[apparmor] [00/38] Replace file rule handling with FileRule and FileRuleset classes

Christian Boltz apparmor at cboltz.de
Fri Aug 12 20:40:39 UTC 2016


this patch series introduces the FileRule and FileRuleset classes and
changes several code sections to use these classes instead of the old
'path' hasher.

Basically this is "just" a rewrite of the file rule handling, but it 
also adds some new features like support for rules with leading 
permissions. Nevertheless the total diffstat (excluding tests) results in 
350 lines _less_ code than before :-)

I tried to split the series into not-too-big patches with useful
descriptions to make the review easier. This also means that some things
temporarily don't work if only some of the patches are applied (this is
usually mentioned in the patch description), and get fixed by a later

For testing (both make check and manual testing), I recommend to apply
all patches, not only the first X patches.

BTW: Test coverage jumps from 48% to 56% :-)

If you don't want to manually pull all patches out of the following
mails, you can also download them as tarball:

This file should have the sha256sum

diffstat over all patches in this series:

 utils/aa-mergeprof                     |  455 ++----------
 utils/apparmor/aa.py                   | 1135 ++++++++-----------------------
 utils/apparmor/aamode.py               |  110 ---
 utils/apparmor/aare.py                 |   58 +
 utils/apparmor/cleanprofile.py         |   36 -
 utils/apparmor/regex.py                |   27 
 utils/apparmor/rule/__init__.py        |   72 +-
 utils/apparmor/rule/capability.py      |    2 
 utils/apparmor/rule/change_profile.py  |    2 
 utils/apparmor/rule/dbus.py            |   16 
 utils/apparmor/rule/file.py            |  597 +++++++++++++++-
 utils/apparmor/rule/network.py         |    2 
 utils/apparmor/rule/ptrace.py          |    4 
 utils/apparmor/rule/rlimit.py          |    2 
 utils/apparmor/rule/signal.py          |    4 
 utils/apparmor/severity.py             |   24 
 utils/test/cleanprof_test.out          |    8 
 utils/test/fake_ldd                    |    2 
 utils/test/test-aa.py                  |  149 +++-
 utils/test/test-aare.py                |  114 +++
 utils/test/test-baserule.py            |   17 
 utils/test/test-file.py                | 1174 +++++++++++++++++++++++++++++++--
 utils/test/test-parser-simple-tests.py |   24 
 utils/test/test-regex_matches.py       |   44 -
 utils/test/test-severity.py            |    9 
 25 files changed, 2552 insertions(+), 1535 deletions(-)


Christian Boltz
> Kann ich auf einen Bootloader (lilo oder grub) verzichten,
> falls auf der Festplatte nur 2 Partitionen sind
Klar kannst du. Vorausgesetzt du kannst auch darauf verzichten
das Betriebssystem zu booten.
[> Wolfgang Erlenkötter und Hartmut Meyer in suse-linux]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160812/0d79a5e7/attachment.pgp>

More information about the AppArmor mailing list