Re: [apparmor] [patch 1/8] testsuite - move /proc/attr generation to mkprofile

Thu, 12 Jan 2012 02:08:34 -0800 

On 01/12/2012 10:08 AM, Steve Beattie wrote:
> This patch moves the generation of the rules that grant write access
> to /proc/*/attr/current to mkprofile.pl from prologue.inc.
> 
Acked-by: John Johansen <[email protected]>

> ---
>  tests/regression/apparmor/mkprofile.pl |    8 ++++++--
>  tests/regression/apparmor/prologue.inc |   13 ++-----------
>  2 files changed, 8 insertions(+), 13 deletions(-)
> 
> Index: b/tests/regression/apparmor/mkprofile.pl
> ===================================================================
> --- a/tests/regression/apparmor/mkprofile.pl
> +++ b/tests/regression/apparmor/mkprofile.pl
> @@ -32,7 +32,7 @@ sub usage {
>    print STDERR "  help:        print this message\n";
>  }
>  
> -&usage && exit 0 if ($help || @ARGV < 1); 
> +&usage && exit 0 if ($help || @ARGV < 1);
>  
>  sub emit_netdomain {
>    my $rule = shift;
> @@ -95,13 +95,17 @@ sub emit_hat {
>      (!$nowarn) && print STDERR "Warning: invalid hat description '$rule', 
> ignored\n";
>    } else {
>      $hat = $rules[1];
> -    $output_rules{$hat} = ( );
> +    # give every profile/hat access to change_hat
> +    @{$output_rules{$hat}} = ( "  /proc/*/attr/current w,\n",);
>    }
>  }
>  
>  my $bin = shift @ARGV;
>  !(-e $bin || $nowarn) && print STDERR "Warning: execname '$bin': no such 
> file or directory\n";
>  
> +# give every profile/hat access to change_hat
> +emit_file("/proc/*/attr/current:w");
> +
>  for my $rule (@ARGV) {
>    #($fn, @rules) = split (/:/, $rule);
>    if ($rule =~ /^(tcp|udp)/) {
> Index: b/tests/regression/apparmor/prologue.inc
> ===================================================================
> --- a/tests/regression/apparmor/prologue.inc
> +++ b/tests/regression/apparmor/prologue.inc
> @@ -433,9 +433,7 @@ fi
>                                ;;
>               esac
>  
> -             #give every profile/hat access to change_hat
> -             args[0]="/proc/*/attr/current:w"
> -             num_args=1
> +             num_args=0
>               while [ $# -gt 0 ]
>               do
>                       arg="$1"
> @@ -447,15 +445,8 @@ fi
>                               eval emit_profile \"$imagename\" \"$imageperm\" 
> \
>                                       $(for i in $(seq 0 $((${num_args} - 
> 1))) ; do echo \"\${args[${i}]}\" ; done)
>                               num_emitted=$((num_emitted + 1))
> -                             #give every profile/hat access to change_hat
> -                             args[0]="/proc/*/attr/current:w"
> -                             num_args=1
> +                             num_args=0
>                               continue 2
> -                     elif [ ${arg:0:4} == "hat:" ] ; then
> -                             args[${num_args}]=${arg}
> -                             num_args=$(($num_args + 1))
> -                             args[${num_args}]="/proc/*/attr/current:w"
> -                             num_args=$(($num_args + 1))
>                       else
>                               args[${num_args}]=${arg}
>                               num_args=$(($num_args + 1))
> 
> 
> -- AppArmor mailing list [email protected] Modify settings or 
> unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
> 


-- 
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Reply via email to