On Sat, Mar 07, 2015 at 01:12:40AM +0100, Christian Boltz wrote: > Hello, > > this patch adds support for attachments to write_header(). > > It also fixes a little bug that added the profile keyword if the path > needed quotes (profile "/foo bar" - but "/foo bar" is enough). This was > caused by a regex that always matched on quoted paths (hint: "/ matches > ^[^/] ;-) > > The patch also adds some tests with attachments and updates the test > for the bugfix mentioned above. > > > Now the remaining part is to make sure that prof_data['attachment'] gets > set when parsing the profiles :-) > > > [ 17_write_header_add_attachment.diff ]
Acked-by: Steve Beattie <[email protected]>, thanks > === modified file utils/apparmor/aa.py > --- utils/apparmor/aa.py 2015-03-07 00:54:28.593218514 +0100 > +++ utils/apparmor/aa.py 2015-03-07 00:58:19.299575047 +0100 > @@ -3285,10 +3289,15 @@ > def write_header(prof_data, depth, name, embedded_hat, write_flags): > pre = ' ' * depth > data = [] > + unquoted_name = name > name = quote_if_needed(name) > > - if (not embedded_hat and re.search('^[^/]|^"[^/]', name)) or > (embedded_hat and re.search('^[^^]', name)): > - name = 'profile %s' % name > + attachment = '' > + if prof_data['attachment']: > + attachment = ' %s' % quote_if_needed(prof_data['attachment']) > + > + if (not embedded_hat and re.search('^[^/]', unquoted_name)) or > (embedded_hat and re.search('^[^^]', unquoted_name)) or > prof_data['attachment']: > + name = 'profile %s%s' % (name, attachment) > > if write_flags and prof_data['flags']: > data.append('%s%s flags=(%s) {' % (pre, name, prof_data['flags'])) > === modified file utils/test/test-aa.py > --- utils/test/test-aa.py 2015-03-07 00:54:28.676213606 +0100 > +++ utils/test/test-aa.py 2015-03-07 00:59:34.443131176 +0100 > @@ -312,13 +312,19 @@ > # name embedded_hat write_flags depth flags > attachment expected > (['/foo', False, True, 1, 'complain', > None ], ' /foo flags=(complain) {'), > (['/foo', True, True, 1, 'complain', > None ], ' profile /foo flags=(complain) {'), > - (['/foo sp', False, False, 2, 'complain', > None ], ' profile "/foo sp" {'), # XXX why is the profile keyword > added here? > + (['/foo sp', False, False, 2, 'complain', > None ], ' "/foo sp" {'), > (['/foo' ,False, False, 2, 'complain', > None ], ' /foo {'), > (['/foo', True, False, 2, 'complain', > None ], ' profile /foo {'), > (['/foo', False, True, 0, None, > None ], '/foo {'), > (['/foo', True, True, 0, None, > None ], 'profile /foo {'), > (['/foo', False, False, 0, None, > None ], '/foo {'), > (['/foo', True, False, 0, None, > None ], 'profile /foo {'), > + (['bar', False, True, 1, 'complain', > None, ], ' profile bar flags=(complain) {'), > + (['bar', False, True, 1, 'complain', > '/foo' ], ' profile bar /foo flags=(complain) {'), > + (['bar', True, True, 1, 'complain', > '/foo' ], ' profile bar /foo flags=(complain) {'), > + (['bar baz', False, True, 1, None, > '/foo' ], ' profile "bar baz" /foo {'), > + (['bar', True, True, 1, None, > '/foo' ], ' profile bar /foo {'), > + (['bar baz', False, True, 1, 'complain', > '/foo sp' ], ' profile "bar baz" "/foo sp" flags=(complain) {'), > (['^foo', False, True, 1, 'complain', > None ], ' profile ^foo flags=(complain) {'), > (['^foo', True, True, 1, 'complain', > None ], ' ^foo flags=(complain) {'), > ] -- Steve Beattie <[email protected]> http://NxNW.org/~steve/
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
