[apparmor] [patch 2/2] parser: add implicit set variable @{profile_name} to profile symbol table
Steve Beattie
steve at nxnw.org
Fri Mar 28 18:19:14 UTC 2014
On Fri, Mar 28, 2014 at 11:15:51AM -0700, Steve Beattie wrote:
> parser: add implicit set variable @{profile_name} to profile symbol table
>
> This patch adds the creation of an implicit set variable
> @{profile_name} for use within policy. It expands to:
>
> - a given profile name if specified; e.g. for
> 'profile flappy_bird /some/pattern/match* { [...] }'
> @{profile_name} would expand to 'flappy_bird'
> - if no given name, the match pattern; e.g. for
> '/usr/bin/doge_bird { [...] }'
> @{profile_name} would expand to '/usr/bin/doge_bird'
> - hats and child profiles will include the fully qualified name; e.g.
> the 'doge' hat in the /usr/bin/flappy_bird profile would cause
> @{profile_name} to expand to '/usr/bin/flappy_bird//doge' within the
> 'doge' hat, and '/usr/bin/flappy_bird' outside of it in the profile.
I should point out that (a) this patch applies on top of John's
patchset and (b) that the @{profile_name} is expected to be most useful
in the context of signal and ptrace rules (e.g. for specifying that
an app can send itself signals).
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140328/f0986db9/attachment.pgp>
More information about the AppArmor
mailing list