[apparmor] [PATCH] utils: Handle unmount rules

Tyler Hicks tyhicks at canonical.com
Mon Jun 2 15:33:53 UTC 2014 

Bug: https://bugs.launchpad.net/bugs/1325109

The parser will accept rules with either umount or unmount rule types.
The utils should follow suite.

Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
---
 utils/apparmor/aa.py             |  2 +-
 utils/test/test-mount_parse.py   | 12 ++++++++++++
 utils/test/test-regex_matches.py |  2 ++
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py
index 90336ec..83dd72f 100644
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@@ -2627,7 +2627,7 @@ RE_PROFILE_HAT_DEF = re.compile('^\s*\^(\"??.+?\"??)\s+((flags=)?\((.+)\)\s+)*\{
 RE_NETWORK_FAMILY_TYPE = re.compile('\s+(\S+)\s+(\S+)\s*,$')
 RE_NETWORK_FAMILY = re.compile('\s+(\S+)\s*,$')
 RE_PROFILE_DBUS = re.compile('^\s*(audit\s+)?(allow\s+|deny\s+)?(dbus\s*,|dbus\s+[^#]*\s*,)\s*(#.*)?$')
-RE_PROFILE_MOUNT = re.compile('^\s*(audit\s+)?(allow\s+|deny\s+)?((mount|remount|umount)(\s+[^#]*)?\s*,)\s*(#.*)?$')
+RE_PROFILE_MOUNT = re.compile('^\s*(audit\s+)?(allow\s+|deny\s+)?((mount|remount|umount|unmount)(\s+[^#]*)?\s*,)\s*(#.*)?$')
 RE_PROFILE_SIGNAL = re.compile('^\s*(audit\s+)?(allow\s+|deny\s+)?(signal\s*,|signal\s+[^#]*\s*,)\s*(#.*)?$')
 RE_PROFILE_PTRACE = re.compile('^\s*(audit\s+)?(allow\s+|deny\s+)?(ptrace\s*,|ptrace\s+[^#]*\s*,)\s*(#.*)?$')
 RE_PROFILE_PIVOT_ROOT = re.compile('^\s*(audit\s+)?(allow\s+|deny\s+)?(pivot_root\s*,|pivot_root\s+[^#]*\s*,)\s*(#.*)?$')
diff --git a/utils/test/test-mount_parse.py b/utils/test/test-mount_parse.py
index 12fa65c..d750bac 100644
--- a/utils/test/test-mount_parse.py
+++ b/utils/test/test-mount_parse.py
@@ -66,5 +66,17 @@ class AAParseUmountTest(unittest.TestCase):
         self.assertEqual(rule, mount.serialize(),
                 'mount object returned "%s", expected "%s"' % (mount.serialize(), rule))
 
+    def test_parse_plain_unmount_rule(self):
+        rule = 'unmount,'
+        mount = aa.parse_mount_rule(rule)
+        self.assertEqual(rule, mount.serialize(),
+                'mount object returned "%s", expected "%s"' % (mount.serialize(), rule))
+
+    def test_parse_unmount_with_mount_point(self):
+        rule = 'unmount /mnt/external,'
+        mount = aa.parse_mount_rule(rule)
+        self.assertEqual(rule, mount.serialize(),
+                'mount object returned "%s", expected "%s"' % (mount.serialize(), rule))
+
 if __name__ == '__main__':
     unittest.main()
diff --git a/utils/test/test-regex_matches.py b/utils/test/test-regex_matches.py
index 8b0b0bc..5c4df56 100644
--- a/utils/test/test-regex_matches.py
+++ b/utils/test/test-regex_matches.py
@@ -249,6 +249,8 @@ class AARegexMount(unittest.TestCase):
         ('   audit mount,', ('audit', None, 'mount,', 'mount', None, None)),
         ('   umount,', (None, None, 'umount,', 'umount', None, None)),
         ('   audit umount,', ('audit', None, 'umount,', 'umount', None, None)),
+        ('   unmount,', (None, None, 'unmount,', 'unmount', None, None)),
+        ('   audit unmount,', ('audit', None, 'unmount,', 'unmount', None, None)),
         ('   remount,', (None, None, 'remount,', 'remount', None, None)),
         ('   deny remount,', (None, 'deny', 'remount,', 'remount', None, None)),
 
-- 
1.9.1

More information about the AppArmor mailing list