2
0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 06:16:03 +00:00

A quick hack that will test if the running kernel supports PCRE or not, and bail out with a more informative error message if the policy being loaded requires additional kernel support

This commit is contained in:
Seth Arnold
2006-04-18 17:15:05 +00:00
parent b04af48255
commit eb6ca6797b
3 changed files with 110 additions and 2 deletions

View File

@@ -117,6 +117,56 @@ int merge_hat_rules(struct codomain *cod)
return 0;
}
int die_if_any_regex(void);
static int die_if_any_hat_regex(struct codomain *cod);
static int any_regex_entries(struct cod_entry *entry_list);
/* only call if regex is not allowed */
static void __any_regex(const void *nodep, const VISIT value,
const int __unused depth)
{
struct codomain **t = (struct codomain **) nodep;
if (value == preorder || value == endorder)
return;
if (any_regex_entries(*t)) {
PERROR(_("ERROR profile %s contains policy elements not usable with this kernel:\n"
"\t'*', '?', character ranges, and alternations are not allowed.\n"
"\t'**' may only be used at the end of a rule.\n"),
(*t)->name);
exit(1);
}
die_if_any_hat_regex(*t);
}
/* only call if regex is not allowed */
int die_if_any_regex(void)
{
twalk(policy_list, __any_regex);
return 0;
}
/* only call if regex is not allowed */
static int die_if_any_hat_regex(struct codomain *cod)
{
twalk(cod->hat_table, __any_regex);
return 0;
}
static int any_regex_entries(struct cod_entry *entry_list)
{
struct cod_entry *entry;
for (entry = entry_list; entry; entry = entry->next) {
if (entry->pattern_type == ePatternRegex)
return TRUE;
}
return FALSE;
}
static void __process_regex(const void *nodep, const VISIT value,
const int __unused depth)
{