From db00c37351bd68e9a1e5f920f01c57189e12b28f Mon Sep 17 00:00:00 2001 From: Steve Beattie Date: Mon, 25 Jan 2016 22:54:53 -0800 Subject: [PATCH] utils: handle versioned ruby interpreters On Debian and Ubuntu it's possible to have multiple ruby interpreters installed, and the default to use is handled by the ruby-defaults package, which includes a symlink from /usr/bin/ruby to the versioned ruby interpreter. This patch makes aa.py:get_interpreter_and_abstraction() take that into account by using a regex to match possible versions of ruby. Testcases are included. (I noticed this lack of support because on Ubuntu the ruby test was failing because get_interpreter_and_abstraction() would get the complete path, which on my 16.04 laptop would get /usr/bin/ruby2.2.) Signed-off-by: Steve Beattie Acked-by: Seth Arnold --- utils/apparmor/aa.py | 2 +- utils/test/test-aa.py | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py index 1323d158f..c78de1867 100644 --- a/utils/apparmor/aa.py +++ b/utils/apparmor/aa.py @@ -435,7 +435,7 @@ def get_interpreter_and_abstraction(exec_target): abstraction = 'abstractions/perl' elif re.search('^python([23]|[23]\.[0-9]+)?$', interpreter): abstraction = 'abstractions/python' - elif interpreter == 'ruby': + elif re.search('^ruby([0-9]+(\.[0-9]+)*)?$', interpreter): abstraction = 'abstractions/ruby' else: abstraction = None diff --git a/utils/test/test-aa.py b/utils/test/test-aa.py index b5e662b4c..298cf32ac 100644 --- a/utils/test/test-aa.py +++ b/utils/test/test-aa.py @@ -115,6 +115,8 @@ class AaTest_get_interpreter_and_abstraction(AATest): ('#!/usr/bin/python3', ('/usr/bin/python3', 'abstractions/python')), ('#!/usr/bin/python4', ('/usr/bin/python4', None)), # python abstraction is only applied to py2 and py3 ('#!/usr/bin/ruby', ('/usr/bin/ruby', 'abstractions/ruby')), + ('#!/usr/bin/ruby2.2', ('/usr/bin/ruby2.2', 'abstractions/ruby')), + ('#!/usr/bin/ruby1.9.1', ('/usr/bin/ruby1.9.1', 'abstractions/ruby')), ('#!/usr/bin/foobarbaz', ('/usr/bin/foobarbaz', None)), # we don't have an abstraction for "foobarbaz" ('foo', (None, None)), # no hashbang - not a script ]