From d223751de0c1251a851bfdcdcc131ffe647f6d59 Mon Sep 17 00:00:00 2001
From: Christian Boltz <apparmor@cboltz.de>
Date: Wed, 4 Jun 2025 19:32:25 +0200
Subject: [PATCH] simplify mount_condition_pattern

The whole pattern already has `(...)*`, therefore there's no need to
make option_pattern optional.

Before this change, mount_condition_pattern could have matched
- on empty strings (it still can, thanks to the trailing `*` which can
  also mean "zero matches") or
- whitespace-only strings (which is covered by the two regexes using
  mount_condition_pattern - they both have `\s*` and/or `\s+` around it)
---
 utils/apparmor/rule/mount.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utils/apparmor/rule/mount.py b/utils/apparmor/rule/mount.py
index f5d813c7f..9017ce730 100644
--- a/utils/apparmor/rule/mount.py
+++ b/utils/apparmor/rule/mount.py
@@ -58,7 +58,7 @@ option_pattern = r'\s*(\boption(s?)\b\s*(?P<options_equals_or_in>=|in)\s*'\
 
 # allow any order of fstype and options
 # Note: also matches if multiple fstype= or options= are given to keep the regex simpler
-mount_condition_pattern = rf'({fs_type_pattern}\s*|{option_pattern}?\s*)*'
+mount_condition_pattern = rf'({fs_type_pattern}\s*|{option_pattern}\s*)*'
 
 # Source can either be
 # - A path          : /foo