mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-04 00:05:14 +00:00
Code Issues Releases Wiki Activity

mount: accept fstype and options in any order

Browse Source 
Note: If multiple fstype= or options= are given, this is not detected as
an error (to keep the regex simpler). When writing back such a rule,
only one fstype and options will "survive".

Adjust the exclude list in test-parser-simple-tests.py accordingly:
- several valid mount rules no longer fail
- two invalid mount rules which so far accidentally raised an exception
  because of the fstype/options order no longer raise this exception
  (conflicting mount options, which are the real reason why these rules
  are invalid, are not detected in the tools)

Fixes: https://gitlab.com/apparmor/apparmor/-/issues/501
(cherry picked from commit 7726c86b79)
Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
Christian Boltz
2025-04-05 19:18:09 +02:00
committed by John Johansen
parent f70e8998ba
commit 31569f9f7d
2 changed files with 6 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
utils/apparmor/rule/mount.py
View File

@@ -54,7 +54,10 @@ option_pattern = r'\s*(\boption(s?)\b\s*(?P<options_equals_or_in>=|in)\s*'\
r'(?P<options>\(\s*(' + join_valid_flags + r')(' + sep + r'(' + join_valid_flags + r'))*\s*\)|' \ r'(?P<options>\(\s*(' + join_valid_flags + r')(' + sep + r'(' + join_valid_flags + r'))*\s*\)|' \
r'(\s*' + join_valid_flags + r')'\ r'(\s*' + join_valid_flags + r')'\
r'))?' r'))?'
mount_condition_pattern = rf'({fs_type_pattern})?\s*({option_pattern})?'
# allow any order of fstype and options
# Note: also matches if multiple fstype= or options= are given to keep the regex simpler
mount_condition_pattern = rf'({fs_type_pattern}\s*|{option_pattern}\s*)*'
# Source can either be # Source can either be
# - A path : /foo # - A path : /foo

11
utils/test/test-parser-simple-tests.py
View File

@@ -87,6 +87,8 @@ exception_not_raised = (
'mount/bad_opt_31.sd', 'mount/bad_opt_31.sd',
'mount/bad_1.sd', 'mount/bad_1.sd',
'mount/bad_2.sd', 'mount/bad_2.sd',
'mount/bad_3.sd',
'mount/bad_4.sd',
'profile/flags/flags_bad10.sd', 'profile/flags/flags_bad10.sd',
'profile/flags/flags_bad11.sd', 'profile/flags/flags_bad11.sd',
@@ -305,15 +307,6 @@ unknown_line = (
'bare_include_tests/ok_85.sd', 'bare_include_tests/ok_85.sd',
'bare_include_tests/ok_86.sd', 'bare_include_tests/ok_86.sd',
# According to spec mount should be in the form fstype=... options=... and NOT in the form options=... fstype=...
'mount/ok_opt_combo_3.sd',
'mount/ok_opt_combo_2.sd',
'mount/ok_opt_combo_1.sd',
'mount/ok_opt_combo_4.sd',
# Options should be comma separated
'mount/in_4.sd', # also order option then fstype is invalid
# Unsupported \\" in unix AARE # Unsupported \\" in unix AARE
'unix/ok_regex_03.sd', 'unix/ok_regex_03.sd',
'unix/ok_regex_09.sd', 'unix/ok_regex_09.sd',