<div dir="ltr">Hello,<br><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Dec 26, 2015 at 10:13 PM, Christian Boltz <span dir="ltr"><<a href="mailto:apparmor@cboltz.de" target="_blank">apparmor@cboltz.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello,<br>
<br>
to ensure aa-cleanprof works as expected (and writing the rules works<br>
as expected), add some rules for every rule class to the <a href="http://cleanprof.in" rel="noreferrer" target="_blank">cleanprof.in</a><br>
and cleanprof.out test profiles.<br>
<br>
<br>
[ 48-add-more-ruletypes-to-cleanprof-test.diff ]<br>
<br>
=== modified file ./utils/test/<a href="http://cleanprof_test.in" rel="noreferrer" target="_blank">cleanprof_test.in</a><br>
--- utils/test/<a href="http://cleanprof_test.in" rel="noreferrer" target="_blank">cleanprof_test.in</a> 2015-12-12 13:34:40.549997194 +0100<br>
+++ utils/test/<a href="http://cleanprof_test.in" rel="noreferrer" target="_blank">cleanprof_test.in</a> 2015-12-26 17:11:27.034328693 +0100<br>
@@ -4,12 +4,32 @@<br>
/usr/bin/a/simple/cleanprof/test/profile {<br>
# Just for the heck of it, this comment wont see the day of light<br>
#include <abstractions/base><br>
+<br>
+ capability sys_admin,<br>
+ audit capability,<br>
+<br>
+ change_profile -> /bin/foo,<br>
+ change_profile,<br>
+<br>
+ network inet stream,<br>
+ network stream,<br>
+<br>
#Below rule comes from abstractions/base<br>
allow /usr/share/X11/locale/** r,<br>
allow /home/*/** r,<br>
<br>
+ ptrace tracedby peer=/bin/strace,<br>
+ ptrace tracedby,<br>
unix (receive) type=dgram,<br>
<br>
+ set rlimit nofile <= 256,<br>
+ set rlimit nofile <= 64,<br>
+<br>
+ signal set=(hup int quit ill trap abrt)<br>
+ set=(bus,fpe,,,kill,usr1)<br>
+ set=segv set=usr2 set=pipe set=alrm set=term set=stkflt set=chld,<br>
+ signal set=(hup int quit),<br>
+<br>
^foo {<br>
/etc/fstab r,<br>
capability dac_override,<br>
=== modified file ./utils/test/cleanprof_test.out<br>
--- utils/test/cleanprof_test.out 2015-12-12 13:34:40.549997194 +0100<br>
+++ utils/test/cleanprof_test.out 2015-12-26 17:14:06.105337830 +0100<br>
@@ -6,11 +6,23 @@<br>
/usr/bin/a/simple/cleanprof/test/profile {<br>
#include <abstractions/base><br>
<br>
+ set rlimit nofile <= 256,<br>
+<br>
+ audit capability,<br>
+<br>
+ network stream,<br>
+<br>
+ signal set=(abrt alrm bus chld fpe hup ill int kill pipe quit segv stkflt term trap usr1 usr2),<br>
+<br>
+ ptrace tracedby,<br>
+<br>
unix (receive) type=dgram,<br>
<br>
/home/*/** r,<br>
/home/foo/** w,<br>
<br>
+ change_profile,<br>
+<br>
<br>
^foo {<br>
capability dac_override,<br>
<br></blockquote><div>While the two profiles and the test looks good to me, it wouldn't hurt to have a set of more experienced eyes take a look.<br><br>Acked-by: Kshitij Gupta <<a href="mailto:kgupta8592@gmail.com" target="_blank">kgupta8592@gmail.com</a>> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Regards,<br>
<br>
Christian Boltz<br>
<span class=""><font color="#888888">--<br>
> > of course, now everybody will claim how bad it is to fix bugs which<br>
> > people rely on;<br>
> No, I wont claim that, in fact I would argue against keeping any bug<br>
> on which people relies on (known as "backwards compatibility")<br>
I should have excluded you from the list of everybody...<br>
[> Cristian Rodríguez and (>>) Dominique Leuenberger in opensuse-factory]<br>
</font></span><br>--<br>
AppArmor mailing list<br>
<a href="mailto:AppArmor@lists.ubuntu.com">AppArmor@lists.ubuntu.com</a><br>
Modify settings or unsubscribe at: <a href="https://lists.ubuntu.com/mailman/listinfo/apparmor" rel="noreferrer" target="_blank">https://lists.ubuntu.com/mailman/listinfo/apparmor</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr"><div>Regards,<br><br></div>Kshitij Gupta<br></div></div>
</div></div>