mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 06:16:03 +00:00
Code Issues Releases Wiki Activity

Check for mount rules with multiple 'fstype'

Browse Source 
... and adjust the tools to raise an exception if such a rule is found.
While this is not nice, it's better than the previous behaviour where
only the last 'fstype' was kept, and the others were lost when writing
the rule.
This commit is contained in:
Christian Boltz
2025-04-06 14:33:56 +02:00
parent 171e0b1fa9
commit b5894687ed
4 changed files with 36 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
utils/test/test-mount.py
View File

@@ -103,6 +103,14 @@ class MountTestParseInvalid(AATest):
('mount options in (ro) fstype=ext4 options in (rw) -> /destination,', AppArmorException),
('mount options = (ro) options in (rw) fstype=ext4 -> /destination,', AppArmorException),
('mount options = (ro) fstype=ext4 options in (rw) -> /destination,', AppArmorException),
# mount rules with multiple 'fstype' are not supported by the tools yet, and when writing them, only the last 'fstype' would survive. Therefore MountRule intentionally raises an exception when parsing such a rule.
('mount options=(ro) fstype=ext3 fstype=ext4 -> /destination,', AppArmorException),
('mount fstype=ext3 options=(ro) fstype=ext4 -> /destination,', AppArmorException),
('mount options=(ro) fstype in (ext3) fstype in (ext4) -> /destination,', AppArmorException),
('mount fstype in (ext3) options=(ro) fstype in (ext4) -> /destination,', AppArmorException),
('mount options=(ro) fstype in (ext3) fstype=(ext4) -> /destination,', AppArmorException),
('mount fstype in (ext3) options=(ro) fstype=ext4 -> /destination,', AppArmorException),
)
def _run_test(self, rawrule, expected):