[apparmor] patch - change hasher to be easy to debug
Peter Maloney
peter.maloney at brockmann-consult.de
Tue Nov 25 17:09:26 UTC 2014
This patch changes the hasher() into a class based nested dict so it is
FAR easier to debug. Also I wrote a __str__() method that prints the
contents nice and pretty.
Using this, I managed to find other problems, possibly the one I was
trying to solve. Here is a snippet of printing out the aa[profile][hat]
which has lots of "include"s that are mixed in by mistake. This patch
does not fix this problem (see next patch in another thread), only
changes the hasher so it is easy to track.
pm DEBUG: rematchfrag, allow = allow, path =
/etc/bash.bashrc, frag = {
# this is the junk...
abstractions/gnome: {}
tunables/kernelvars: {}
local/usr.sbin.ntpd: {}
abstractions/bash: {}
tunables/multiarch: {}
tunables/global: {}
abstractions/apparmor_api/examine: {}
abstractions/private-files: {}
abstractions/base: {}
abstractions/postfix-common: {}
abstractions/mysql: {}
[...LOTS more lines...]
local/usr.sbin.smbldap-useradd: {}
include: { # probably useful
abstractions/base: True
}
allow: { # This part is useful
path_regex: {
/home/*/tmp/: {
audit: set([])
mode: set(['r', '::r'])
}
/usr/share/**/: {
audit: set([])
mode: set(['r', '::r'])
}
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: p2-hasher.patch
Type: text/x-patch
Size: 3025 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20141125/f669f76f/attachment.bin>
More information about the AppArmor
mailing list