mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-11-14 23:43:56 +01:00
build: enforce the use on the default profile on full mode.
This commit is contained in:
parent
07acb8043b
commit
0d124065b9
@ -47,6 +47,7 @@ func aaPrebuild() error {
|
||||
|
||||
if full {
|
||||
prebuild.Prepares = append(prebuild.Prepares, prebuild.SetFullSystemPolicy)
|
||||
prebuild.Builds = append(prebuild.Builds, prebuild.BuildFullSystemPolicy)
|
||||
} else {
|
||||
prebuild.Prepares = append(prebuild.Prepares, prebuild.SetDefaultSystemd)
|
||||
}
|
||||
|
@ -19,10 +19,13 @@ var Builds = []BuildFunc{
|
||||
}
|
||||
|
||||
var (
|
||||
regAttachments = regexp.MustCompile(`(profile .* @{exec_path})`)
|
||||
regFlags = regexp.MustCompile(`flags=\(([^)]+)\)`)
|
||||
regProfileHeader = regexp.MustCompile(` {`)
|
||||
regAbi4To3 = util.ToRegexRepl([]string{ // Currently Abi3 -> Abi4
|
||||
regAttachments = regexp.MustCompile(`(profile .* @{exec_path})`)
|
||||
regFlags = regexp.MustCompile(`flags=\(([^)]+)\)`)
|
||||
regProfileHeader = regexp.MustCompile(` {`)
|
||||
regFullSystemPolicy = util.ToRegexRepl([]string{
|
||||
`r(PU|U)x,`, `rPx,`,
|
||||
})
|
||||
regAbi4To3 = util.ToRegexRepl([]string{ // Currently Abi3 -> Abi4
|
||||
`abi/3.0`, `abi/4.0`,
|
||||
`# userns,`, `userns,`,
|
||||
})
|
||||
@ -91,3 +94,10 @@ func BuildABI3(profile string) string {
|
||||
}
|
||||
return profile
|
||||
}
|
||||
|
||||
func BuildFullSystemPolicy(profile string) string {
|
||||
for _, full := range regFullSystemPolicy {
|
||||
profile = full.Regex.ReplaceAllString(profile, full.Repl)
|
||||
}
|
||||
return profile
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user