[apparmor] [patch] add a named match group to RE_PROFILE_SIGNAL
John Johansen
john.johansen at canonical.com
Wed Nov 18 11:18:37 UTC 2015
On 10/22/2015 04:38 PM, Christian Boltz wrote:
> Hello,
>
> as a preparation for the SignalRule class, add a <details> match group
> to RE_PROFILE_SIGNAL.
>
> Also adjust test-regex_matches.py for the added group.
>
> Note: RE_PROFILE_SIGNAL is only used in aa.py, and only matches[0..2]
> are used. 0 and 1 are audit and allow/deny and 2 is and stays the whole
> rule (except audit and allow/deny). Therefore no aa.py changes are
> needed.
>
>
Acked-by: John Johansen <john.johansen at canonical.com>
> [ 03-add-match-group-to-RE_PROFILE_SIGNAL.diff ]
>
> --- utils/apparmor/regex.py 2015-08-02 23:42:51.717709541 +0200
> +++ utils/apparmor/regex.py 2015-10-22 18:15:32.725675400 +0200
> @@ -48,7 +48,7 @@
> RE_PROFILE_HAT_DEF = re.compile('^(?P<leadingspace>\s*)(?P<hat_keyword>\^|hat\s+)(?P<hat>\"??.+?\"??)\s+((flags=)?\((?P<flags>.+)\)\s+)*\{' + RE_EOL)
> RE_PROFILE_DBUS = re.compile(RE_AUDIT_DENY + '(dbus\s*,|dbus\s+[^#]*\s*,)' + RE_EOL)
> RE_PROFILE_MOUNT = re.compile(RE_AUDIT_DENY + '((mount|remount|umount|unmount)(\s+[^#]*)?\s*,)' + RE_EOL)
> -RE_PROFILE_SIGNAL = re.compile(RE_AUDIT_DENY + '(signal\s*,|signal\s+[^#]*\s*,)' + RE_EOL)
> +RE_PROFILE_SIGNAL = re.compile(RE_AUDIT_DENY + '(signal\s*,|signal(?P<details>\s+[^#]*)\s*,)' + RE_EOL)
> RE_PROFILE_PTRACE = re.compile(RE_AUDIT_DENY + '(ptrace\s*,|ptrace\s+[^#]*\s*,)' + RE_EOL)
> RE_PROFILE_PIVOT_ROOT = re.compile(RE_AUDIT_DENY + '(pivot_root\s*,|pivot_root\s+[^#]*\s*,)' + RE_EOL)
> RE_PROFILE_UNIX = re.compile(RE_AUDIT_DENY + '(unix\s*,|unix\s+[^#]*\s*,)' + RE_EOL)
> --- utils/test/test-regex_matches.py 2015-10-23 01:35:00.332075802 +0200
> +++ utils/test/test-regex_matches.py 2015-10-23 01:34:43.484064929 +0200
> @@ -299,18 +299,14 @@
> self.regex = aa.RE_PROFILE_SIGNAL
>
> tests = [
> - (' signal,', (None, None, 'signal,', None)),
> - (' audit signal,', ('audit', None, 'signal,', None)),
> - (' signal receive,', (None, None, 'signal receive,', None)),
> - (' signal (send, receive),',
> - (None, None, 'signal (send, receive),', None)),
> - (' audit signal (receive),',
> - ('audit', None, 'signal (receive),', None)),
> - (' signal (send, receive) set=(usr1 usr2),',
> - (None, None, 'signal (send, receive) set=(usr1 usr2),', None)),
> - (' signal send set=(hup, quit) peer=/usr/sbin/daemon,',
> - (None, None,
> - 'signal send set=(hup, quit) peer=/usr/sbin/daemon,', None)),
> + (' signal,', (None, None, 'signal,', None, None)),
> + (' audit signal,', ('audit', None, 'signal,', None, None)),
> + (' signal receive,', (None, None, 'signal receive,', 'receive', None)),
> + (' signal (send, receive),', (None, None, 'signal (send, receive),', '(send, receive)', None)),
> + (' audit signal (receive),', ('audit', None, 'signal (receive),', '(receive)', None)),
> + (' signal (send, receive) set=(usr1 usr2),', (None, None, 'signal (send, receive) set=(usr1 usr2),', '(send, receive) set=(usr1 usr2)', None)),
> + (' signal send set=(hup, quit) peer=/usr/sbin/daemon,', (None, None, 'signal send set=(hup, quit) peer=/usr/sbin/daemon,',
> + 'send set=(hup, quit) peer=/usr/sbin/daemon', None)),
>
> (' signalling,', False),
> (' audit signalling,', False),
>
>
> Regards,
>
> Christian Boltz
>
More information about the AppArmor
mailing list