mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 16:35:02 +01:00
a44b6ce0a2
Bug: https://bugzilla.novell.com/show_bug.cgi?id=895495 We define the __unused macro as a shortcut for __attribute__((unused)) to quiet compiler warnings for functions where an argument is unused, for whatever reason. However, on 64 bit architectures, older glibc's bits/stat.h header defines an array variable with the name __unused that collides with our macro and causes the parser to fail to build, because the resulting macro expansion generates invalid C code. This commit fixes the issue by removing the __unused macro where it's not needed (mod_apparmor) and renaming it to 'unused' elsewhere. It also in some instances reorders the arguments so that the unused macro appears last consistently. Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: Seth Arnold <seth.arnold@canonical.com> Acked-by: John Johansen <john.johansen@canonical.com> Acked-by: Tyler Hicks <tyhicks@canonical.com>
150 lines
4 KiB
C++
150 lines
4 KiB
C++
/*
|
|
* Copyright (c) 2010
|
|
* Canonical, Ltd. (All rights reserved)
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of version 2 of the GNU General Public
|
|
* License published by the Free Software Foundation.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, contact Novell, Inc. or Canonical
|
|
* Ltd.
|
|
*/
|
|
|
|
#ifndef __AA_MOUNT_H
|
|
#define __AA_MOUNT_H
|
|
|
|
#include <ostream>
|
|
|
|
#include "parser.h"
|
|
#include "rule.h"
|
|
|
|
|
|
#define MS_RDONLY (1 << 0)
|
|
#define MS_RW 0
|
|
#define MS_NOSUID (1 << 1)
|
|
#define MS_SUID 0
|
|
#define MS_NODEV (1 << 2)
|
|
#define MS_DEV 0
|
|
#define MS_NOEXEC (1 << 3)
|
|
#define MS_EXEC 0
|
|
#define MS_SYNC (1 << 4)
|
|
#define MS_ASYNC 0
|
|
#define MS_REMOUNT (1 << 5)
|
|
#define MS_MAND (1 << 6)
|
|
#define MS_NOMAND 0
|
|
#define MS_DIRSYNC (1 << 7)
|
|
#define MS_NODIRSYNC 0
|
|
#define MS_NOATIME (1 << 10)
|
|
#define MS_ATIME 0
|
|
#define MS_NODIRATIME (1 << 11)
|
|
#define MS_DIRATIME 0
|
|
#define MS_BIND (1 << 12)
|
|
#define MS_MOVE (1 << 13)
|
|
#define MS_REC (1 << 14)
|
|
#define MS_VERBOSE (1 << 15)
|
|
#define MS_SILENT (1 << 15)
|
|
#define MS_LOAD 0
|
|
#define MS_ACL (1 << 16)
|
|
#define MS_NOACL 0
|
|
#define MS_UNBINDABLE (1 << 17)
|
|
#define MS_PRIVATE (1 << 18)
|
|
#define MS_SLAVE (1 << 19)
|
|
#define MS_SHARED (1 << 20)
|
|
#define MS_RELATIME (1 << 21)
|
|
#define MS_NORELATIME 0
|
|
#define MS_IVERSION (1 << 23)
|
|
#define MS_NOIVERSION 0
|
|
#define MS_STRICTATIME (1 << 24)
|
|
#define MS_NOUSER (1 << 31)
|
|
#define MS_USER 0
|
|
|
|
#define MS_ALL_FLAGS (MS_RDONLY | MS_NOSUID | MS_NODEV | MS_NOEXEC | \
|
|
MS_SYNC | MS_REMOUNT | MS_MAND | MS_DIRSYNC | \
|
|
MS_NOATIME | MS_NODIRATIME | MS_BIND | MS_MOVE | \
|
|
MS_REC | MS_VERBOSE | MS_ACL | MS_UNBINDABLE | \
|
|
MS_PRIVATE | MS_SLAVE | MS_SHARED | MS_RELATIME | \
|
|
MS_IVERSION | MS_STRICTATIME | MS_USER)
|
|
|
|
#define MS_RBIND (MS_BIND | MS_REC)
|
|
#define MS_RUNBINDABLE (MS_UNBINDABLE | MS_REC)
|
|
#define MS_RPRIVATE (MS_PRIVATE | MS_REC)
|
|
#define MS_RSLAVE (MS_SLAVE | MS_REC)
|
|
#define MS_RSHARED (MS_SHARED | MS_REC)
|
|
|
|
/* set of flags we don't use but define (but not with the kernel values)
|
|
* for MNT_FLAGS
|
|
*/
|
|
#define MS_ACTIVE 0
|
|
#define MS_BORN 0
|
|
#define MS_KERNMOUNT 0
|
|
|
|
/* from kernel fs/namespace.c - set of flags masked off */
|
|
#define MNT_FLAGS (MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_ACTIVE | \
|
|
MS_BORN | MS_NOATIME | MS_NODIRATIME | MS_RELATIME| \
|
|
MS_KERNMOUNT | MS_STRICTATIME)
|
|
|
|
#define MS_BIND_FLAGS (MS_BIND | MS_REC)
|
|
#define MS_MAKE_FLAGS ((MS_UNBINDABLE | MS_PRIVATE | MS_SLAVE | MS_SHARED | \
|
|
MS_REC) | (MS_ALL_FLAGS & ~(MNT_FLAGS)))
|
|
#define MS_MOVE_FLAGS (MS_MOVE)
|
|
|
|
#define MS_CMDS (MS_MOVE | MS_REMOUNT | MS_BIND | MS_PRIVATE | MS_SLAVE | \
|
|
MS_SHARED | MS_UNBINDABLE)
|
|
#define MS_REMOUNT_FLAGS (MS_ALL_FLAGS & ~(MS_CMDS & ~MS_REMOUNT))
|
|
|
|
#define MNT_SRC_OPT 1
|
|
#define MNT_DST_OPT 2
|
|
|
|
#define MNT_COND_FSTYPE 1
|
|
#define MNT_COND_OPTIONS 2
|
|
|
|
#define AA_MAY_PIVOTROOT 1
|
|
#define AA_MAY_MOUNT 2
|
|
#define AA_MAY_UMOUNT 4
|
|
#define AA_MATCH_CONT 0x40
|
|
#define AA_AUDIT_MNT_DATA AA_MATCH_CONT
|
|
#define AA_DUMMY_REMOUNT 0x40000000 /* dummy perm for remount rule - is
|
|
* remapped to a mount option*/
|
|
|
|
|
|
class mnt_rule: public rule_t {
|
|
public:
|
|
char *mnt_point;
|
|
char *device;
|
|
char *trans;
|
|
struct value_list *dev_type;
|
|
struct value_list *opts;
|
|
|
|
unsigned int flags, inv_flags;
|
|
|
|
int allow, audit;
|
|
int deny;
|
|
|
|
mnt_rule(struct cond_entry *src_conds, char *device_p,
|
|
struct cond_entry *dst_conds unused, char *mnt_point_p,
|
|
int allow_p);
|
|
virtual ~mnt_rule()
|
|
{
|
|
free_value_list(opts);
|
|
free_value_list(dev_type);
|
|
free(device);
|
|
free(mnt_point);
|
|
free(trans);
|
|
}
|
|
|
|
virtual ostream &dump(ostream &os);
|
|
virtual int expand_variables(void);
|
|
virtual int gen_policy_re(Profile &prof);
|
|
virtual void post_process(Profile &prof unused);
|
|
};
|
|
|
|
int is_valid_mnt_cond(const char *name, int src);
|
|
|
|
|
|
#endif /* __AA_MOUNT_H */
|