[apparmor] [patch] Move file mode regexes and add "pux"
Christian Boltz
apparmor at cboltz.de
Sun Jul 5 13:25:27 UTC 2015
Hello,
this patch adds the missing "pux" to PROFILE_MODE_RE and
PROFILE_MODE_NT_RE.
Also move those regexes and PROFILE_MODE_DENY_RE directly above
validate_profile_mode() which is the only user.
I propose this patch for trunk and 2.9.
[ 63-move-file-mode-regexes-and-add-pux.diff ]
=== modified file utils/apparmor/aa.py
--- utils/apparmor/aa.py 2015-07-05 14:27:58.668222676 +0200
+++ utils/apparmor/aa.py 2015-07-05 15:12:26.704040136 +0200
@@ -1503,10 +1503,6 @@
return None
-PROFILE_MODE_RE = re.compile('r|w|l|m|k|a|ix|ux|px|cx|pix|cix|Ux|Px|PUx|Cx|Pix|Cix')
-PROFILE_MODE_NT_RE = re.compile('r|w|l|m|k|a|x|ix|ux|px|cx|pix|cix|Ux|Px|PUx|Cx|Pix|Cix')
-PROFILE_MODE_DENY_RE = re.compile('r|w|l|m|k|a|x')
-
##### Repo related functions
def UI_SelectUpdatedRepoProfile(profile, p):
@@ -2426,6 +2422,9 @@
if not is_known_rule(aa[profile][hat], 'network', NetworkRule(family, sock_type)):
log_dict[aamode][profile][hat]['netdomain'][family][sock_type] = True
+PROFILE_MODE_RE = re.compile('r|w|l|m|k|a|ix|ux|px|pux|cx|pix|cix|Ux|Px|PUx|Cx|Pix|Cix')
+PROFILE_MODE_NT_RE = re.compile('r|w|l|m|k|a|x|ix|ux|px|pux|cx|pix|cix|Ux|Px|PUx|Cx|Pix|Cix')
+PROFILE_MODE_DENY_RE = re.compile('r|w|l|m|k|a|x')
def validate_profile_mode(mode, allow, nt_name=None):
if allow == 'deny':
Regards,
Christian Boltz
--
Linux ist ein tolles Dings.....
Es zeigt mir jeden Tag wieder völlig unaufdringlich meine Grenzen, und
zeigt mir was ich alles noch nicht weiß.... [Axel Birndt in suse-linux]
More information about the AppArmor
mailing list