mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-30 13:58:22 +00:00
Code Issues Releases Wiki Activity

Merge mount: accept fstype and options in any order

Browse Source 
Note: If multiple fstype= or options= are given, this is not detected as
an error (to keep the regex simpler). When writing back such a rule,
only one fstype and options will "survive".

Adjust the exclude list in test-parser-simple-tests.py accordingly:
- several valid mount rules no longer fail
- two invalid mount rules which so far accidentally raised an exception
  because of the fstype/options order no longer raise this exception
  (conflicting mount options, which are the real reason why these rules
  are invalid, are not detected in the tools)

Fixes: https://gitlab.com/apparmor/apparmor/-/issues/501

I propose this fix for 4.0, 4.1 and master. (Note: excluding `mount/ok_opt_86.sd` was added in !1561, so we either need to also backport this, or have to slightly adjust this MR for backporting.)

Closes #501
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1616
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>
This commit is contained in:
John Johansen
2025-04-06 06:56:22 +00:00
parent 46a6c3b061 7726c86b79
commit 37666dd736
2 changed files with 6 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
utils/apparmor/rule/mount.py
View File

@@ -54,7 +54,10 @@ option_pattern = r'\s*(\boption(s?)\b\s*(?P<options_equals_or_in>=|in)\s*'\
r'(?P<options>\(\s*(' + join_valid_flags + r')(' + sep + r'(' + join_valid_flags + r'))*\s*\)|' \
r'(\s*' + join_valid_flags + r')'\
r'))?'
mount_condition_pattern = rf'({fs_type_pattern})?\s*({option_pattern})?'
# allow any order of fstype and options
# Note: also matches if multiple fstype= or options= are given to keep the regex simpler
mount_condition_pattern = rf'({fs_type_pattern}\s*|{option_pattern}\s*)*'
# Source can either be
# - A path : /foo

14
utils/test/test-parser-simple-tests.py
View File

@@ -87,6 +87,8 @@ exception_not_raised = (
'mount/bad_opt_31.sd',
'mount/bad_1.sd',
'mount/bad_2.sd',
'mount/bad_3.sd',
'mount/bad_4.sd',
'profile/flags/flags_bad10.sd',
'profile/flags/flags_bad11.sd',
@@ -315,15 +317,6 @@ unknown_line = (
'bare_include_tests/ok_85.sd',
'bare_include_tests/ok_86.sd',
# According to spec mount should be in the form fstype=... options=... and NOT in the form options=... fstype=...
'mount/ok_opt_combo_3.sd',
'mount/ok_opt_combo_2.sd',
'mount/ok_opt_combo_1.sd',
'mount/ok_opt_combo_4.sd',
# Options should be comma separated
'mount/in_4.sd', # also order option then fstype is invalid
# Unsupported \\" in unix AARE
'unix/ok_regex_03.sd',
'unix/ok_regex_09.sd',
@@ -441,9 +434,6 @@ syntax_failure = (
'network/network_ok_17.sd',
'network/network_ok_45.sd',
'network/network_ok_46.sd',
# detached mount
'mount/ok_opt_86.sd',
)