[apparmor] [PATCH 5/7] Fix use of FILEGLOB in apparmor.d.pod

Christian Boltz apparmor at cboltz.de
Sat Mar 21 20:00:52 UTC 2015 

Hello,

Am Samstag, 21. März 2015 schrieb John Johansen:
> Refactor FILEGLOB so that it means both quoted and unquoted file
> globs.
> 
> Also
> FILEGLOB was uncorrectly referenced in a few places where it should
> have allowed for quoting.
> 
> There were also a few places that provided a parameter description
> with FILEGLOB without defining that that is full equivalent to
> FILEGLOB.
> 
> Signed-off-by: John Johansen <john.johansen at canonical.com>
> ---
>  parser/apparmor.d.pod | 14 ++++++++++++--
>  1 file changed, 12 insertions(+), 2 deletions(-)
> 
> diff --git a/parser/apparmor.d.pod b/parser/apparmor.d.pod
> index 10808c9..2e54ee6 100644
> --- a/parser/apparmor.d.pod
> +++ b/parser/apparmor.d.pod
...
> -B<FILE RULE> = [ I<QUALIFIERS> ] [ 'owner' ] [ 'file' ] ( ( '"'
> I<FILEGLOB> '"' | I<FILEGLOB> ) I<ACCESS>  | [I<ACCESS> ( '"'
> I<FILEGLOB> '"' | I<FILEGLOB> ) ) [ -E<gt> <EXEC TARGET> ] ','
> +B<FILE RULE> = [ I<QUALIFIERS> ] [ 'owner' ] [ 'file' ] (
> I<FILEGLOB> I<ACCESS>  | [I<ACCESS> I<FILEGLOB> ) [ -E<gt> <EXEC
> TARGET> ] ',' 

That's much more readable :-)

The superfluous "[" in front of the second I<ACCESS> is still there, 
please remove it.

> +
> +B<FILEGLOB> = ( I<QUOTED FILEGLOB> | I<UNQUOTED FILEGLOB> )
> +
> +B<QUOTED FILEGLOB> = '"' I<UNQUOTED FILEGLOB> '"'
> 
> -B<FILEGLOB> = (must start with '/' (after variable expansion),
> B<AARE> have special meanings; see below. May include I<VARIABLE>.
> Rules with embedded spaces or tabs must be quoted. Rules must end
> with '/' to apply to directories.) +B<UNQUOTED FILEGLOB> = (must
> start with '/' (after variable expansion), B<AARE> have special
> meanings; see below. May include I<VARIABLE>. Rules with embedded
> spaces or tabs must be quoted. Rules must end with '/' to apply to
> directories.)
> 
>  B<ACCESS> = ( 'r' | 'w' | 'a' | 'l' | 'k' | 'm' | I<EXEC TRANSITION>
> )+  (not all combinations are allowed; see below.)

With the superfluous "[" removed,
Acked-by: Christian Boltz <apparmor at cboltz.de>


Regards,

Christian Boltz
-- 
Always file a bug: if it's not in Bugzilla, then it's not there ;)
[Pascal Bleser in opensuse-factory]

More information about the AppArmor mailing list