mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-31 07:17:22 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(aa-log): correctly handle remount rule from mount log.

Browse source
This commit is contained in:
Alexandre Pujol 2024-02-29 23:12:19 +00:00
parent 06abeac2ee
commit 3d4dd5c91a
Failed to generate hash of commit
2 changed files with 13 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
pkg/aa/profile.go
View file

@ -91,6 +91,9 @@ func (p *AppArmorProfile) AddRule(log map[string]string) {
p.Rules = append(p.Rules, NetworkFromLog(log)) p.Rules = append(p.Rules, NetworkFromLog(log))
} }
case "mount": case "mount":
if strings.Contains(log["flags"], "remount") {
p.Rules = append(p.Rules, RemountFromLog(log))
} else {
switch log["operation"] { switch log["operation"] {
case "mount": case "mount":
p.Rules = append(p.Rules, MountFromLog(log)) p.Rules = append(p.Rules, MountFromLog(log))
@ -101,6 +104,7 @@ func (p *AppArmorProfile) AddRule(log map[string]string) {
case "pivotroot": case "pivotroot":
p.Rules = append(p.Rules, PivotRootFromLog(log)) p.Rules = append(p.Rules, PivotRootFromLog(log))
} }
}
case "posix_mqueue", "sysv_mqueue": case "posix_mqueue", "sysv_mqueue":
p.Rules = append(p.Rules, MqueueFromLog(log)) p.Rules = append(p.Rules, MqueueFromLog(log))
case "signal": case "signal":

2
pkg/aa/templates/profile.j2
View file

@ -124,7 +124,7 @@
{{- with .Options -}} {{- with .Options -}}
{{ " options=(" }}{{ join . }}{{ ")" }} {{ " options=(" }}{{ join . }}{{ ")" }}
{{- end -}} {{- end -}}
{{- with .Remount -}} {{- with .MountPoint -}}
{{ " " }}{{ . }} {{ " " }}{{ . }}
{{- end -}} {{- end -}}
{{- "," -}} {{- "," -}}