mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 16:35:02 +01:00
94a2db187a
Change hat declarations ("^hat,") are no longer supported (see previous
patch for details). Therefore remove support for writing them.
This also means to completely remove the 'declared' flag, which was only
needed for hat declarations, and was (after the previous patch) always
set to False.
Also add a hat to the cleanprof_test.{in,out} test profile to make sure
aa-cleanprof doesn't break hats, and a hat declaration with the same
name to make sure it gets removed and doesn't break the "real" hat.
Acked-by: Kshitij Gupta <kgupta8592@gmail.com>
28 lines
756 B
Text
28 lines
756 B
Text
# A simple test comment which will persist
|
|
#include <tunables/global>
|
|
|
|
/usr/bin/a/simple/cleanprof/test/profile {
|
|
# Just for the heck of it, this comment wont see the day of light
|
|
#include <abstractions/base>
|
|
#Below rule comes from abstractions/base
|
|
allow /usr/share/X11/locale/** r,
|
|
allow /home/*/** r,
|
|
|
|
^foo {
|
|
/etc/fstab r,
|
|
capability dac_override,
|
|
}
|
|
|
|
^foo, # hat declarations are obsolete and will be removed when aa-cleanprof or aa-logprof writes the profile
|
|
|
|
|
|
allow /home/foo/bar r,
|
|
allow /home/foo/** w,
|
|
}
|
|
|
|
/usr/bin/other/cleanprof/test/profile {
|
|
# This one shouldn't be affected by the processing
|
|
# However this comment will be wiped, need to change that
|
|
allow /home/*/** rw,
|
|
allow /home/foo/bar r,
|
|
}
|