[apparmor] [patch] AppArmor.pm: add basic support for signal, unix, ptrace and dbus rules
Christian Boltz
apparmor at cboltz.de
Tue Oct 7 18:19:15 UTC 2014
Hello,
YaST still uses AppArmor.pm, and now errors out when starting the
profile editor because it doesn't know about signal, unix, ptrace and
dbus rules.
This patch adds basic support for those rules to AppArmor.pm by adding
them to the "ignore those rules" regex.
Note: Rules covered by this regex are lost when writing the profile :-(
I'll accept that as a known bug for now (and add a comment about it),
fixes are of course welcome ;-)
References:https://bugzilla.novell.com/show_bug.cgi?id=900013
I also have to merge all multiline rules in the abstractions into one
line, but that has to stay an openSUSE-only patch.
=== modified file 'deprecated/utils/Immunix/AppArmor.pm'
--- deprecated/utils/Immunix/AppArmor.pm 2014-08-02 10:46:15 +0000
+++ deprecated/utils/Immunix/AppArmor.pm 2014-10-07 18:06:06 +0000
@@ -5438,8 +5438,9 @@
$initial_comment .= "$_\n";
}
}
- } elsif (/^\s*(audit\s+)?(deny\s+)?(owner\s+)?(capability|dbus|file|mount|pivot_root|remount|umount)/) {
+ } elsif (/^\s*(audit\s+)?(deny\s+)?(owner\s+)?(capability|dbus|file|mount|pivot_root|remount|umount|signal|unix|ptrace|dbus)/) {
# ignore valid rules that are currently unsupported by AppArmor.pm
+ # BUG: when writing the profile, those rules are lost!
} else {
# we hit something we don't understand in a profile...
die sprintf(gettext('%s contains syntax errors. Line [%s]'), $file, $_) . "\n";
Regards,
Christian Boltz
--
Das soll jetzt wirklich keine Arroganz sein, aber es macht keinen Sinn,
das Haus abzureissen, weil du den Hausschlüssel vergessen hast. :-)
[Ratti in suse-linux]
More information about the AppArmor
mailing list