[apparmor] [patch] Add network mpls and ib to rule/network.py and the apparmor.d manpage

Christian Boltz apparmor at cboltz.de
Mon Aug 24 17:47:53 UTC 2015 

Hello,

$subject.

Those two showed up in apparmor.vim when building on latest openSUSE
tumbleweed.

The manpage change should also go into 2.9, but since we are missing
more network domain keywords (and various other things), that should
be done as a big merge patch.


[ 84-add-network-mpls-ib.diff ]

=== modified file ./utils/apparmor/rule/network.py
--- utils/apparmor/rule/network.py      2015-07-17 00:19:58.574811968 +0200
+++ utils/apparmor/rule/network.py      2015-08-24 19:33:00.445291390 +0200
@@ -27,7 +27,7 @@
 network_domain_keywords   = [ 'unix', 'inet', 'ax25', 'ipx', 'appletalk', 'netrom', 'bridge', 'atmpvc', 'x25', 'inet6',
                               'rose', 'netbeui', 'security', 'key', 'netlink', 'packet', 'ash', 'econet', 'atmsvc', 'rds', 'sna',
                               'irda', 'pppox', 'wanpipe', 'llc', 'can', 'tipc', 'bluetooth', 'iucv', 'rxrpc', 'isdn', 'phonet',
-                              'ieee802154', 'caif', 'alg', 'nfc', 'vsock' ]
+                              'ieee802154', 'caif', 'alg', 'nfc', 'vsock', 'mpls', 'ib' ]
 
 network_type_keywords     = ['stream', 'dgram', 'seqpacket', 'rdm', 'raw', 'packet']
 network_protocol_keywords = ['tcp', 'udp', 'icmp']
--- parser/apparmor.d.pod       2015-07-11 14:26:30.374110864 +0200
+++ parser/apparmor.d.pod       2015-08-24 19:34:08.893196537 +0200
@@ -103,7 +103,7 @@
 
 B<NETWORK RULE> = [ I<QUALIFIERS> ] 'network' [ I<DOMAIN> ] [ I<TYPE> | I<PROTOCOL> ]
 
-B<DOMAIN> = ( 'inet' | 'ax25' | 'ipx' | 'appletalk' | 'netrom' | 'bridge' | 'atmpvc' | 'x25' | 'inet6' | 'rose' | 'netbeui' | 'security' | 'key' | 'packet' | 'ash' | 'econet' | 'atmsvc' | 'sna' | 'irda' | 'pppox' | 'wanpipe' | 'bluetooth' | 'netlink' | 'unix' | 'rds' | 'llc' | 'can' | 'tipc' | 'iucv' | 'rxrpc' | 'isdn' | 'phonet' | 'ieee802154' | 'caif' | 'alg' | 'nfc' | 'vsock' ) ','
+B<DOMAIN> = ( 'inet' | 'ax25' | 'ipx' | 'appletalk' | 'netrom' | 'bridge' | 'atmpvc' | 'x25' | 'inet6' | 'rose' | 'netbeui' | 'security' | 'key' | 'packet' | 'ash' | 'econet' | 'atmsvc' | 'sna' | 'irda' | 'pppox' | 'wanpipe' | 'bluetooth' | 'netlink' | 'unix' | 'rds' | 'llc' | 'can' | 'tipc' | 'iucv' | 'rxrpc' | 'isdn' | 'phonet' | 'ieee802154' | 'caif' | 'alg' | 'nfc' | 'vsock' | 'mpls' | 'ib' ) ','
 
 B<TYPE> = ( 'stream' | 'dgram' | 'seqpacket' |  'rdm' | 'raw' | 'packet' )
 



Regards,

Christian Boltz
-- 
Life used to be simpler when apple and blackberry were just fruits!
[from https://bugzilla.novell.com/quips.cgi]

More information about the AppArmor mailing list