Fix writing "link subset" rules

Writing a "link subset" rule missed a space, which resulted in something like link subset/foo -> /bar, Also add a test rule to tests/cleanprof.* to ensure this doesn't break again.
2025-03-04 08:24:42 +01:00 · 2018-05-06 14:51:19 +02:00 · 2018-05-06 14:51:19 +02:00 · 514535608f
commit 514535608f
parent eca16ae6cf
3 changed files with 5 additions and 1 deletions
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@ -2777,7 +2777,7 @@ def write_link_rules(prof_data, depth, allow):
            to_name = prof_data[allow]['link'][path]['to']
            subset = ''
            if prof_data[allow]['link'][path]['mode'] & apparmor.aamode.AA_LINK_SUBSET:
-                subset = 'subset'
+                subset = 'subset '
            audit = ''
            if prof_data[allow]['link'][path].get('audit', False):
                audit = 'audit '
--- a/utils/test/cleanprof_test.in
+++ b/utils/test/cleanprof_test.in
@ -41,6 +41,8 @@
    ^foo, # hat declarations are obsolete and will be removed when aa-cleanprof or aa-logprof writes the profile


+	link subset /alpha/beta -> /tmp/**,
+
 	allow /home/foo/bar r,
 	allow /home/foo/** w,
 }
--- a/utils/test/cleanprof_test.out
+++ b/utils/test/cleanprof_test.out
@ -18,6 +18,8 @@

  unix (receive) type=dgram,

+  link subset /alpha/beta -> /tmp/**,
+
  allow /home/*/** r,
  allow /home/foo/** w,