From 0cc659cdb44d24e19565369149b61237e2255d5f Mon Sep 17 00:00:00 2001 From: John Johansen Date: Wed, 23 Apr 2014 11:39:59 -0700 Subject: [PATCH] change syntax of ptrace target change from ptrace /foo, to ptrace peer=/foo, Signed-off-by: John Johansen Signed-off-by: Steve Beattie --- parser/parser_yacc.y | 7 +------ parser/ptrace.c | 13 ++++++++----- parser/ptrace.h | 2 +- 3 files changed, 10 insertions(+), 12 deletions(-) diff --git a/parser/parser_yacc.y b/parser/parser_yacc.y index ca6610c6b..814283139 100644 --- a/parser/parser_yacc.y +++ b/parser/parser_yacc.y @@ -1349,12 +1349,7 @@ opt_ptrace_perm: { /* nothing */ $$ = 0; } ptrace_rule: TOK_PTRACE opt_ptrace_perm opt_conds TOK_END_OF_RULE { - ptrace_rule *ent = new ptrace_rule($2, $3, NULL); - $$ = ent; - } - | TOK_PTRACE opt_ptrace_perm opt_conds TOK_ID TOK_END_OF_RULE - { - ptrace_rule *ent = new ptrace_rule($2, $3, $4); + ptrace_rule *ent = new ptrace_rule($2, $3); $$ = ent; } diff --git a/parser/ptrace.c b/parser/ptrace.c index 05a458447..1bdea8fee 100644 --- a/parser/ptrace.c +++ b/parser/ptrace.c @@ -39,14 +39,17 @@ void ptrace_rule::move_conditionals(struct cond_entry *conds) if (!cond_ent->eq) yyerror("keyword \"in\" is not allowed in ptrace rules\n"); - /* no valid conditionals atm */ - yyerror("invalid ptrace rule conditional \"%s\"\n", - cond_ent->name); + if (strcmp(cond_ent->name, "peer") == 0) { + move_conditional_value("ptrace", &peer_label, cond_ent); + } else { + yyerror("invalid ptrace rule conditional \"%s\"\n", + cond_ent->name); + } } } -ptrace_rule::ptrace_rule(int mode_p, struct cond_entry *conds, char *peer): - peer_label(peer), audit(0), deny(0) +ptrace_rule::ptrace_rule(int mode_p, struct cond_entry *conds): + peer_label(NULL), audit(0), deny(0) { if (mode_p) { if (mode_p & ~AA_VALID_PTRACE_PERMS) diff --git a/parser/ptrace.h b/parser/ptrace.h index 7d2a7ca55..bbcf1eaf1 100644 --- a/parser/ptrace.h +++ b/parser/ptrace.h @@ -37,7 +37,7 @@ public: int audit; int deny; - ptrace_rule(int mode, struct cond_entry *conds, char *peer); + ptrace_rule(int mode, struct cond_entry *conds); virtual ~ptrace_rule() { free(peer_label);