On Fri, Aug 12, 2016 at 10:45:59PM +0200, Christian Boltz wrote: > Hello, > > $subject. > > For now, use an additional regex RE_PROFILE_FILE_ENTRY to avoid > breakage of the existing code by the added match groups. > > The regex includes support for file rules with leading and trailing > permissions as well as bare file rules. > > Note: even with the restriction to the permission letters we actually > use, it's in theory still possible that a future additional rule type or > permission letter might lead to additional matches for other rule types. > Therefore the parsing code should check for all other rule types before > matching for file rules. > > > [ 04-path-rule-regex-named-match.diff ]
Acked-by: Seth Arnold <[email protected]> Thanks > > --- utils/apparmor/regex.py 2016-01-16 21:43:16.935778920 +0100 > +++ utils/apparmor/regex.py 2016-01-16 21:44:09.979448746 +0100 > @@ -82,6 +82,27 @@ > RE_COMMA_EOL) > > > +# RE_PATH_PERMS is as restrictive as possible, but might still cause > mismatches when adding different rule types. > +# Therefore parsing code should match against file rules only after trying > to match all other rule types. > +RE_PATH_PERMS = '(?P<%s>[mrwalkPUCpucix]+)' > + > +# XXX drop RE_PROFILE_PATH_ENTRY, RE_PROFILE_BARE_FILE_ENTRY and RE_OWNER > after switching to this regex > +RE_PROFILE_FILE_ENTRY = re.compile( > + RE_AUDIT_DENY + > + '(?P<owner>owner\s+)?' + # optionally: <owner> > + '(' + > + '(?P<bare_file>file)' + # bare 'file,' > + '|' + # or > + '(?P<file_keyword>file\s+)?' + # optional 'file' keyword > + '(' + > + RE_PROFILE_PATH_OR_VAR % 'path' + '\s+' + RE_PATH_PERMS % > 'perms' + # path and perms > + '|' + # or > + RE_PATH_PERMS % 'perms2' + '\s+' + RE_PROFILE_PATH_OR_VAR % > 'path2' + # perms and path > + ')' + > + '(\s+->\s*' + RE_PROFILE_NAME % 'target' + ')?' + > + ')' + > + RE_COMMA_EOL) > + > > def parse_profile_start_line(line, filename): > matches = RE_PROFILE_START.search(line) > > >
signature.asc
Description: PGP signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
