[apparmor] [PATCH 2/6] tests: Update mkprofile.pl to accept unix rules
Seth Arnold
seth.arnold at canonical.com
Sat Sep 6 00:49:05 UTC 2014
On Thu, Sep 04, 2014 at 06:55:42AM -0500, Tyler Hicks wrote:
> Example gen_unix() inputs and outputs:
>
> "unix:ALL" -> " unix,\n"
>
> "unix:(create,bind,listen,accept):addr=@foo:peer=(label=bar)" ->
> " unix (create,bind,listen accept) addr=@foo peer=(label=bar),\n"
>
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
Acked-by: Seth Arnold <seth.arnold at canonical.com>
Thanks
> ---
> tests/regression/apparmor/mkprofile.pl | 12 ++++++++++++
> tests/regression/apparmor/unix_socket.sh | 1 -
> 2 files changed, 12 insertions(+), 1 deletion(-)
>
> diff --git a/tests/regression/apparmor/mkprofile.pl b/tests/regression/apparmor/mkprofile.pl
> index e1e67f5..adae98f 100755
> --- a/tests/regression/apparmor/mkprofile.pl
> +++ b/tests/regression/apparmor/mkprofile.pl
> @@ -154,6 +154,16 @@ sub gen_network($) {
> push (@{$output_rules{$hat}}, " @rules,\n");
> }
>
> +sub gen_unix($) {
> + my $rule = shift;
> + if ($rule =~ /^unix:ALL$/) {
> + push (@{$output_rules{$hat}}, " unix,\n");
> + } else {
> + $rule =~ s/:/ /g;
> + push(@{$output_rules{$hat}}, " " . $rule . ",\n");
> + }
> +}
> +
> sub gen_cap($) {
> my $rule = shift;
> my @rules = split (/:/, $rule);
> @@ -376,6 +386,8 @@ sub gen_from_args() {
> gen_netdomain($rule);
> } elsif ($rule =~ /^network:/) {
> gen_network($rule);
> + } elsif ($rule =~ /^unix:/) {
> + gen_unix($rule);
> } elsif ($rule =~ /^cap:/) {
> gen_cap($rule);
> } elsif ($rule =~ /^ptrace:/) {
> diff --git a/tests/regression/apparmor/unix_socket.sh b/tests/regression/apparmor/unix_socket.sh
> index b4fd59d..10fa59d 100755
> --- a/tests/regression/apparmor/unix_socket.sh
> +++ b/tests/regression/apparmor/unix_socket.sh
> @@ -76,7 +76,6 @@ testsocktype()
>
> # TODO: Make additional changes to test abstract sockets w/ confinement
> #
> - # * Adjust genprofile to generate af_unix abstract socket rules
> # * Create variables to hold genprofile arguments for socket accesses
> # and initialize them according to socket address type
> # * Remove the following conditional
> --
> 2.1.0
>
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140905/2f03c02b/attachment.pgp>
More information about the AppArmor
mailing list