mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
Merge branch 'EmersonBernier/apparmor-patch-1'
Add .pacsave/.pacnew/.dpkg-remove to apparmor parser ignored list See merge request apparmor/apparmor!86 Reviewed-by: intrigeri <intrigeri@debian.org> Acked-by: Christian Boltz <apparmor@cboltz.de> Acked-by: Tyler Hicks <tyhicks@canonical.com>
This commit is contained in:
Tyler Hicks
commit
96b339f870
5 changed files with 28 additions and 14 deletions
|
|
@ -56,6 +56,10 @@ static struct ignored_suffix_t ignored_suffixes[] = {
|
|||
{ ".dpkg-old", 9, 1 },
|
||||
{ ".dpkg-dist", 10, 1 },
|
||||
{ ".dpkg-bak", 9, 1 },
|
||||
{ ".dpkg-remove", 12, 1 },
|
||||
/* Archlinux packaging files */
|
||||
{ ".pacsave", 8, 1 },
|
||||
{ ".pacnew", 7 1 },
|
||||
/* RPM packaging files have traditionally not been silently
|
||||
ignored */
|
||||
{ ".rpmnew", 7, 0 },
|
||||
|
|
|
|||
|
|
@ -46,9 +46,10 @@ program. The B<profiles> may be specified by file name or a directory
|
|||
name containing a set of profiles. If a directory is specified then the
|
||||
B<apparmor_parser> will try to do a profile load for each file in the
|
||||
directory that is not a dot file, or explicitly black listed (*.dpkg-new,
|
||||
*.dpkg-old, *.dpkg-dist, *-dpkg-bak, *.rpmnew, *.rpmsave, *orig, *.rej,
|
||||
*~). The B<apparmor_parser> will fall back to taking input from standard
|
||||
input if a profile or directory is not supplied.
|
||||
*.dpkg-old, *.dpkg-dist, *.dpkg-bak, *.dpkg-remove, *.pacsave, *.pacnew,
|
||||
*.rpmnew, *.rpmsave, *.orig, *.rej, *~).
|
||||
The B<apparmor_parser> will fall back to taking input from standard input if
|
||||
a profile or directory is not supplied.
|
||||
|
||||
The input supplied to B<apparmor_parser> should be in the format described in
|
||||
apparmor.d(5).
|
||||
|
|
|
|||
|
|
@ -117,11 +117,14 @@ skip_profile() {
|
|||
"${profile%\~}" != "${profile}" ] ; then
|
||||
return 1
|
||||
fi
|
||||
# Silently ignore the dpkg files
|
||||
# Silently ignore the dpkg and pacman files
|
||||
if [ "${profile%.dpkg-new}" != "${profile}" -o \
|
||||
"${profile%.dpkg-old}" != "${profile}" -o \
|
||||
"${profile%.dpkg-dist}" != "${profile}" -o \
|
||||
"${profile%.dpkg-bak}" != "${profile}" ] ; then
|
||||
"${profile%.dpkg-bak}" != "${profile}" -o \
|
||||
"${profile%.dpkg-remove}" != "${profile}" -o \
|
||||
"${profile%.pacsave}" != "${profile}" -o \
|
||||
"${profile%.pacnew}" != "${profile}" ] ; then
|
||||
return 2
|
||||
fi
|
||||
|
||||
|
|
|
|||
|
|
@ -2031,7 +2031,7 @@ def is_skippable_file(path):
|
|||
if not basename or basename[0] == '.' or basename == 'README':
|
||||
return True
|
||||
|
||||
skippable_suffix = ('.dpkg-new', '.dpkg-old', '.dpkg-dist', '.dpkg-bak', '.rpmnew', '.rpmsave', '.orig', '.rej', '~')
|
||||
skippable_suffix = ('.dpkg-new', '.dpkg-old', '.dpkg-dist', '.dpkg-bak', '.dpkg-remove', '.pacsave', '.pacnew', '.rpmnew', '.rpmsave', '.orig', '.rej', '~')
|
||||
if basename.endswith(skippable_suffix):
|
||||
return True
|
||||
|
||||
|
|
|
|||
|
|
@ -452,22 +452,28 @@ class AaTest_is_skippable_file(AATest):
|
|||
def test_skippable_04(self):
|
||||
self.assertTrue(is_skippable_file('bin.ping..dpkg-bak'))
|
||||
def test_skippable_05(self):
|
||||
self.assertTrue(is_skippable_file('bin.ping.rpmnew'))
|
||||
self.assertTrue(is_skippable_file('bin.ping.dpkg-remove'))
|
||||
def test_skippable_06(self):
|
||||
self.assertTrue(is_skippable_file('bin.ping.rpmsave'))
|
||||
self.assertTrue(is_skippable_file('bin.ping.pacsave'))
|
||||
def test_skippable_07(self):
|
||||
self.assertTrue(is_skippable_file('bin.ping.orig'))
|
||||
self.assertTrue(is_skippable_file('bin.ping.pacnew'))
|
||||
def test_skippable_08(self):
|
||||
self.assertTrue(is_skippable_file('bin.ping.rej'))
|
||||
self.assertTrue(is_skippable_file('bin.ping.rpmnew'))
|
||||
def test_skippable_09(self):
|
||||
self.assertTrue(is_skippable_file('bin.ping~'))
|
||||
self.assertTrue(is_skippable_file('bin.ping.rpmsave'))
|
||||
def test_skippable_10(self):
|
||||
self.assertTrue(is_skippable_file('.bin.ping'))
|
||||
self.assertTrue(is_skippable_file('bin.ping.orig'))
|
||||
def test_skippable_11(self):
|
||||
self.assertTrue(is_skippable_file('')) # empty filename
|
||||
self.assertTrue(is_skippable_file('bin.ping.rej'))
|
||||
def test_skippable_12(self):
|
||||
self.assertTrue(is_skippable_file('/etc/apparmor.d/')) # directory without filename
|
||||
self.assertTrue(is_skippable_file('bin.ping~'))
|
||||
def test_skippable_13(self):
|
||||
self.assertTrue(is_skippable_file('.bin.ping'))
|
||||
def test_skippable_14(self):
|
||||
self.assertTrue(is_skippable_file('')) # empty filename
|
||||
def test_skippable_15(self):
|
||||
self.assertTrue(is_skippable_file('/etc/apparmor.d/')) # directory without filename
|
||||
def test_skippable_16(self):
|
||||
self.assertTrue(is_skippable_file('README'))
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue