[apparmor] [patch] fix aa-complain to work with quoted profile names

Christian Boltz apparmor at cboltz.de
Thu Jun 19 18:55:26 UTC 2014 

Hello,

Am Mittwoch, 18. Juni 2014 schrieb Steve Beattie:
> Hey Christian,

Nice - I just need to ask for an
    Acked-by: <expired>
on IRC, and I get a real review ;-)

> On Wed, Jun 11, 2014 at 12:11:29AM +0200, Christian Boltz wrote:
...
> > One more patch to write...
> 
> Just one? Surely you jest...

I? Never!

*eg*

> > === modified file 'utils/apparmor/aa.py'
> > --- utils/apparmor/aa.py	2014-05-22 17:43:10 +0000
> > +++ utils/apparmor/aa.py	2014-05-28 22:00:45 +0000
> > @@ -630,7 +630,11 @@
> > 
> >  def set_profile_flags(prof_filename, program, newflags):
> >      """Reads the old profile file and updates the flags
> >      accordingly"""
> > 
> > -    regex_bin_flag =
> > re.compile('^(\s*)(("??/.+?"??)|(profile\s+("??.+?"??)))\s+((flags=
> > )?\((.*)\)\s+)?\{\s*(#.*)?$') +    regex_bin_flag =
> > re.compile('^(\s*)("?(/.+?)"??|(profile\s+"?(.+?)"??))\s+((flags=)?
> > \((.*)\)\s+)?\{\s*(#.*)?$')
> A different way to do this regex without having to
> conditionally check on whether one of the matches fields has
> been set would be to use python's named groups (and maybe
> non-matching groups as well, to cope with the nested groups).
> https://docs.python.org/3/howto/regex.html#non-capturing-and-named-gro
> ups covers how to do so. RE_HAS_COMMENT_SPLIT is also an example of
> this.

I completely agree that counting parenthesis isn't fun with such 
regexes.

Patches welcome ;-)

> > @@ -648,13 +652,18 @@
> > 
> >                          matches = match.groups()
> >                          space = matches[0]
> >                          binary = matches[1]
> 
> Minor nit, if you're setting binary to either matches[2] or matches[4]
> below, is there any reason to keep the assignment above?

Good catch. I removed the line before commiting.

> > -RE_PROFILE_START =
> > re.compile('^\s*(("??/.+?"??)|(profile\s+("??.+?"??)))\s+((flags=)?
> > \((.+)\)\s+)?\{\s*(#.*)?$') +RE_PROFILE_START =
> > re.compile('^\s*("?(/.+?)"??|(profile\s+"?(.+?)"??))\s+((flags=)?\(
> > (.+)\)\s+)?\{\s*(#.*)?$')
> I sure would like testcases for these...

Did I already mention that patches are welcome? ;-)


Regards,

Christian Boltz
-- 
für die Bewertung des Risikos gilt Martins Hypothese:
Das Risiko ist proportional zur Größe der Schlagzeile in der 
BILD-Zeitung.  [Martin zu 
http://blog.koehntopp.de/archives/3211-Wieso-wir-uns-veroeffentlichen.html]

More information about the AppArmor mailing list