parser: support enforce, kill and unconfined profile modes

The enforce profile mode is the default but specifying it explicitly has not been supported. Allow enforce to be specified as a mode. If no mode is specified the default is still enforce. The kernel has supported kill and unconfined profile modes for a long time now. And support to the parser so that profiles can make use of these modes. MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/440 Fixes: https://gitlab.com/apparmor/apparmor/-/issues/7 Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <sbeattie@ubuntu.com>
2025-08-30 22:05:27 +00:00 · 2018-07-04 09:26:27 -07:00
parent e0d061d15a
commit 0c9884550c
32 changed files with 398 additions and 28 deletions
--- a/parser/parser_interface.c
+++ b/parser/parser_interface.c
@@ -421,7 +421,7 @@ void sd_serialize_profile(std::ostringstream &buf, Profile *profile,
 	sd_write_struct(buf, "flags");
 	/* used to be flags.debug, but that's no longer supported */
 	sd_write_uint32(buf, profile->flags.hat);
-	sd_write_uint32(buf, profile->flags.complain);
+	sd_write_uint32(buf, profile_mode_packed(profile->flags.mode));
 	sd_write_uint32(buf, profile->flags.audit);
 	sd_write_structend(buf);
 	if (profile->flags.path) {