apparmor

mirrors/apparmor

Fork 0

mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-06 01:11:00 +01:00

Commit graph

Author	SHA1	Message	Date
Christian Boltz	c1fc2c9011	[13/38] Add ANY_EXEC to FileRule aa-logprof needs to check if an exec rule for a given path exists. This patch adds a __FileAnyExec class to FileRule, as well as ANY_EXEC (which should be used externally, similar to ALL), and adjusts several checks to allow it as a special execute mode. This will allow to use is_covered() (or aa.py is_known_rule()) to find out if execute is permitted, which replaces aa.py profile_known_exec() in one of the following patches. As usual, also add some tests. Acked-by: Steve Beattie <steve@nxnw.org> Note: as discussed, I adjusted the comment for 'pass' around line 240.	2016-10-01 19:53:38 +02:00
Christian Boltz	5431db744f	[11/38] FileRule: Handle duplicated exec permissions The parser accepts duplicated execute permissions as long as they don't conflict. For example, /bin/foo pxpxpxpx, is a valid rule. This patch changes FileRule to also accept those duplicated permissions, even if it's unlikely to hit them outside of the parser tests ;-) Also add some tests to make sure the parsing works as expected. Acked-by: Steve Beattie <steve@nxnw.org>	2016-10-01 19:52:12 +02:00
Christian Boltz	c8e98de53a	[07/38] Add tests for FileRule As usual, we have 100% test coverage - at least until patch 22, which introduces one 'partial' ;-) Acked-by: Seth Arnold <seth.arnold@canonical.com>	2016-10-01 19:49:00 +02:00

Author

SHA1

Message

Date

Christian Boltz

c1fc2c9011

[13/38] Add ANY_EXEC to FileRule

aa-logprof needs to check if an exec rule for a given path exists.

This patch adds a __FileAnyExec class to FileRule, as well as ANY_EXEC
(which should be used externally, similar to ALL), and adjusts several
checks to allow it as a special execute mode.

This will allow to use is_covered() (or aa.py is_known_rule()) to find
out if execute is permitted, which replaces aa.py profile_known_exec()
in one of the following patches.

As usual, also add some tests.



Acked-by: Steve Beattie <steve@nxnw.org>


Note: as discussed, I adjusted the comment for 'pass' around line 240.

2016-10-01 19:53:38 +02:00

Christian Boltz

5431db744f

[11/38] FileRule: Handle duplicated exec permissions

The parser accepts duplicated execute permissions as long as they don't
conflict. For example,
	/bin/foo pxpxpxpx,
is a valid rule.

This patch changes FileRule to also accept those duplicated permissions,
even if it's unlikely to hit them outside of the parser tests ;-)

Also add some tests to make sure the parsing works as expected.


Acked-by: Steve Beattie <steve@nxnw.org>

2016-10-01 19:52:12 +02:00

Christian Boltz

c8e98de53a

[07/38] Add tests for FileRule

As usual, we have 100% test coverage - at least until patch 22, which
introduces one 'partial' ;-)


Acked-by: Seth Arnold <seth.arnold@canonical.com>

2016-10-01 19:49:00 +02:00

3 commits