mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 14:25:52 +00:00
Code Issues Releases Wiki Activity

parser: fix cap list check

Browse Source 
Merge branch 'parser-fix_cap_list_check' into 'master'

The sed command to manipulate the known cap list (`base_cap_names.h`) into
a format to match the generated_cap_names.h was buggy because the
trailing `}` would never match anything, leading to failures when built
against 5.8 kernel headers, due to it not raplcing the base capabilities
correctly.
    
Fix this by removing the trailing `}` match and instead match the third
comma-delimited field that matches a capability name, and replace that.

See merge request apparmor/apparmor!596
This commit is contained in:
Steve Beattie
2020-08-27 04:26:56 +00:00
parent 9ef98e89e4 a7fc8bb500
commit 4d802d6835
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
parser/Makefile
View File

@@ -289,12 +289,12 @@ generated_cap_names.h: /usr/include/linux/capability.h
../common/list_capabilities.sh | LC_ALL=C sed -n -e "s/[ \\t]\\?CAP_\\([A-Z0-9_]\\+\\)/\{\"\\L\\1\", \\UCAP_\\1, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE\},\\n/pg" > $@
cap_names.h: generated_cap_names.h base_cap_names.h
@sed -e 's/CAP_[A-Z0-9_]\+}/NO_BACKMAP_CAP,/g' base_cap_names.h | diff -u - generated_cap_names.h | grep '^\+[^+]' ; \
@LC_ALL=C sed -e 's/\([^,]*,[^,]*,\) CAP_[A-Z0-9_]\+,/\1 NO_BACKMAP_CAP,/g' base_cap_names.h | diff -u - generated_cap_names.h | grep '^\+[^+]' ; \
if [ $$? -eq 1 ] ; then \
cp base_cap_names.h $@ ; \
else \
echo "Error: new capabilities detected please update base_cap_names.h with values from generated_cap_names.h" ; \
sed -e 's/CAP_[A-Z0-9_]\+}/NO_BACKMAP_CAP,/g' base_cap_names.h | diff -u - generated_cap_names.h ; \
LC_ALL=C sed -e 's/\([^,]*,[^,]*,\) CAP_[A-Z0-9_]\+,/\1 NO_BACKMAP_CAP,/g' base_cap_names.h | diff -u - generated_cap_names.h ; \
exit 1; \
fi