From 8377dde5d2f58ad7f40c268d22b4d2f66e839a02 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sat, 29 Jun 2024 22:33:45 +0100 Subject: [PATCH] feat(aa): update templates to last struct changes. --- pkg/aa/templates/rule/file.j2 | 15 ++++++--------- pkg/aa/templates/rule/io_uring.j2 | 6 ++++-- pkg/aa/templates/rule/mount.j2 | 10 ++++++++++ pkg/aa/templates/rule/mqueue.j2 | 4 ++++ pkg/aa/templates/rule/pivot_root.j2 | 3 +++ pkg/aa/templates/rule/ptrace.j2 | 2 ++ pkg/aa/templates/rule/qualifier.j2 | 5 ++--- pkg/aa/templates/rule/rlimit.j2 | 14 ++++++++++++-- pkg/aa/templates/rule/signal.j2 | 3 +++ pkg/aa/templates/rule/unix.j2 | 5 +++++ 10 files changed, 51 insertions(+), 16 deletions(-) diff --git a/pkg/aa/templates/rule/file.j2 b/pkg/aa/templates/rule/file.j2 index 8fc82698..52a41a31 100644 --- a/pkg/aa/templates/rule/file.j2 +++ b/pkg/aa/templates/rule/file.j2 @@ -7,11 +7,10 @@ {{- if .Owner -}} {{- "owner " -}} {{- end -}} + {{- .Padding 2 -}} {{- .Path -}} {{- " " -}} - {{- with .Padding -}} - {{ . }} - {{- end -}} + {{- .Padding 3 -}} {{- range .Access -}} {{- . -}} {{- end -}} @@ -19,9 +18,7 @@ {{ " -> " }}{{ . }} {{- end -}} {{- "," -}} - {{- with .Suffix -}} - {{ . }} - {{- end -}} + {{- .Padding 4 -}} {{- template "comment" . -}} {{- end -}} @@ -30,18 +27,18 @@ {{- if .Owner -}} {{- "owner " -}} {{- end -}} + {{- .Padding 2 -}} {{- "link " -}} {{- if .Subset -}} {{- "subset " -}} {{- end -}} + {{- .Padding 3 -}} {{- .Path -}} {{- " " -}} {{- with .Target -}} {{ "-> " }}{{ . }} {{- end -}} {{- "," -}} - {{- with .Suffix -}} - {{ . }} - {{- end -}} + {{- .Padding 4 -}} {{- template "comment" . -}} {{- end -}} diff --git a/pkg/aa/templates/rule/io_uring.j2 b/pkg/aa/templates/rule/io_uring.j2 index 78e1aa17..2bbaeda5 100644 --- a/pkg/aa/templates/rule/io_uring.j2 +++ b/pkg/aa/templates/rule/io_uring.j2 @@ -5,12 +5,14 @@ {{- define "io_uring" -}} {{- template "qualifier" . -}} {{- "io_uring" -}} - {{- range .Access -}} - {{ " " }}{{ . }} + {{- with .Access -}} + {{ " " }}{{ cjoin . }} {{- end -}} + {{- .Padding 2 -}} {{- with .Label -}} {{ " label=" }}{{ . }} {{- end -}} {{- "," -}} + {{- .Padding 3 -}} {{- template "comment" . -}} {{- end -}} diff --git a/pkg/aa/templates/rule/mount.j2 b/pkg/aa/templates/rule/mount.j2 index c97ead10..31e83567 100644 --- a/pkg/aa/templates/rule/mount.j2 +++ b/pkg/aa/templates/rule/mount.j2 @@ -8,16 +8,20 @@ {{- with .FsType -}} {{ " fstype=" }}{{ . }} {{- end -}} + {{- .Padding 2 -}} {{- with .Options -}} {{ " options=" }}{{ cjoin . }} {{- end -}} + {{- .Padding 3 -}} {{- with .Source -}} {{ " " }}{{ . }} {{- end -}} + {{- .Padding 4 -}} {{- with .MountPoint -}} {{ " -> " }}{{ . }} {{- end -}} {{- "," -}} + {{- .Padding 5 -}} {{- template "comment" . -}} {{- end -}} @@ -27,13 +31,16 @@ {{- with .FsType -}} {{ " fstype=" }}{{ . }} {{- end -}} + {{- .Padding 2 -}} {{- with .Options -}} {{ " options=" }}{{ cjoin . }} {{- end -}} + {{- .Padding 3 -}} {{- with .MountPoint -}} {{ " " }}{{ . }} {{- end -}} {{- "," -}} + {{- .Padding 4 -}} {{- template "comment" . -}} {{- end -}} @@ -43,12 +50,15 @@ {{- with .FsType -}} {{ " fstype=" }}{{ . }} {{- end -}} + {{- .Padding 2 -}} {{- with .Options -}} {{ " options=" }}{{ cjoin . }} {{- end -}} + {{- .Padding 3 -}} {{- with .MountPoint -}} {{ " " }}{{ . }} {{- end -}} {{- "," -}} + {{- .Padding 4 -}} {{- template "comment" . -}} {{- end -}} diff --git a/pkg/aa/templates/rule/mqueue.j2 b/pkg/aa/templates/rule/mqueue.j2 index e2df2756..47147be4 100644 --- a/pkg/aa/templates/rule/mqueue.j2 +++ b/pkg/aa/templates/rule/mqueue.j2 @@ -8,15 +8,19 @@ {{- with .Access -}} {{ " " }}{{ cjoin . }} {{- end -}} + {{- .Padding 2 -}} {{- with .Type -}} {{ " type=" }}{{ . }} {{- end -}} + {{- .Padding 3 -}} {{- with .Label -}} {{ " label=" }}{{ . }} {{- end -}} + {{- .Padding 4 -}} {{- with .Name -}} {{ " " }}{{ . }} {{- end -}} {{- "," -}} + {{- .Padding 5 -}} {{- template "comment" . -}} {{- end -}} diff --git a/pkg/aa/templates/rule/pivot_root.j2 b/pkg/aa/templates/rule/pivot_root.j2 index d779e2c1..678617ca 100644 --- a/pkg/aa/templates/rule/pivot_root.j2 +++ b/pkg/aa/templates/rule/pivot_root.j2 @@ -8,12 +8,15 @@ {{- with .OldRoot -}} {{ " oldroot=" }}{{ . }} {{- end -}} + {{- .Padding 2 -}} {{- with .NewRoot -}} {{ " " }}{{ . }} {{- end -}} + {{- .Padding 3 -}} {{- with .TargetProfile -}} {{ " -> " }}{{ . }} {{- end -}} {{- "," -}} + {{- .Padding 4 -}} {{- template "comment" . -}} {{- end -}} \ No newline at end of file diff --git a/pkg/aa/templates/rule/ptrace.j2 b/pkg/aa/templates/rule/ptrace.j2 index c499890b..5f4fe356 100644 --- a/pkg/aa/templates/rule/ptrace.j2 +++ b/pkg/aa/templates/rule/ptrace.j2 @@ -8,9 +8,11 @@ {{- with .Access -}} {{ " " }}{{ cjoin . }} {{- end -}} + {{- .Padding 2 -}} {{- with .Peer -}} {{ " peer=" }}{{ . }} {{- end -}} {{- "," -}} + {{- .Padding 3 -}} {{- template "comment" . -}} {{- end -}} \ No newline at end of file diff --git a/pkg/aa/templates/rule/qualifier.j2 b/pkg/aa/templates/rule/qualifier.j2 index ed89f63e..a0ff554e 100644 --- a/pkg/aa/templates/rule/qualifier.j2 +++ b/pkg/aa/templates/rule/qualifier.j2 @@ -3,13 +3,12 @@ {{- /* SPDX-License-Identifier: GPL-2.0-only */ -}} {{- define "qualifier" -}} - {{- with .Prefix -}} - {{ . }} - {{- end -}} {{- if .Audit -}} {{- "audit " -}} {{- end -}} + {{- .Padding 0 -}} {{- if eq .AccessType "deny" -}} {{- "deny " -}} {{- end -}} + {{- .Padding 1 -}} {{- end -}} diff --git a/pkg/aa/templates/rule/rlimit.j2 b/pkg/aa/templates/rule/rlimit.j2 index 5061c1c4..c6996ac2 100644 --- a/pkg/aa/templates/rule/rlimit.j2 +++ b/pkg/aa/templates/rule/rlimit.j2 @@ -3,5 +3,15 @@ {{- /* SPDX-License-Identifier: GPL-2.0-only */ -}} {{- define "rlimit" -}} - {{ "set rlimit " }}{{ .Key }} {{ .Op }} {{ .Value }}{{ "," }}{{ template "comment" . }} -{{- end -}} \ No newline at end of file + {{- "set rlimit " -}} + {{- .Key -}} + {{- " " -}} + {{- .Padding 2 -}} + {{- .Op -}} + {{- " " -}} + {{- .Padding 3 -}} + {{- .Value -}} + {{- "," -}} + {{- .Padding 4 -}} + {{- template "comment" . -}} +{{- end -}} diff --git a/pkg/aa/templates/rule/signal.j2 b/pkg/aa/templates/rule/signal.j2 index b56085d8..fd2edd99 100644 --- a/pkg/aa/templates/rule/signal.j2 +++ b/pkg/aa/templates/rule/signal.j2 @@ -8,12 +8,15 @@ {{- with .Access -}} {{ " " }}{{ cjoin . }} {{- end -}} + {{- .Padding 2 -}} {{- with .Set -}} {{ " set=" }}{{ cjoin . }} {{- end -}} + {{- .Padding 3 -}} {{- with .Peer -}} {{ " peer=" }}{{ . }} {{- end -}} {{- "," -}} + {{- .Padding 4 -}} {{- template "comment" . -}} {{- end -}} \ No newline at end of file diff --git a/pkg/aa/templates/rule/unix.j2 b/pkg/aa/templates/rule/unix.j2 index 531eaaf9..fae6a542 100644 --- a/pkg/aa/templates/rule/unix.j2 +++ b/pkg/aa/templates/rule/unix.j2 @@ -8,18 +8,23 @@ {{- with .Access -}} {{ " " }}{{ cjoin . }} {{- end -}} + {{- .Padding 2 -}} {{- with .Type -}} {{ " type=" }}{{ . }} {{- end -}} + {{- .Padding 3 -}} {{- with .Protocol -}} {{ " protocol=" }}{{ . }} {{- end -}} + {{- .Padding 4 -}} {{- with .Address -}} {{ " addr=" }}{{ . }} {{- end -}} + {{- .Padding 5 -}} {{- with .Label -}} {{ " label=" }}{{ . }} {{- end -}} + {{- .Padding 6 -}} {{- if and .PeerLabel .PeerAddr -}} {{ " peer=(label=" }}{{ .PeerLabel }}{{ ", addr="}}{{ .PeerAddr }}{{ ")" }} {{- else -}}