mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-30 23:05:11 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(aa-log): correctly handle remount rule from mount log.

Browse source
This commit is contained in:
Alexandre Pujol 2024-02-29 23:12:19 +00:00
parent 06abeac2ee
commit 3d4dd5c91a
Failed to generate hash of commit
2 changed files with 13 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
pkg/aa/profile.go
View file

@ -91,15 +91,19 @@ func (p *AppArmorProfile) AddRule(log map[string]string) {
p.Rules = append(p.Rules, NetworkFromLog(log))
}
case "mount":
switch log["operation"] {
case "mount":
p.Rules = append(p.Rules, MountFromLog(log))
case "umount":
p.Rules = append(p.Rules, UmountFromLog(log))
case "remount":
if strings.Contains(log["flags"], "remount") {
p.Rules = append(p.Rules, RemountFromLog(log))
case "pivotroot":
p.Rules = append(p.Rules, PivotRootFromLog(log))
} else {
switch log["operation"] {
case "mount":
p.Rules = append(p.Rules, MountFromLog(log))
case "umount":
p.Rules = append(p.Rules, UmountFromLog(log))
case "remount":
p.Rules = append(p.Rules, RemountFromLog(log))
case "pivotroot":
p.Rules = append(p.Rules, PivotRootFromLog(log))
}
}
case "posix_mqueue", "sysv_mqueue":
p.Rules = append(p.Rules, MqueueFromLog(log))

2
pkg/aa/templates/profile.j2
View file

@ -124,7 +124,7 @@
{{- with .Options -}}
{{ " options=(" }}{{ join . }}{{ ")" }}
{{- end -}}
{{- with .Remount -}}
{{- with .MountPoint -}}
{{ " " }}{{ . }}
{{- end -}}
{{- "," -}}