diff --git a/utils/apparmor/rule/unix.py b/utils/apparmor/rule/unix.py index ae8f978ee..8be505995 100644 --- a/utils/apparmor/rule/unix.py +++ b/utils/apparmor/rule/unix.py @@ -133,7 +133,7 @@ class UnixRule(BaseRule): rule_conds = print_dict_values(self.rule_conds, self.ALL) local_expr = print_dict_values(self.local_expr, self.ALL) peer_expr = print_dict_values(self.peer_expr, self.ALL, 'peer') - return f'{space}unix{self.modifiers_str()}{accesses}{rule_conds}{local_expr}{peer_expr},{self.comment}' + return f'{space}{self.modifiers_str()}unix{accesses}{rule_conds}{local_expr}{peer_expr},{self.comment}' def _is_covered_localvars(self, other_rule): if not self._is_covered_list(self.accesses, self.all_accesses, other_rule.accesses, other_rule.all_accesses, 'accesses'): diff --git a/utils/test/test-unix.py b/utils/test/test-unix.py index 15614466a..104abc1da 100644 --- a/utils/test/test-unix.py +++ b/utils/test/test-unix.py @@ -166,6 +166,11 @@ class UnixTestGlob(AATest): class UnixTestClean(AATest): tests = ( + (' audit unix , # foo ', 'audit unix, # foo'), + (' audit deny unix label = foo , ', 'audit deny unix label=foo,'), + (' audit allow unix peer = (addr = a) , # foo ', 'audit allow unix peer=(addr=a), # foo'), + (' deny unix type = foo , ', 'deny unix type=foo,'), + (' allow unix peer = (label=bb) , # foo ', 'allow unix peer=(label=bb), # foo'), (' unix , # foo ', 'unix, # foo'), (' unix addr = foo , ', 'unix addr=foo,'), (' unix ( accept , rw) protocol = AA type = BB opt = myopt label = bb peer = (addr = a label = bb ) , ', 'unix (accept, rw) type=BB protocol=AA label=bb opt=myopt peer=(addr=a label=bb),'),