diff --git a/pkg/aa/resolve.go b/pkg/aa/resolve.go index df97c2aa..ec640de3 100644 --- a/pkg/aa/resolve.go +++ b/pkg/aa/resolve.go @@ -22,12 +22,12 @@ var ( // Resolve resolves variables and includes definied in the profile preamble func (f *AppArmorProfileFile) Resolve() error { // Resolve preamble includes - for _, include := range f.Preamble.GetIncludes() { - err := f.resolveInclude(include) - if err != nil { - return err - } - } + // for _, include := range f.Preamble.GetIncludes() { + // err := f.resolveInclude(include) + // if err != nil { + // return err + // } + // } // Resolve variables for _, variable := range f.Preamble.GetVariables() { diff --git a/pkg/prebuild/builder/core.go b/pkg/prebuild/builder/core.go index e6512820..40321bb1 100644 --- a/pkg/prebuild/builder/core.go +++ b/pkg/prebuild/builder/core.go @@ -58,7 +58,7 @@ func Run(file *paths.Path, profile string) (string, error) { for _, b := range Builds { profile, err = b.Apply(opt, profile) if err != nil { - return "", err + return "", fmt.Errorf("%s %s: %w", b.Name(), opt.File, err) } } return profile, nil diff --git a/pkg/prebuild/builder/userspace.go b/pkg/prebuild/builder/userspace.go index a8bbbf6e..7060d2b1 100644 --- a/pkg/prebuild/builder/userspace.go +++ b/pkg/prebuild/builder/userspace.go @@ -30,10 +30,21 @@ func init() { } func (b Userspace) Apply(opt *Option, profile string) (string, error) { - p := aa.DefaultTunables() - p.ParseVariables(profile) - p.ResolveAttachments() - att := p.NestAttachments() + if ok, _ := opt.File.IsInsideDir(cfg.RootApparmord.Join("abstractions")); ok { + return profile, nil + } + if ok, _ := opt.File.IsInsideDir(cfg.RootApparmord.Join("tunables")); ok { + return profile, nil + } + + f := aa.DefaultTunables() + if err := f.Parse(profile); err != nil { + return "", err + } + if err := f.Resolve(); err != nil { + return "", err + } + att := f.GetDefaultProfile().GetAttachments() matches := regAttachments.FindAllString(profile, -1) if len(matches) > 0 { strheader := strings.Replace(matches[0], "@{exec_path}", att, -1) diff --git a/pkg/prebuild/directive/core.go b/pkg/prebuild/directive/core.go index 8c068981..b94e2fdd 100644 --- a/pkg/prebuild/directive/core.go +++ b/pkg/prebuild/directive/core.go @@ -71,11 +71,11 @@ func Run(file *paths.Path, profile string) (string, error) { opt := NewOption(file, match) drtv, ok := Directives[opt.Name] if !ok { - return "", fmt.Errorf("Unknown directive: %s", opt.Name) + return "", fmt.Errorf("Unknown directive '%s' in %s", opt.Name, opt.File) } profile, err = drtv.Apply(opt, profile) if err != nil { - return "", err + return "", fmt.Errorf("%s %s: %w", drtv.Name(), opt.File, err) } } return profile, nil diff --git a/pkg/prebuild/directive/exec.go b/pkg/prebuild/directive/exec.go index 0dc1aec6..0a8caf2b 100644 --- a/pkg/prebuild/directive/exec.go +++ b/pkg/prebuild/directive/exec.go @@ -2,6 +2,8 @@ // Copyright (C) 2021-2024 Alexandre Pujol // SPDX-License-Identifier: GPL-2.0-only +// TODO: Local variables in profile header need to be resolved + package directive import ( @@ -40,8 +42,8 @@ func (d Exec) Apply(opt *Option, profileRaw string) (string, error) { for name := range opt.ArgMap { profiletoTransition := util.MustReadFile(cfg.RootApparmord.Join(name)) dstProfile := aa.DefaultTunables() - dstProfile.ParseVariables(profiletoTransition) - for _, variable := range dstProfile.Variables { + dstProfile.Parse(profiletoTransition) + for _, variable := range dstProfile.Preamble.GetVariables() { if variable.Name == "exec_path" { for _, v := range variable.Values { rules = append(rules, &aa.File{ @@ -57,7 +59,7 @@ func (d Exec) Apply(opt *Option, profileRaw string) (string, error) { aa.IndentationLevel = strings.Count( strings.SplitN(opt.Raw, Keyword, 1)[0], aa.Indentation, ) - rules.Sort() + rules = rules.Sort() new := rules.String() new = new[:len(new)-1] return strings.Replace(profileRaw, opt.Raw, new, -1), nil