mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 10:07:12 +00:00
Code Issues Releases Wiki Activity

Fix pivot_root to support named transitions correctly

Browse Source 
Rename the pivotroot rule to pivot_root to match the command and the fn
and fix it to support named transition correctly leveraging the parsing
action used for exec transitions.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
This commit is contained in:
John Johansen 2012-03-15 12:14:15 -07:00
parent feeea88a58
commit d6dc04d737
2 changed files with 23 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
parser/parser_misc.c
View File

@ -83,7 +83,7 @@ static struct keyword_table keyword_table[] = {
{"remount", TOK_REMOUNT}, {"remount", TOK_REMOUNT},
{"umount", TOK_UMOUNT}, {"umount", TOK_UMOUNT},
{"unmount", TOK_UMOUNT}, {"unmount", TOK_UMOUNT},
{"pivotroot", TOK_PIVOTROOT}, {"pivot_root", TOK_PIVOTROOT},
/* terminate */ /* terminate */
{NULL, 0} {NULL, 0}
}; };

33
parser/parser_yacc.y
View File

@ -1112,14 +1112,23 @@ mnt_rule: TOK_UMOUNT opt_conds opt_id TOK_END_OF_RULE
$$ = do_mnt_rule($2, NULL, NULL, $3, AA_MAY_UMOUNT); $$ = do_mnt_rule($2, NULL, NULL, $3, AA_MAY_UMOUNT);
} }
mnt_rule: TOK_PIVOTROOT opt_conds opt_id TOK_END_OF_RULE mnt_rule: TOK_PIVOTROOT opt_conds opt_id opt_named_transition TOK_END_OF_RULE
{ {
$$ = do_pivot_rule($2, $3, NULL); char *name = NULL;
} if ($4.present && $4.namespace) {
name = malloc(strlen($4.namespace) +
strlen($4.name) + 3);
if (!name) {
PERROR("Memory allocation error\n");
exit(1);
}
sprintf(name, ":%s:%s", $4.namespace, $4.name);
free($4.namespace);
free($4.name);
} else if ($4.present)
name = $4.name;
mnt_rule: TOK_PIVOTROOT opt_conds opt_id TOK_ARROW TOK_ID TOK_END_OF_RULE $$ = do_pivot_rule($2, $3, name);
{
$$ = do_pivot_rule($2, $3, $5);
} }
hat_start: TOK_CARET {} hat_start: TOK_CARET {}
@ -1311,18 +1320,20 @@ struct mnt_entry *do_pivot_rule(struct cond_entry *old, char *root,
char *transition) char *transition)
{ {
struct mnt_entry *ent = NULL; struct mnt_entry *ent = NULL;
char *device = NULL;
if (old) { if (old) {
if (strcmp(old->name, "oldroot") != 0) if (strcmp(old->name, "oldroot") != 0)
yyerror(_("invalid pivotroot conditional '%s'"), old->name); yyerror(_("invalid pivotroot conditional '%s'"), old->name);
if (old->vals) {
device = old->vals->value;
old->vals->value = NULL;
}
free_cond_entry(old);
} }
ent = new_mnt_entry(NULL, old->vals->value, NULL, root, ent = new_mnt_entry(NULL, device, NULL, root,
AA_MAY_PIVOTROOT); AA_MAY_PIVOTROOT);
ent->trans = transition; ent->trans = transition;
old->vals->value = NULL;
free_cond_entry(old);
return ent; return ent;
} }