mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-05 17:01:00 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/utils/test/cleanprof_test.out
Christian Boltz e5d38807df
Store variables in active_profiles (ProfileList) 
... instead of filelist[file]['lvar'], and also write them from there.

Also fix detection of variable definitions inside a profile, which is
not allowed.

Note that ProfileList has a different write order than the old code -
first includes, then variable definitions. This makes more sense because
typical profiles first include tunables/global, and then define
additonal variables (that might use variables from tunables/global) or
extend variables defined in tunables/global.

This change also fixes some problems with the simple_test test profiles.
The "adding to non-existing variable" check currently doesn't exist,
which "fixes" lp:1331856.

OTOH this also means that such cases are not detected, therefore add
vars_bad_add_assignment_1.sd to the exception_not_raised list.

The check will be re-added in a later commit
in get_all_merged_variables().
2020-05-27 13:32:44 +02:00

61 lines
1 KiB
Text
Raw Blame History

abi <abi/4.19>,
alias /foo -> /bar,
include <tunables/global>
include if exists <tunables/nothing>
@{xy} = x y
@{asdf} = "" foo
# A simple test comment which will persist
/usr/bin/a/simple/cleanprof/test/profile {
abi "abi/4.20",
include <abstractions/base>
include if exists <foo>
set rlimit nofile <= 256,
audit capability,
network stream,
dbus send bus=session,
mount options=(rw,suid) /c -> /3,
signal set=(abrt alrm bus chld fpe hup ill int kill pipe quit segv stkflt term trap usr1 usr2),
pivot_root oldroot=/mnt/root/old/,
unix (receive) type=dgram,
unix shutdown addr=@HypotheticalServiceDaemon,
deny owner link /some/thing -> /foo/bar,
allow /home/*/** r,
allow /home/foo/** w,
link subset /alpha/beta -> /tmp/**,
change_profile,
^foo {
capability dac_override,
/etc/fstab r,
}
}
/usr/bin/other/cleanprof/test/profile {
allow /home/*/** rw,
allow /home/foo/bar r,
}
/what/ever/xattr xattrs=( foo=bar ) flags=( complain ) {
/what/ever r,
}
Reference in a new issue View git blame Copy permalink