[apparmor] [patch] [1/7] Add a 'details' group to RE_PROFILE_PTRACE
John Johansen
john.johansen at canonical.com
Sat Dec 26 23:33:59 UTC 2015
On 12/08/2015 11:30 AM, Christian Boltz wrote:
> Hello,
>
> as a preparation for the PtraceRule class, add a <details> match group
> to RE_PROFILE_PTRACE.
>
> Also adjust test-regex_matches.py for the added group.
>
> Note: RE_PROFILE_PTRACE is only used in aa.py, and only matches[0..2]
> are used. 0 and 1 are audit and allow/deny and 2 is and stays the whole
> rule (except audit and allow/deny). Therefore no aa.py changes are
> needed.
>
>
So this series (in my poor python review fashion) looks good
Acked-by: John Johansen <john.johansen at canonical.com>
> [ 28-add-details-group-to-RE_PROFILE_PTRACE.diff ]
>
> === modified file ./utils/apparmor/regex.py
> --- utils/apparmor/regex.py 2015-11-19 17:42:26.313879200 +0100
> +++ utils/apparmor/regex.py 2015-11-23 21:15:07.903293871 +0100
> @@ -49,7 +49,7 @@
> RE_PROFILE_DBUS = re.compile(RE_AUDIT_DENY + '(dbus\s*,|dbus\s+[^#]*\s*,)' + RE_EOL)
> RE_PROFILE_MOUNT = re.compile(RE_AUDIT_DENY + '((mount|remount|umount|unmount)(\s+[^#]*)?\s*,)' + RE_EOL)
> RE_PROFILE_SIGNAL = re.compile(RE_AUDIT_DENY + '(signal\s*,|signal(?P<details>\s+[^#]*)\s*,)' + RE_EOL)
> -RE_PROFILE_PTRACE = re.compile(RE_AUDIT_DENY + '(ptrace\s*,|ptrace\s+[^#]*\s*,)' + RE_EOL)
> +RE_PROFILE_PTRACE = re.compile(RE_AUDIT_DENY + '(ptrace\s*,|ptrace(?P<details>\s+[^#]*)\s*,)' + RE_EOL)
> RE_PROFILE_PIVOT_ROOT = re.compile(RE_AUDIT_DENY + '(pivot_root\s*,|pivot_root\s+[^#]*\s*,)' + RE_EOL)
> RE_PROFILE_UNIX = re.compile(RE_AUDIT_DENY + '(unix\s*,|unix\s+[^#]*\s*,)' + RE_EOL)
>
> === modified file ./utils/test/test-regex_matches.py
> --- utils/test/test-regex_matches.py 2015-11-19 17:42:26.313879200 +0100
> +++ utils/test/test-regex_matches.py 2015-11-23 21:29:00.314250380 +0100
> @@ -321,14 +321,13 @@
> self.regex = aa.RE_PROFILE_PTRACE
>
> tests = [
> - (' ptrace,', (None, None, 'ptrace,', None)),
> - (' audit ptrace,', ('audit', None, 'ptrace,', None)),
> - (' ptrace trace,', (None, None, 'ptrace trace,', None)),
> - (' ptrace (tracedby, readby),',
> - (None, None, 'ptrace (tracedby, readby),', None)),
> - (' audit ptrace (read),', ('audit', None, 'ptrace (read),', None)),
> - (' ptrace trace peer=/usr/sbin/daemon,',
> - (None, None, 'ptrace trace peer=/usr/sbin/daemon,', None)),
> + # audit allow rule rule details comment
> + (' ptrace,', (None, None, 'ptrace,', None, None)),
> + (' audit ptrace,', ('audit', None, 'ptrace,', None, None)),
> + (' ptrace trace,', (None, None, 'ptrace trace,', 'trace', None)),
> + (' ptrace (tracedby, readby),', (None, None, 'ptrace (tracedby, readby),', '(tracedby, readby)', None)),
> + (' audit ptrace (read),', ('audit', None, 'ptrace (read),', '(read)', None)),
> + (' ptrace trace peer=/usr/sbin/daemon,', (None, None, 'ptrace trace peer=/usr/sbin/daemon,', 'trace peer=/usr/sbin/daemon', None)),
>
> (' ptraceback,', False),
> (' audit ptraceback,', False),
>
>
>
> Regards,
>
> Christian Boltz
>
More information about the AppArmor
mailing list