[apparmor] [patch] split off parse_comment() from parse_modifiers()

Christian Boltz apparmor at cboltz.de
Mon May 25 21:47:43 UTC 2015


Hello,

$subject.

This is needed for rule types that don't have modifiers in their regex, for
example rlimit rules.


[ 40-baserule-split-off-parse_comment.diff ]

=== modified file utils/apparmor/rule/__init__.py
--- utils/apparmor/rule/__init__.py     2015-05-25 12:16:58.474813866 +0200
+++ utils/apparmor/rule/__init__.py     2015-05-25 21:42:29.652515284 +0200
@@ -324,6 +324,14 @@
         raise AppArmorBug("get_glob_ext is not available for this rule type!")
 
 
+def parse_comment(matches):
+    '''returns the comment (with a leading space) from the matches object'''
+    comment = ''
+    if matches.group('comment'):
+        # include a space so that we don't need to add it everywhere when writing the rule
+        comment = ' %s' % matches.group('comment')
+    return comment
+
 def parse_modifiers(matches):
     '''returns audit, deny, allow_keyword and comment from the matches object
        - audit, deny and allow_keyword are True/False
@@ -344,10 +352,7 @@
         else:
             raise AppArmorBug("Invalid allow/deny keyword %s" % allowstr)
 
-    comment = ''
-    if matches.group('comment'):
-        # include a space so that we don't need to add it everywhere when writing the rule
-        comment = ' %s' % matches.group('comment')
+    comment = parse_comment(matches)
 
     return (audit, deny, allow_keyword, comment)
 



Regards,

Christian Boltz
-- 
For Linux an additional file permission should be invented:
Stooge-Hidden. You set this permission on every file that average user
does not understand. The flag does hide the file from the average user,
because otherwise average user will cry at you for multiple weeks if
they see the file, which might start to become pretty annoying.
[Robert Schiele in opensuse-factory]




More information about the AppArmor mailing list