[apparmor] [patch] add support for attachments to write_header()
Christian Boltz
apparmor at cboltz.de
Sat Mar 7 00:12:40 UTC 2015
Hello,
this patch adds support for attachments to write_header().
It also fixes a little bug that added the profile keyword if the path
needed quotes (profile "/foo bar" - but "/foo bar" is enough). This was
caused by a regex that always matched on quoted paths (hint: "/ matches
^[^/] ;-)
The patch also adds some tests with attachments and updates the test
for the bugfix mentioned above.
Now the remaining part is to make sure that prof_data['attachment'] gets
set when parsing the profiles :-)
[ 17_write_header_add_attachment.diff ]
=== modified file utils/apparmor/aa.py
--- utils/apparmor/aa.py 2015-03-07 00:54:28.593218514 +0100
+++ utils/apparmor/aa.py 2015-03-07 00:58:19.299575047 +0100
@@ -3285,10 +3289,15 @@
def write_header(prof_data, depth, name, embedded_hat, write_flags):
pre = ' ' * depth
data = []
+ unquoted_name = name
name = quote_if_needed(name)
- if (not embedded_hat and re.search('^[^/]|^"[^/]', name)) or (embedded_hat and re.search('^[^^]', name)):
- name = 'profile %s' % name
+ attachment = ''
+ if prof_data['attachment']:
+ attachment = ' %s' % quote_if_needed(prof_data['attachment'])
+
+ if (not embedded_hat and re.search('^[^/]', unquoted_name)) or (embedded_hat and re.search('^[^^]', unquoted_name)) or prof_data['attachment']:
+ name = 'profile %s%s' % (name, attachment)
if write_flags and prof_data['flags']:
data.append('%s%s flags=(%s) {' % (pre, name, prof_data['flags']))
=== modified file utils/test/test-aa.py
--- utils/test/test-aa.py 2015-03-07 00:54:28.676213606 +0100
+++ utils/test/test-aa.py 2015-03-07 00:59:34.443131176 +0100
@@ -312,13 +312,19 @@
# name embedded_hat write_flags depth flags attachment expected
(['/foo', False, True, 1, 'complain', None ], ' /foo flags=(complain) {'),
(['/foo', True, True, 1, 'complain', None ], ' profile /foo flags=(complain) {'),
- (['/foo sp', False, False, 2, 'complain', None ], ' profile "/foo sp" {'), # XXX why is the profile keyword added here?
+ (['/foo sp', False, False, 2, 'complain', None ], ' "/foo sp" {'),
(['/foo' ,False, False, 2, 'complain', None ], ' /foo {'),
(['/foo', True, False, 2, 'complain', None ], ' profile /foo {'),
(['/foo', False, True, 0, None, None ], '/foo {'),
(['/foo', True, True, 0, None, None ], 'profile /foo {'),
(['/foo', False, False, 0, None, None ], '/foo {'),
(['/foo', True, False, 0, None, None ], 'profile /foo {'),
+ (['bar', False, True, 1, 'complain', None, ], ' profile bar flags=(complain) {'),
+ (['bar', False, True, 1, 'complain', '/foo' ], ' profile bar /foo flags=(complain) {'),
+ (['bar', True, True, 1, 'complain', '/foo' ], ' profile bar /foo flags=(complain) {'),
+ (['bar baz', False, True, 1, None, '/foo' ], ' profile "bar baz" /foo {'),
+ (['bar', True, True, 1, None, '/foo' ], ' profile bar /foo {'),
+ (['bar baz', False, True, 1, 'complain', '/foo sp' ], ' profile "bar baz" "/foo sp" flags=(complain) {'),
(['^foo', False, True, 1, 'complain', None ], ' profile ^foo flags=(complain) {'),
(['^foo', True, True, 1, 'complain', None ], ' ^foo flags=(complain) {'),
]
Regards,
Christian Boltz
--
> Und fuer die Jahre-Hiersein finde ich die zwei Ergebnisse
> (unechte Mini-FAQ und Etikette) recht duenn!!!!!!!!
Ich glaub es hackt. Du kannst ja das Geld zurück verlangen, wenn es Dir
nicht paßt. [> toRBEN pOLLmann und Bernd Brodesser in suse-linux]
More information about the AppArmor
mailing list