mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-06 09:21:00 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/utils/test/cleanprof_test.out
Christian Boltz 072d3e0451
Add basic support for abi rules to the tools 
Add basic "understand and keep" support for abi rules, where
"understand" means to not error out when seeing an abi rule, and "keep"
simply means to keep the original abi rule when serializing a profile.

On the long term, abi rules should be parsed (similar to include rules),
but for now, this patch is the smallest possible changeset and easy to
backport.

Note that the only added test is via cleanprof_test.* which is used by
minitools_test.py - and does _not_ run if you do a 'make check'.
Oh, and of course the simple_tests/abi/ files also get parsed by
test-parser-simple-tests.py.

Also note that serialize_profile_from_old_profile() (which no longer
exists in master, "only" in <= 2.13) would in theory also need support
for abi rules. In practise, making this another case of
"serialize_profile_from_old_profile() has known issues" is probably
fine, but we should at least test that "(V)iew changes" doesn't break if
an abi rule is present.
2018-09-26 22:09:17 +02:00

54 lines
854 B
Text
Raw Blame History

abi <abi/4.19> ,
alias /foo -> /bar,
@{asdf} = "" foo
@{xy} = x y
#include <tunables/global>
# A simple test comment which will persist
/usr/bin/a/simple/cleanprof/test/profile {
abi "abi/4.20" ,
#include <abstractions/base>
set rlimit nofile <= 256,
audit capability,
network stream,
dbus send bus=session,
mount options=(rw,suid) /c -> /3,
signal set=(abrt alrm bus chld fpe hup ill int kill pipe quit segv stkflt term trap usr1 usr2),
pivot_root oldroot=/mnt/root/old/,
unix (receive) type=dgram,
unix shutdown addr=@HypotheticalServiceDaemon,
link subset /alpha/beta -> /tmp/**,
allow /home/*/** r,
allow /home/foo/** w,
change_profile,
^foo {
capability dac_override,
/etc/fstab r,
}
}
/usr/bin/other/cleanprof/test/profile {
allow /home/*/** rw,
allow /home/foo/bar r,
}
Reference in a new issue View git blame Copy permalink