26PM -0700, Seth Arnold wrote:
> On Mon, Aug 25, 2014 at 05:06:07PM -0700, john.johansen at canonical.com wrote:
> > This patch implements parsing of fine grained mediation for unix domain
> > sockets, that have abstract and anonymous paths. Sockets with file
> > system paths are handled by regular file access rules.
>
> One quick question ...
>
> > + */
> > +int af_rule::move_base_cond(struct cond_entry *ent, bool peer)
> > +{
> > + if (!cond_check(supported_conds, ent, peer, "unknown"))
> > + return false;
> > +
> > + if (strcmp(ent->name, "type") == 0) {
> > + move_conditional_value("socket rule", &sock_type, ent);
> > + sock_type_n = net_find_type_val(sock_type);
> > + if (sock_type_n == -1)
> > + yyerror("socket rule: invalid socket type '%s'", sock_type);
> > + } else if (strcmp(ent->name, "protocol") == 0) {
> > + yyerror("socket rule: 'protocol' conditional is not currently supported\n");
> > + } else if (strcmp(ent->name, "label") == 0) {
> > + if (peer)
> > + move_conditional_value("unix", &label, ent);
> > + else
> > + move_conditional_value("unix", &peer_label, ent);
>
> Is this if (peer) conditional test going in the correct direction?
Oh, of course, 03/12 fixes it. Never mind.
> > + } else
> > + return false;
> > +
> > + return true;
> > +}
>
> Thanks
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140826/76dd840a/attachment-0001.pgp>
More information about the AppArmor
mailing list