mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 17:08:09 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(aa): improve comment generation from log map.

Browse source
This commit is contained in:
Alexandre Pujol 2024-05-25 22:03:16 +01:00
parent 744c745394
commit 05de39d92a
Failed to generate hash of commit
1 changed files with 9 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
pkg/aa/base.go
View file

@ -18,38 +18,27 @@ type RuleBase struct {
Optional bool Optional bool
} }
func newRuleFromLog(log map[string]string) RuleBase { func newRuleFromLog(log map[string]string) RuleBase {
fileInherit := false comment := ""
fileInherit, noNewPrivs, optional := false, false, false
if log["operation"] == "file_inherit" { if log["operation"] == "file_inherit" {
fileInherit = true fileInherit = true
} }
if log["error"] == "-1" {
noNewPrivs := false
optional := false
msg := ""
switch log["error"] {
case "-1":
if strings.Contains(log["info"], "optional:") { if strings.Contains(log["info"], "optional:") {
optional = true optional = true
msg = strings.Replace(log["info"], "optional: ", "", 1) comment = strings.Replace(log["info"], "optional: ", "", 1)
} else { } else {
noNewPrivs = true noNewPrivs = true
} }
case "-13":
ignoreProfileInfo := []string{"namespace", "disconnected path"}
for _, info := range ignoreProfileInfo {
if strings.Contains(log["info"], info) {
break
} }
if log["info"] != "" {
comment += " " + log["info"]
} }
msg = log["info"]
default:
}
return RuleBase{ return RuleBase{
IsLineRule: false, IsLineRule: false,
Comment: msg, Comment: comment,
NoNewPrivs: noNewPrivs, NoNewPrivs: noNewPrivs,
FileInherit: fileInherit, FileInherit: fileInherit,
Optional: optional, Optional: optional,