[apparmor] [patch] [1/7] Add a 'details' group to RE_PROFILE_PTRACE
Christian Boltz
apparmor at cboltz.de
Tue Dec 8 19:30:29 UTC 2015
Hello,
as a preparation for the PtraceRule class, add a <details> match group
to RE_PROFILE_PTRACE.
Also adjust test-regex_matches.py for the added group.
Note: RE_PROFILE_PTRACE is only used in aa.py, and only matches[0..2]
are used. 0 and 1 are audit and allow/deny and 2 is and stays the whole
rule (except audit and allow/deny). Therefore no aa.py changes are
needed.
[ 28-add-details-group-to-RE_PROFILE_PTRACE.diff ]
=== modified file ./utils/apparmor/regex.py
--- utils/apparmor/regex.py 2015-11-19 17:42:26.313879200 +0100
+++ utils/apparmor/regex.py 2015-11-23 21:15:07.903293871 +0100
@@ -49,7 +49,7 @@
RE_PROFILE_DBUS = re.compile(RE_AUDIT_DENY + '(dbus\s*,|dbus\s+[^#]*\s*,)' + RE_EOL)
RE_PROFILE_MOUNT = re.compile(RE_AUDIT_DENY + '((mount|remount|umount|unmount)(\s+[^#]*)?\s*,)' + RE_EOL)
RE_PROFILE_SIGNAL = re.compile(RE_AUDIT_DENY + '(signal\s*,|signal(?P<details>\s+[^#]*)\s*,)' + RE_EOL)
-RE_PROFILE_PTRACE = re.compile(RE_AUDIT_DENY + '(ptrace\s*,|ptrace\s+[^#]*\s*,)' + RE_EOL)
+RE_PROFILE_PTRACE = re.compile(RE_AUDIT_DENY + '(ptrace\s*,|ptrace(?P<details>\s+[^#]*)\s*,)' + RE_EOL)
RE_PROFILE_PIVOT_ROOT = re.compile(RE_AUDIT_DENY + '(pivot_root\s*,|pivot_root\s+[^#]*\s*,)' + RE_EOL)
RE_PROFILE_UNIX = re.compile(RE_AUDIT_DENY + '(unix\s*,|unix\s+[^#]*\s*,)' + RE_EOL)
=== modified file ./utils/test/test-regex_matches.py
--- utils/test/test-regex_matches.py 2015-11-19 17:42:26.313879200 +0100
+++ utils/test/test-regex_matches.py 2015-11-23 21:29:00.314250380 +0100
@@ -321,14 +321,13 @@
self.regex = aa.RE_PROFILE_PTRACE
tests = [
- (' ptrace,', (None, None, 'ptrace,', None)),
- (' audit ptrace,', ('audit', None, 'ptrace,', None)),
- (' ptrace trace,', (None, None, 'ptrace trace,', None)),
- (' ptrace (tracedby, readby),',
- (None, None, 'ptrace (tracedby, readby),', None)),
- (' audit ptrace (read),', ('audit', None, 'ptrace (read),', None)),
- (' ptrace trace peer=/usr/sbin/daemon,',
- (None, None, 'ptrace trace peer=/usr/sbin/daemon,', None)),
+ # audit allow rule rule details comment
+ (' ptrace,', (None, None, 'ptrace,', None, None)),
+ (' audit ptrace,', ('audit', None, 'ptrace,', None, None)),
+ (' ptrace trace,', (None, None, 'ptrace trace,', 'trace', None)),
+ (' ptrace (tracedby, readby),', (None, None, 'ptrace (tracedby, readby),', '(tracedby, readby)', None)),
+ (' audit ptrace (read),', ('audit', None, 'ptrace (read),', '(read)', None)),
+ (' ptrace trace peer=/usr/sbin/daemon,', (None, None, 'ptrace trace peer=/usr/sbin/daemon,', 'trace peer=/usr/sbin/daemon', None)),
(' ptraceback,', False),
(' audit ptraceback,', False),
Regards,
Christian Boltz
--
Ich weiß nicht, wieso ihr euch so echauffiert. Die Warnung ist doch
wirklich deutlich zu lesen auf der Packung. Da steht in großen,
deutlichen Lettern: "Microsoft". NATÜRLICH funktioniert das nicht.
Mehr als warnen können sie euch nicht. [Fefe in de.alt.sysadmin.recovery]
More information about the AppArmor
mailing list