[apparmor] [patch] [1/7] Add a 'details' group to RE_PROFILE_PTRACE

Christian Boltz apparmor at cboltz.de
Tue Dec 8 19:30:29 UTC 2015 

Hello,

as a preparation for the PtraceRule class, add a <details> match group
to RE_PROFILE_PTRACE.

Also adjust test-regex_matches.py for the added group.

Note: RE_PROFILE_PTRACE is only used in aa.py, and only matches[0..2]
are used. 0 and 1 are audit and allow/deny and 2 is and stays the whole
rule (except audit and allow/deny). Therefore no aa.py changes are
needed.


[ 28-add-details-group-to-RE_PROFILE_PTRACE.diff ]

=== modified file ./utils/apparmor/regex.py
--- utils/apparmor/regex.py     2015-11-19 17:42:26.313879200 +0100
+++ utils/apparmor/regex.py     2015-11-23 21:15:07.903293871 +0100
@@ -49,7 +49,7 @@
 RE_PROFILE_DBUS         = re.compile(RE_AUDIT_DENY + '(dbus\s*,|dbus\s+[^#]*\s*,)' + RE_EOL)
 RE_PROFILE_MOUNT        = re.compile(RE_AUDIT_DENY + '((mount|remount|umount|unmount)(\s+[^#]*)?\s*,)' + RE_EOL)
 RE_PROFILE_SIGNAL       = re.compile(RE_AUDIT_DENY + '(signal\s*,|signal(?P<details>\s+[^#]*)\s*,)' + RE_EOL)
-RE_PROFILE_PTRACE       = re.compile(RE_AUDIT_DENY + '(ptrace\s*,|ptrace\s+[^#]*\s*,)' + RE_EOL)
+RE_PROFILE_PTRACE       = re.compile(RE_AUDIT_DENY + '(ptrace\s*,|ptrace(?P<details>\s+[^#]*)\s*,)' + RE_EOL)
 RE_PROFILE_PIVOT_ROOT   = re.compile(RE_AUDIT_DENY + '(pivot_root\s*,|pivot_root\s+[^#]*\s*,)' + RE_EOL)
 RE_PROFILE_UNIX         = re.compile(RE_AUDIT_DENY + '(unix\s*,|unix\s+[^#]*\s*,)' + RE_EOL)
 
=== modified file ./utils/test/test-regex_matches.py
--- utils/test/test-regex_matches.py    2015-11-19 17:42:26.313879200 +0100
+++ utils/test/test-regex_matches.py    2015-11-23 21:29:00.314250380 +0100
@@ -321,14 +321,13 @@
         self.regex = aa.RE_PROFILE_PTRACE
 
     tests = [
-        ('   ptrace,', (None, None, 'ptrace,', None)),
-        ('   audit ptrace,', ('audit', None, 'ptrace,', None)),
-        ('   ptrace trace,', (None, None, 'ptrace trace,', None)),
-        ('   ptrace (tracedby, readby),',
-         (None, None, 'ptrace (tracedby, readby),', None)),
-        ('   audit ptrace (read),', ('audit', None, 'ptrace (read),', None)),
-        ('   ptrace trace peer=/usr/sbin/daemon,',
-         (None, None, 'ptrace trace peer=/usr/sbin/daemon,', None)),
+        #                                            audit      allow  rule                                     rule details                    comment
+        ('   ptrace,',                              (None,      None, 'ptrace,',                                None,                           None)),
+        ('   audit ptrace,',                        ('audit',   None, 'ptrace,',                                None,                           None)),
+        ('   ptrace trace,',                        (None,      None, 'ptrace trace,',                          'trace',                        None)),
+        ('   ptrace (tracedby, readby),',           (None,      None, 'ptrace (tracedby, readby),',             '(tracedby, readby)',           None)),
+        ('   audit ptrace (read),',                 ('audit',   None, 'ptrace (read),',                         '(read)',                       None)),
+        ('   ptrace trace peer=/usr/sbin/daemon,',  (None,      None, 'ptrace trace peer=/usr/sbin/daemon,',    'trace peer=/usr/sbin/daemon',  None)),
 
         ('   ptraceback,', False),
         ('   audit ptraceback,', False),



Regards,

Christian Boltz
-- 
Ich weiß nicht, wieso ihr euch so echauffiert. Die Warnung ist doch
wirklich deutlich zu lesen auf der Packung. Da steht in großen,
deutlichen Lettern: "Microsoft". NATÜRLICH funktioniert das nicht.
Mehr als warnen können sie euch nicht. [Fefe in de.alt.sysadmin.recovery]

More information about the AppArmor mailing list