mirror of
https://gitlab.com/apparmor/apparmor
synced 2025-08-30 13:58:22 +00:00
Regression testsuite: move the generation of the rules that grant
write access to /proc/*/attr/current to mkprofile.pl from prologue.inc. Signed-Off-By: Steve Beattie <sbeattie@ubuntu.com> Acked-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
@@ -32,7 +32,7 @@ sub usage {
|
|||||||
print STDERR " help: print this message\n";
|
print STDERR " help: print this message\n";
|
||||||
}
|
}
|
||||||
|
|
||||||
&usage && exit 0 if ($help || @ARGV < 1);
|
&usage && exit 0 if ($help || @ARGV < 1);
|
||||||
|
|
||||||
sub emit_netdomain {
|
sub emit_netdomain {
|
||||||
my $rule = shift;
|
my $rule = shift;
|
||||||
@@ -95,13 +95,17 @@ sub emit_hat {
|
|||||||
(!$nowarn) && print STDERR "Warning: invalid hat description '$rule', ignored\n";
|
(!$nowarn) && print STDERR "Warning: invalid hat description '$rule', ignored\n";
|
||||||
} else {
|
} else {
|
||||||
$hat = $rules[1];
|
$hat = $rules[1];
|
||||||
$output_rules{$hat} = ( );
|
# give every profile/hat access to change_hat
|
||||||
|
@{$output_rules{$hat}} = ( " /proc/*/attr/current w,\n",);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
my $bin = shift @ARGV;
|
my $bin = shift @ARGV;
|
||||||
!(-e $bin || $nowarn) && print STDERR "Warning: execname '$bin': no such file or directory\n";
|
!(-e $bin || $nowarn) && print STDERR "Warning: execname '$bin': no such file or directory\n";
|
||||||
|
|
||||||
|
# give every profile/hat access to change_hat
|
||||||
|
emit_file("/proc/*/attr/current:w");
|
||||||
|
|
||||||
for my $rule (@ARGV) {
|
for my $rule (@ARGV) {
|
||||||
#($fn, @rules) = split (/:/, $rule);
|
#($fn, @rules) = split (/:/, $rule);
|
||||||
if ($rule =~ /^(tcp|udp)/) {
|
if ($rule =~ /^(tcp|udp)/) {
|
||||||
|
@@ -433,9 +433,7 @@ fi
|
|||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
#give every profile/hat access to change_hat
|
num_args=0
|
||||||
args[0]="/proc/*/attr/current:w"
|
|
||||||
num_args=1
|
|
||||||
while [ $# -gt 0 ]
|
while [ $# -gt 0 ]
|
||||||
do
|
do
|
||||||
arg="$1"
|
arg="$1"
|
||||||
@@ -447,15 +445,8 @@ fi
|
|||||||
eval emit_profile \"$imagename\" \"$imageperm\" \
|
eval emit_profile \"$imagename\" \"$imageperm\" \
|
||||||
$(for i in $(seq 0 $((${num_args} - 1))) ; do echo \"\${args[${i}]}\" ; done)
|
$(for i in $(seq 0 $((${num_args} - 1))) ; do echo \"\${args[${i}]}\" ; done)
|
||||||
num_emitted=$((num_emitted + 1))
|
num_emitted=$((num_emitted + 1))
|
||||||
#give every profile/hat access to change_hat
|
num_args=0
|
||||||
args[0]="/proc/*/attr/current:w"
|
|
||||||
num_args=1
|
|
||||||
continue 2
|
continue 2
|
||||||
elif [ ${arg:0:4} == "hat:" ] ; then
|
|
||||||
args[${num_args}]=${arg}
|
|
||||||
num_args=$(($num_args + 1))
|
|
||||||
args[${num_args}]="/proc/*/attr/current:w"
|
|
||||||
num_args=$(($num_args + 1))
|
|
||||||
else
|
else
|
||||||
args[${num_args}]=${arg}
|
args[${num_args}]=${arg}
|
||||||
num_args=$(($num_args + 1))
|
num_args=$(($num_args + 1))
|
||||||
|
Reference in New Issue
Block a user