mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-06 17:31:01 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/utils/test/cleanprof_test.out
Christian Boltz e1af0cdeca
parse_profile_start(): get rid of pps_set_profile 
This value is True if we are in a child profile (not: hat), but that's
information we get "for free", so there's no need to hand it around.
Besides that, it was wrongly set to False for main profiles (which are
not hats).

Remove the pps_set_profile return value from parse_profile_start(), and
always assume True unless we were parsing a hat. For completeness,
explicitely set it to False when parsing a hat.

To make sure child profiles and hats don't get mixed up, add a child
profile to cleanprof_test.{in,out}.

test-libapparmor-test_multi.py always interpreted foo//bar as being
a hat, therefore explicitely mark them as such. (Technically not really
needed since this is the default, but it helps to make things clear.)
2021-04-28 21:22:08 +02:00

69 lines
1.1 KiB
Text
Raw Blame History

abi <abi/4.19>,
alias /foo -> /bar,
include <tunables/global>
include if exists <tunables/nothing>
@{xy} = x y
@{asdf} = "" foo
$foo = false
$bar = true
# A simple test comment which will persist
/usr/bin/a/simple/cleanprof/test/profile {
abi "abi/4.20",
include <abstractions/base>
include if exists <foo>
set rlimit nofile <= 256,
audit capability,
network stream,
dbus send bus=session,
mount options=(rw,suid) /c -> /3,
signal set=(abrt alrm bus chld fpe hup ill int kill pipe quit segv stkflt term trap usr1 usr2),
pivot_root oldroot=/mnt/root/old/,
unix (receive) type=dgram,
unix shutdown addr=@HypotheticalServiceDaemon,
deny owner link /some/thing -> /foo/bar,
allow /home/*/** r,
allow /home/foo/** w,
link subset /alpha/beta -> /tmp/**,
change_profile,
^foo {
capability dac_override,
/etc/fstab r,
}
profile test_child /foobar {
/etc/child rw,
}
}
/usr/bin/other/cleanprof/test/profile {
allow /home/*/** rw,
allow /home/foo/bar r,
}
/what/ever/xattr xattrs=( foo=bar ) flags=( complain ) {
/what/ever r,
}
Reference in a new issue View git blame Copy permalink