mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-02-14 14:15:11 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

fix exec_path bug, ignore skipable files

Browse source
This commit is contained in:
nobody43 2024-11-23 19:54:17 +00:00 committed by GitHub
parent 93085ece96
commit f75fa9a3a6
Failed to generate hash of commit
1 changed files with 15 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
tests/profile_check.py
View file

@ -186,14 +186,8 @@ def readApparmorFile(fullpath):
if m.get('profile'): if m.get('profile'):
nestingStacker.append(m.get('profile')) # set early nestingStacker.append(m.get('profile')) # set early
if m.get('attachment') != '@{exec_path}' and not gotAttach: # can be only singular if m.get('attachment') == '@{exec_path}' and not gotAttach: # can be only singular
gotAttach = True gotAttach = True
messages.append({'filename': fullpath,
'profile': getCurrentProfile(nestingStacker),
'severity': 'WARNING',
'line': n,
'reason': "'@{exec_path}' must be defined as main path attachment",
'suggestion': None})
profileMsg = {'filename': fullpath, profileMsg = {'filename': fullpath,
'profile': getCurrentProfile(nestingStacker), 'profile': getCurrentProfile(nestingStacker),
@ -324,6 +318,15 @@ def readApparmorFile(fullpath):
'reason': 'ABI is required', 'reason': 'ABI is required',
'suggestion': abi}) 'suggestion': abi})
# Ensure singular '@{exec_path}'
if not gotAttach:
messages.append({'filename': fullpath,
'profile': None,
'severity': 'WARNING',
'line': None,
'reason': "'@{exec_path}' must be defined as main path attachment",
'suggestion': None})
# Ensure trailing vim syntax # Ensure trailing vim syntax
if line: if line:
trailingSyntax = '# vim:syntax=apparmor\n' trailingSyntax = '# vim:syntax=apparmor\n'
@ -450,10 +453,11 @@ def main(argv):
profile_data = {} profile_data = {}
for path in sorted(profiles): for path in sorted(profiles):
readApparmorFile_Out = readApparmorFile(path) if not is_skippable_file(path):
profilesInFile = readApparmorFile_Out[1] readApparmorFile_Out = readApparmorFile(path)
messages.extend(readApparmorFile_Out[0]) profilesInFile = readApparmorFile_Out[1]
profile_data.update(profilesInFile) messages.extend(readApparmorFile_Out[0])
profile_data.update(profilesInFile)
for m in messages: for m in messages:
if m.get('suggestion'): if m.get('suggestion'):