mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-05 00:41:03 +01:00
6ae047d0c1
It did this in the old 2.8 code, but didn't in 2.9.x (first there was a
broken hat regex, then I commented out the hat handling to avoid
breakage caused by the broken regex).
This patch makes sure the hat flags get set when setting the flags for
the main profile.
Also change RE_PROFILE_HAT_DEF to use more named matches
(leadingwhitespace and hat_keyword). Luckily all code that uses the
regex uses named matches already, which means adding another (...) pair
doesn't hurt.
Finally adjust the tests:
- change _test_set_flags to accept another optional parameter
expected_more_rules (used to specify the expected hat definition)
- add tests for hats (with '^foobar' and 'hat foobar' syntax)
- add tests for child profiles, one of them commented out (see below)
Remaining known issues (also added as TODO notes):
- The hat and child profile flags are *overwritten* with the flags used
for the main profile. (That's well-known behaviour from 2.8 :-/ but we
have more flags now, which makes this more annoying.)
The correct behaviour would be to add or remove the specified flag,
while keeping other flags unchanged.
- Child profiles are not handled/changed if you specify the 'program'
parameter. This means:
- 'aa-complain smbldap-useradd' or 'aa-complain /usr/sbin/smbldap-useradd'
_will not_ change the flags for the nscd child profile
- 'aa-complain /etc/apparmor.d/usr.sbin.smbldap-useradd' _will_ change
the flags for the nscd child profile (and any other profile and
child profile in that file)
Even with those remaining issues (which need bigger changes in
set_profile_flags() and maybe also in the whole flags handling), the
patch improves things and fixes the regression from the 2.8 code.
Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.9
Bug: https://launchpad.net/bugs/1501913
|
||
|---|---|---|
| .. | ||
| aa_test.py | ||
| cleanprof_test.in | ||
| cleanprof_test.out | ||
| common_test.py | ||
| config_test.py | ||
| easyprof.conf | ||
| logprof.conf | ||
| Makefile | ||
| minitools_test.py | ||
| regex_tests.ini | ||
| runtests-py2.sh | ||
| runtests-py3.sh | ||
| severity.db | ||
| severity_broken.db | ||
| test-aa-decode.py | ||
| test-aa-easyprof.py | ||
| test-aa.py | ||
| test-aamode.py | ||
| test-dbus_parse.py | ||
| test-example.py | ||
| test-logparser.py | ||
| test-mount_parse.py | ||
| test-pivot_root_parse.py | ||
| test-ptrace_parse.py | ||
| test-regex_matches.py | ||
| test-severity.py | ||
| test-signal_parse.py | ||
| test-unix_parse.py | ||