mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-05 00:41:03 +01:00
a373b4ee93
to use write_header(), and making set_profile_flags
more strict.
Merge from trunk revisions 2996, 2997, and 2998.
Changes in set_profile_flags():
- rewrite set_profile_flags to use parse_profile_start_line() and
write_header().
- replace the silent failure for non-existing files with a proper
exception (using lazy programming - the check is done by removing the
"if os.path.isfile()" check, open_file_read then raises the
exception ;-)
- comment out regex_hat_flag and the code that was supposed to handle
hat flags, which were totally broken. We'll need another patch to fix
it, and we also need to decide if we want to do that because it
introduces a behaviour change (currently, aa-complain etc. don't
change hat flags).
The tests for set_profile_flags() are also updated:
- prepend a space to comments because write_header always adds a space
between '{' and the comment
- remove a test with superfluous quotes that are no longer kept
(that's
just a profile cleanup, so dropping that test is the easiest way)
- update test_set_flags_10 and test_set_flags_12 to use the correct
profile name
- enable the tests for invalid (empty) flags
- update the test for a non-existing file
this patch makes set_profile_flags more strict:
- raise AppArmorBug if newflags contains only whitespace
- raise AppArmorBug if the file doesn't contain the specified profile or
no profile at all
The tests are adjusted to expect AppArmorBug instead of a silent
failure. Also, some tests are added for profile=None, which means to
change the flags for all profiles in a file.
- test_set_flags_08 is now test_set_flags_invalid_04
- test_set_flags_invalid_03 is changed to only contain one reason for
a failure, not two ;-)
Finally implement attachment handling
This patch implements attachment handling - aa-logprof now works with
profiles that have an attachment defined, instead of ignoring audit.log
entries for those profiles.
Changes:
- parse_profile_start_line(): remove workaround that merged the
attachment into the profile name
- parse_profile_data(): store attachment when parsing a profile
- update test_parse_profile_start_03,
test_serialize_parse_profile_start_03,
test_set_flags_nochange_09 and some parse_profile_start_line() tests -
they now expect correct attachment handling
Acked-by: Steve Beattie <steve@nxnw.org>
|
||
|---|---|---|
| .. | ||
| apparmor | ||
| easyprof | ||
| po | ||
| test | ||
| vim | ||
| aa-audit | ||
| aa-audit.pod | ||
| aa-autodep | ||
| aa-autodep.pod | ||
| aa-cleanprof | ||
| aa-cleanprof.pod | ||
| aa-complain | ||
| aa-complain.pod | ||
| aa-decode | ||
| aa-decode.pod | ||
| aa-disable | ||
| aa-disable.pod | ||
| aa-easyprof | ||
| aa-easyprof.pod | ||
| aa-enforce | ||
| aa-enforce.pod | ||
| aa-exec | ||
| aa-exec.pod | ||
| aa-genprof | ||
| aa-genprof.pod | ||
| aa-logprof | ||
| aa-logprof.pod | ||
| aa-mergeprof | ||
| aa-mergeprof.pod | ||
| aa-notify | ||
| aa-notify.pod | ||
| aa-sandbox | ||
| aa-sandbox.pod | ||
| aa-status | ||
| aa-status.pod | ||
| aa-unconfined | ||
| aa-unconfined.pod | ||
| check_po.pl | ||
| logprof.conf | ||
| logprof.conf.pod | ||
| Makefile | ||
| notify.conf | ||
| python-tools-setup.py | ||
| README.md | ||
| severity.db | ||
Known Bugs: Will allow multiple letters in the () due to translation/unicode issues with regexing the key. User input will probably bug out in a different locale.