mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-04 00:05:14 +00:00
Code Issues Releases Wiki Activity

parse_profile_start(): Error out on nested child profiles

Browse Source 
The tools can't handle nested child profiles yet. Instead of failing
in funny[tm] ways (parse_profile_start() only returned the first two
segments of the profile name) better error out with a clear message.
This commit is contained in:
Christian Boltz
2018-06-20 14:36:28 +02:00
parent 288ae9049a
commit 8462c39b14
2 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
utils/apparmor/aa.py
View File

@@ -2145,8 +2145,10 @@ def parse_profile_start(line, file, lineno, profile, hat):
else: # stand-alone profile else: # stand-alone profile
profile = matches['profile'] profile = matches['profile']
if len(profile.split('//')) >= 2: if len(profile.split('//')) > 2:
profile, hat = profile.split('//')[:2] raise AppArmorException("Nested child profiles ('%(profile)s', found in %(file)s) are not supported by the AppArmor tools yet." % {'profile': profile, 'file': file})
elif len(profile.split('//')) == 2:
profile, hat = profile.split('//')
pps_set_hat_external = True pps_set_hat_external = True
else: else:
hat = profile hat = profile

3
utils/test/test-aa.py
View File

@@ -544,6 +544,9 @@ class AaTest_parse_profile_start(AATest):
expected = ('/foo', '/foo', None, 'complain', False, False, False) expected = ('/foo', '/foo', None, 'complain', False, False, False)
self.assertEqual(result, expected) self.assertEqual(result, expected)
def test_parse_profile_start_unsupported_01(self):
with self.assertRaises(AppArmorException):
self._parse('/foo///bar///baz {', None, None) # XXX deeply nested external hat
def test_parse_profile_start_invalid_01(self): def test_parse_profile_start_invalid_01(self):
with self.assertRaises(AppArmorException): with self.assertRaises(AppArmorException):