[apparmor] [PATCH 1/3] Add support for variable expansion in profile names, and attachments
Christian Boltz
apparmor at cboltz.de
Sat Jun 13 20:29:15 UTC 2015
Hello,
Am Freitag, 12. Juni 2015 schrieb John Johansen:
> --- /dev/null
> +++ b/parser/tst/simple_tests/vars/vars_profile_name_11.sd
> @@ -0,0 +1,9 @@
> +#=DESCRIPTION profiles declared with the profile keyword can begin
> with var
> +#=EXRESULT PASS
> +
> +@{FOO}=bar baz
> +@{BAR}=baz foo
> +
> +profile /does/not/exist@{BAR} @{FOO} {
That doesn't really match the DESCRIPTION ;-) - I'd expect
profile @{BAR} @{FOO}
Besides that, this test should probably be FAIL/TODO (like the next one)
because the expanded attachment doesn't start with a /
Note that this change would make this test a copy of
vars_profile_name_13.sd, so maybe let this test PASS and use
profile @{BAR} /@{FOO}
or change setting the variable to
@{FOO}=/bar /baz
(note the added / to make the attachment valid)
Actually I like changing the variable content more because the patchset
already contains quite some tests using /@{FOO}
> --- /dev/null
> +++ b/parser/tst/simple_tests/vars/vars_profile_name_12.sd
> @@ -0,0 +1,11 @@
> +#=DESCRIPTION profiles declared with the profile keyword can begin
> with var
> +#=EXRESULT FAIL
> +#=TODO
> +# This test needs check on @{FOO} attachment having leading / post
> var expansion
> +
> +@{FOO}=bar baz
> +@{BAR}=baz foo
> +
> +profile /does/not/exist@{BAR} @{FOO} {
profile @{BAR} @{FOO} ? - or change the DESCRIPTION ;-)
> --- /dev/null
> +++ b/parser/tst/simple_tests/vars/vars_profile_name_14.sd
> @@ -0,0 +1,11 @@
> +#=DESCRIPTION reference variables in rules that also have
> alternations +#=EXRESULT PASS
> +#=TODO
> +# This test needs check on @{FOO} attachment having leading / post
> var expansion
> +
> +@{FOO}=bar baz
> +@{BAR}=baz
> +
> +profile @{BAR} @{FOO} {
/@{FOO} ?
> --- /dev/null
> +++ b/parser/tst/simple_tests/vars/vars_profile_name_19.sd
> @@ -0,0 +1,8 @@
> +#=DESCRIPTION var in sub profile name
This test has a hat, not a sub profile ;-)
> +#=EXRESULT PASS
> +
> +@{FOO}=bar
> +
> +profile /does/not/exist {
> + ^@{FOO} { }
> +}
> --- /dev/null
> +++ b/parser/tst/simple_tests/vars/vars_profile_name_20.sd
> @@ -0,0 +1,8 @@
> +#=DESCRIPTION var in sub profile name
hat again ;-)
> +#=EXRESULT PASS
> +
> +@{FOO}=bar
> +
> +profile /does/not/exist {
> + hat foo@{FOO} { }
> +}
> --- /dev/null
> +++ b/parser/tst/simple_tests/vars/vars_profile_name_21.sd
> @@ -0,0 +1,8 @@
> +#=DESCRIPTION var in sub profile name
and again ;-)
> +#=EXRESULT PASS
> +
> +@{FOO}=bar
> +
> +profile /does/not/exist {
> + hat @{FOO} { }
> +}
> --- /dev/null
> +++ b/parser/tst/simple_tests/vars/vars_profile_name_5.sd
> @@ -0,0 +1,8 @@
> +#=DESCRIPTION reference variables in rules that also have
> alternations
> +#=EXRESULT PASS
> +
> +@{FOO}=bar
I don't see an alternation here ;-)
> +profile /does/not /exist@{FOO} {
> + /does/not/exist r,
> +}
Oh, and please change the *_[1-9].sd filenames to *_0[1-9].sd so that
the first tests don't appear in the middle of the directory listing.
Regards,
Christian Boltz
--
Die Meldung verwirrt mich: Es sieht so aus, als würde sich Adobe um die
Sicherheit von Software bemühen, aber die Downloadseiten für Flash und
Acrobat Reader sind immer noch online. Irgendwas stimmt da nicht.
[http://www.heise.de/security/news/foren//forum-225780/msg-21658708/read/]
More information about the AppArmor
mailing list