change syntax of ptrace target

change from
  ptrace /foo,

to
  ptrace peer=/foo,

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Steve Beattie <steve@nxnw.org>

parser/parser_yacc.y

@@ -1349,12 +1349,7 @@ opt_ptrace_perm: { /* nothing */ $$ = 0; }
 
 ptrace_rule: TOK_PTRACE opt_ptrace_perm opt_conds TOK_END_OF_RULE
 	{
-		ptrace_rule *ent = new ptrace_rule($2, $3, NULL);
+		ptrace_rule *ent = new ptrace_rule($2, $3);
-		$$ = ent;
-	}
-	|  TOK_PTRACE opt_ptrace_perm opt_conds TOK_ID TOK_END_OF_RULE
-	{
-		ptrace_rule *ent = new ptrace_rule($2, $3, $4);
 		$$ = ent;
 	}
 

parser/ptrace.c

@@ -39,14 +39,17 @@ void ptrace_rule::move_conditionals(struct cond_entry *conds)
 		if (!cond_ent->eq)
 			yyerror("keyword \"in\" is not allowed in ptrace rules\n");
 
-		/* no valid conditionals atm */
+		if (strcmp(cond_ent->name, "peer") == 0) {
-		yyerror("invalid ptrace rule conditional \"%s\"\n",
+			move_conditional_value("ptrace", &peer_label, cond_ent);
-			cond_ent->name);
+		} else {
+			yyerror("invalid ptrace rule conditional \"%s\"\n",
+				cond_ent->name);
+		}
 	}
 }
 
-ptrace_rule::ptrace_rule(int mode_p, struct cond_entry *conds, char *peer):
+ptrace_rule::ptrace_rule(int mode_p, struct cond_entry *conds):
-	peer_label(peer), audit(0), deny(0)
+	peer_label(NULL), audit(0), deny(0)
 {
 	if (mode_p) {
 		if (mode_p & ~AA_VALID_PTRACE_PERMS)

parser/ptrace.h

@@ -37,7 +37,7 @@ public:
 	int audit;
 	int deny;
 
-	ptrace_rule(int mode, struct cond_entry *conds, char *peer);
+	ptrace_rule(int mode, struct cond_entry *conds);
 	virtual ~ptrace_rule()
 	{
 		free(peer_label);