mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

parser: Sync mount options parsing and documentation

Browse source 
There are a number of differences between what the apparmor.d(5) man
page lists as valid AppArmor mount rule options and what apparmor_parser
looks for when parsing mount rules. There are also typos in the man page
and parser around mount options. Here's the breakdown of problems and
fixes made in this patch:

 * The apparmor.d(5) man page improperly documented a "nodirsync"
   option.
   - That mount option does not exist and the parser did not honor it.
     Remove the mention from the apparmor.d(5) man page.
 * The loud option was typoed as "load" in both the man page and parser
   - There's no sense in preserving backwards compatibility. "load" is
     simply wrong and should not be honored. The man page and parser are
     updated to only use "loud".
 * The rbind option wasn't listed in the man page.
   - Add rbind to the man page. No change needed for the parser.
 * The documented unbindable, private, slave, and shared options were
   not correctly parsed. The parser expected
   make-{unbindable,private,slave,shared}.
   - The parser is updated to accept both the documented
     {unbindable,private,slave,shared} options and their variants
     prefixed with "make-". The man page will not document the "make-"
     variants.
 * The recursive {runbindable,rprivate,rslave,rshared} options were not
   documented and were only recognized by the parser if they were
   prefixed with "make-".
   - The man page is updated to document the option strings that are not
     prefixed with "make-". The parser still accepts the "make-"
     variants.
 * The man page documented a "rec" option but the parser didn't honor
   it. The MS_REC macro is used by the mount utility to be bitwise OR'ed
   with MS_{UNBINDABLE,PRIVATE,SLAVE,SHARED} to indicate the
   corresponding recursive mount options.
   - This is not an option that should be exposed in the AppArmor policy
     since we already allow have the
     {runbindable,rprivate,rslave,rshared} options.
 * The man page typoed the {no,}relatime options as {no,}relative.
   - The man page is updated to document the correct option strings. The
     parser requires no change.

Bug: https://bugs.launchpad.net/bugs/1401619

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
Tyler Hicks 2014-12-12 08:20:31 -06:00
parent b3523fa920
commit d336d23e4d
2 changed files with 10 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
parser/apparmor.d.pod
View file

@ -93,7 +93,7 @@ B<MOUNT FLAGS EXPRESSION> = ( I<MOUNT FLAGS LIST> | I<MOUNT EXPRESSION> )
B<MOUNT FLAGS LIST> = Comma separated list of I<MOUNT FLAGS>.
B<MOUNT FLAGS> = ( 'ro' | 'rw' | 'nosuid' | 'suid' | 'nodev' | 'dev' | 'noexec' | 'exec' | 'sync' | 'async' | 'remount' | 'mand' | 'nomand' | 'dirsync' | 'nodirsync' | 'noatime' | 'atime' | 'nodiratime' | 'diratime' | 'bind' | 'move' | 'rec' | 'verbose' | 'silent' | 'load' | 'acl' | 'noacl' | 'unbindable' | 'private' | 'slave' | 'shared' | 'relative' | 'norelative' | 'iversion' | 'noiversion' | 'strictatime' | 'nouser' | 'user' )
B<MOUNT FLAGS> = ( 'ro' | 'rw' | 'nosuid' | 'suid' | 'nodev' | 'dev' | 'noexec' | 'exec' | 'sync' | 'async' | 'remount' | 'mand' | 'nomand' | 'dirsync' | 'noatime' | 'atime' | 'nodiratime' | 'diratime' | 'bind' | 'rbind' | 'move' | 'verbose' | 'silent' | 'loud' | 'acl' | 'noacl' | 'unbindable' | 'runbindable' | 'private' | 'rprivate' | 'slave' | 'rslave' | 'shared' | 'rshared' | 'relatime' | 'norelatime' | 'iversion' | 'noiversion' | 'strictatime' | 'nouser' | 'user' )
B<MOUNT EXPRESSION> = ( I<ALPHANUMERIC> | I<AARE> ) ...

10
parser/mount.cc
View file

@ -259,16 +259,24 @@ static struct mnt_keyword_table mnt_opts_table[] = {
{"R", MS_RBIND, 0},
{"verbose", MS_VERBOSE, 0},
{"silent", MS_SILENT, 0},
{"load", 0, MS_SILENT},
{"loud", 0, MS_SILENT},
{"acl", MS_ACL, 0},
{"noacl", 0, MS_ACL},
{"unbindable", MS_UNBINDABLE, 0},
{"make-unbindable", MS_UNBINDABLE, 0},
{"runbindable", MS_RUNBINDABLE, 0},
{"make-runbindable", MS_RUNBINDABLE, 0},
{"private", MS_PRIVATE, 0},
{"make-private", MS_PRIVATE, 0},
{"rprivate", MS_RPRIVATE, 0},
{"make-rprivate", MS_RPRIVATE, 0},
{"slave", MS_SLAVE, 0},
{"make-slave", MS_SLAVE, 0},
{"rslave", MS_RSLAVE, 0},
{"make-rslave", MS_RSLAVE, 0},
{"shared", MS_SHARED, 0},
{"make-shared", MS_SHARED, 0},
{"rshared", MS_RSHARED, 0},
{"make-rshared", MS_RSHARED, 0},
{"relatime", MS_RELATIME, 0},