mirror of
https://gitlab.com/apparmor/apparmor
synced 2025-08-31 06:16:03 +00:00
parser: fix failures due to -M only setting compile-features
Split the features file into compile features and kernel features
which is needed for policy versioning and the new caching scheme.
A new flag --kernel-features was added to set the kernel features but
unfortunately -M, --features-file was setup to only specify the
compile features, when it used to effectively specify both the
compile and kernel features.
This broke existing uses of -M.
Fix this by having -M specify both the compile and kernel features,
and a new flag --compile-features that can be used to specify the
compile fature set separate from the kernel feature set.
sbeattie> fixed up error message to refer to compile features when
--compile-features argument fails.
Fixes: 9e48a5da5e ("parser: split kernel features from compile features.")
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
PR: https://gitlab.com/apparmor/apparmor/merge_requests/104
This commit is contained in:
John Johansen
committed by
Steve Beattie
Steve Beattie
parent
b08b327922
commit
e83fa67edf
@@ -129,6 +129,7 @@ struct option long_options[] = {
|
||||
{"ofile", 1, 0, 'o'},
|
||||
{"match-string", 1, 0, 'm'},
|
||||
{"features-file", 1, 0, 'M'},
|
||||
{"compile-features", 1, 0, 139}, /* no short option */
|
||||
{"kernel-features", 1, 0, 138}, /* no short option */
|
||||
{"quiet", 0, 0, 'q'},
|
||||
{"skip-kernel-load", 0, 0, 'Q'},
|
||||
@@ -185,7 +186,8 @@ static void display_usage(const char *command)
|
||||
"-I n, --Include n Add n to the search path\n"
|
||||
"-f n, --subdomainfs n Set location of apparmor filesystem\n"
|
||||
"-m n, --match-string n Use only features n\n"
|
||||
"-M n, --features-file n Compile features set in file n\n"
|
||||
"-M n, --features-file n Set compile & kernel features to file n\n"
|
||||
"--compile-features n Compile features set in file n\n"
|
||||
"--kernel-features n Kernel features set in file n\n"
|
||||
"-n n, --namespace n Set Namespace for the profile\n"
|
||||
"-X, --readimpliesX Map profile read permissions to mr\n"
|
||||
@@ -510,14 +512,21 @@ static int process_arg(int c, char *optarg)
|
||||
}
|
||||
break;
|
||||
case 'M':
|
||||
if (compile_features)
|
||||
aa_features_unref(compile_features);
|
||||
if (kernel_features)
|
||||
aa_features_unref(kernel_features);
|
||||
if (aa_features_new(&compile_features, AT_FDCWD, optarg)) {
|
||||
fprintf(stderr,
|
||||
"Failed to load features from '%s': %m\n",
|
||||
optarg);
|
||||
exit(1);
|
||||
}
|
||||
kernel_features = aa_features_ref(compile_features);
|
||||
break;
|
||||
case 138:
|
||||
if (kernel_features)
|
||||
aa_features_unref(kernel_features);
|
||||
if (aa_features_new(&kernel_features, AT_FDCWD, optarg)) {
|
||||
fprintf(stderr,
|
||||
"Failed to load kernel features from '%s': %m\n",
|
||||
@@ -525,6 +534,16 @@ static int process_arg(int c, char *optarg)
|
||||
exit(1);
|
||||
}
|
||||
break;
|
||||
case 139:
|
||||
if (compile_features)
|
||||
aa_features_unref(compile_features);
|
||||
if (aa_features_new(&compile_features, AT_FDCWD, optarg)) {
|
||||
fprintf(stderr,
|
||||
"Failed to load compile features from '%s': %m\n",
|
||||
optarg);
|
||||
exit(1);
|
||||
}
|
||||
break;
|
||||
case 'q':
|
||||
conf_verbose = 0;
|
||||
conf_quiet = 1;
|
||||
|
||||
Reference in New Issue
Block a user