mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 16:35:02 +01:00
40e24e9b29
r2637 added support for parsing unix rules, but forgot to add write support. The result was that a profile lost its unix rules when it was saved. This patch adds the write_unix_rules() and write_unix() functions (based on the write_pivot_root() and write_pivot_root_rules() functions) and makes sure they get called at the right place. The cleanprof testcase gets an unix rule added to ensure it's not deleted when writing the profile. (Note that minitools_test.py is not part of the default "make check", however I always run it.) References: https://bugs.launchpad.net/apparmor/+bug/1522938 https://bugzilla.opensuse.org/show_bug.cgi?id=954104 Acked-by: Tyler Hicks <tyhicks@canonical.com> for trunk, 2.10 and 2.9.
20 lines
587 B
Text
20 lines
587 B
Text
# A simple test comment which will persist
|
|
#include <tunables/global>
|
|
|
|
/usr/bin/a/simple/cleanprof/test/profile {
|
|
# Just for the heck of it, this comment wont see the day of light
|
|
#include <abstractions/base>
|
|
#Below rule comes from abstractions/base
|
|
allow /usr/share/X11/locale/** r,
|
|
allow /home/*/** r,
|
|
unix (receive) type=dgram,
|
|
allow /home/foo/bar r,
|
|
allow /home/foo/** w,
|
|
}
|
|
|
|
/usr/bin/other/cleanprof/test/profile {
|
|
# This one shouldn't be affected by the processing
|
|
# However this comment will be wiped, need to change that
|
|
allow /home/*/** rw,
|
|
allow /home/foo/bar r,
|
|
}
|