mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 01:57:43 +00:00
Code Issues Releases Wiki Activity

parser: fix failures due to -M only setting compile-features

Browse Source 
Split the features file into compile features and kernel features
which is needed for policy versioning and the new caching scheme.

A new flag --kernel-features was added to set the kernel features but
unfortunately -M, --features-file was setup to only specify the
compile features, when it used to effectively specify both the
compile and kernel features.

This broke existing uses of -M.

Fix this by having -M specify both the compile and kernel features,
and a new flag --compile-features that can be used to specify the
compile fature set separate from the kernel feature set.

sbeattie> fixed up error message to refer to compile features when
--compile-features argument fails.

Fixes: 9e48a5da5e10 ("parser: split kernel features from compile features.")
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>

PR: https://gitlab.com/apparmor/apparmor/merge_requests/104
This commit is contained in:
John Johansen 2018-04-20 17:27:47 -07:00 committed by Steve Beattie
parent b08b327922
commit e83fa67edf
No known key found for this signature in database
GPG Key ID: 2F099E8D005E81F4
1 changed files with 20 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
parser/parser_main.c
View File

@ -129,6 +129,7 @@ struct option long_options[] = {
{"ofile", 1, 0, 'o'},
{"match-string", 1, 0, 'm'},
{"features-file", 1, 0, 'M'},
{"compile-features", 1, 0, 139}, /* no short option */
{"kernel-features", 1, 0, 138}, /* no short option */
{"quiet", 0, 0, 'q'},
{"skip-kernel-load", 0, 0, 'Q'},
@ -185,7 +186,8 @@ static void display_usage(const char *command)
"-I n, --Include n Add n to the search path\n"
"-f n, --subdomainfs n Set location of apparmor filesystem\n"
"-m n, --match-string n Use only features n\n"
"-M n, --features-file n Compile features set in file n\n"
"-M n, --features-file n Set compile & kernel features to file n\n"
"--compile-features n Compile features set in file n\n"
"--kernel-features n Kernel features set in file n\n"
"-n n, --namespace n Set Namespace for the profile\n"
"-X, --readimpliesX Map profile read permissions to mr\n"
@ -510,14 +512,21 @@ static int process_arg(int c, char *optarg)
}
break;
case 'M':
if (compile_features)
aa_features_unref(compile_features);
if (kernel_features)
aa_features_unref(kernel_features);
if (aa_features_new(&compile_features, AT_FDCWD, optarg)) {
fprintf(stderr,
"Failed to load features from '%s': %m\n",
optarg);
exit(1);
}
kernel_features = aa_features_ref(compile_features);
break;
case 138:
if (kernel_features)
aa_features_unref(kernel_features);
if (aa_features_new(&kernel_features, AT_FDCWD, optarg)) {
fprintf(stderr,
"Failed to load kernel features from '%s': %m\n",
@ -525,6 +534,16 @@ static int process_arg(int c, char *optarg)
exit(1);
}
break;
case 139:
if (compile_features)
aa_features_unref(compile_features);
if (aa_features_new(&compile_features, AT_FDCWD, optarg)) {
fprintf(stderr,
"Failed to load compile features from '%s': %m\n",
optarg);
exit(1);
}
break;
case 'q':
conf_verbose = 0;
conf_quiet = 1;