[apparmor] [patch] Let the parser reject ambiguous unit 'm' for rlimit rttime

Christian Boltz apparmor at cboltz.de
Fri May 22 11:39:40 UTC 2015 

Hello,

we allow units for rlimit rules to be shortened - instead of 'minutes',
it's also possible to use 'minute', 'min' or just 'm'.

However, rlimit rttime also allows to specify milliseconds ('ms') which
can also be shortened to 'm'.

This patch lets the parser reject 'm' for rlimit rttime because it
isn't obvious if 'ms' or 'minutes' was meant (at least the current code
interprets it as the more strict 'ms'). It also adds a test profile that
is expected to fail with this patch applied.


Warning: This patch is completely untested, and it's the first time I
change something in a *.y file - so please double-check it ;-)


[ parser-rlimit-rttime-ambiguous-m.diff ]

=== modified file 'parser/parser_yacc.y'
--- parser/parser_yacc.y        2015-03-25 22:09:26 +0000
+++ parser/parser_yacc.y        2015-05-22 00:07:48 +0000
@@ -885,6 +885,8 @@
                                        yyerror("RLIMIT '%s' invalid value %s\n", $4, $6);
                                if (*end == '\0') {
                                        value = tmp;
+                               } else if (*end == 'm\0') {
+                                       yyerror("RLIMIT '%s' ambiguous value %s - use either 'ms' or 'minutes'\n", $4, $6);
                                } else if (strstr(milliseconds, end) == milliseconds) {
                                        value = tmp * 1000;
                                } else if (strstr(seconds, end) == seconds) {

=== added file 'parser/tst/simple_tests/rlimits/bad_rlimit_01.sd'
--- parser/tst/simple_tests/rlimits/bad_rlimit_01.sd    1970-01-01 00:00:00 +0000
+++ parser/tst/simple_tests/rlimits/bad_rlimit_01.sd    2015-05-22 00:08:06 +0000
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION realtime time rlimit test with ambiguous unit 'm' which could mean 'ms' or 'minutes'
+#=EXRESULT FAIL
+
+profile rlimit {
+  set rlimit rttime <= 60m,
+}


It seems copy&paste breaks the tabs, therefore I'm also attaching the 
patch as file.


Regards,

Christian Boltz
-- 
[Subject: Re: hpdarm bei Systemstart]
Äh, sorry, es geht natürlich um hdparm, nicht um die Gedärme eines hp:-)
[Heinrich Eisterer in suse-linux]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: parser-rlimit-rttime-ambiguous-m.diff
Type: text/x-patch
Size: 939 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150522/120211d9/attachment.bin>

More information about the AppArmor mailing list