2
0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-29 13:28:19 +00:00

Drop is_skippable_dir()

Since loadincludes() now only loads a specified list of subdirectories,
we no longer need a directory blacklist.

The only possibly remaining part are .git subdirectories (for example
tunables/.git or abstractions/.git). Since it's very unlikely that
someone would have only a subdirectory of /etc/apparmor.d/ in git, drop
that check.
This commit is contained in:
Christian Boltz 2021-02-22 22:42:03 +01:00
parent bb5ca91e7e
commit d0693b09b5
No known key found for this signature in database
GPG Key ID: C6A682EA63C82F1C
2 changed files with 1 additions and 40 deletions

View File

@ -1672,11 +1672,6 @@ def collapse_log(hashlog, ignore_null_profiles=True):
return log_dict
def is_skippable_dir(path):
if re.search('^(.*/)?(disable|cache|cache\.d|force-complain|lxc|abi|\.git)/?$', path):
return True
return False
def read_profiles(ui_msg=False):
# we'll read all profiles from disk, so reset the storage first (autodep() might have created/stored
# a profile already, which would cause a 'Conflicting profile' error in attach_profile_data())
@ -2488,8 +2483,6 @@ def loadincludes_dir(subdir):
if os.path.isdir(idir): # if directory doesn't exist, silently skip loading it
for dirpath, dirname, files in os.walk(idir):
if is_skippable_dir(dirpath):
continue
for fi in files:
if is_skippable_file(fi):
continue

View File

@ -19,7 +19,7 @@ import sys
import apparmor.aa # needed to set global vars in some tests
from apparmor.aa import (check_for_apparmor, get_output, get_reqs, get_interpreter_and_abstraction, create_new_profile,
get_profile_flags, change_profile_flags, set_options_audit_mode, set_options_owner_mode, is_skippable_file, is_skippable_dir,
get_profile_flags, change_profile_flags, set_options_audit_mode, set_options_owner_mode, is_skippable_file,
parse_profile_start, parse_profile_start_to_storage, parse_profile_data, write_header,
get_file_perms, propose_file_rules)
from apparmor.aare import AARE
@ -473,38 +473,6 @@ class AaTest_is_skippable_file(AATest):
self.assertTrue(is_skippable_file('README'))
class AaTest_is_skippable_dir(AATest):
tests = [
('disable', True),
('cache', True),
('lxc', True),
('force-complain', True),
('/etc/apparmor.d/cache', True),
('/etc/apparmor.d/cache.d', True),
('/etc/apparmor.d/cache.d/', True),
('/etc/apparmor.d/lxc/', True),
('/etc/apparmor.d/.git/', True),
('dont_disable', False),
('/etc/apparmor.d/cache_foo', False),
('abstractions', False),
('apache2.d', False),
('/etc/apparmor.d/apache2.d', False),
('local', False),
('/etc/apparmor.d/local/', False),
('tunables', False),
('/etc/apparmor.d/tunables', False),
('/etc/apparmor.d/tunables/multiarch.d', False),
('/etc/apparmor.d/tunables/xdg-user-dirs.d', False),
('/etc/apparmor.d/tunables/home.d', False),
('/etc/apparmor.d/abstractions', False),
('/etc/apparmor.d/abstractions/ubuntu-browsers.d', False),
('/etc/apparmor.d/abstractions/apparmor_api', False),
]
def _run_test(self, params, expected):
self.assertEqual(is_skippable_dir(params), expected)
class AaTest_parse_profile_start(AATest):
tests = [
# profile start line profile hat profile hat attachment xattrs flags pps_set_profile, pps_set_hat_external