[apparmor] [patch] AppArmor.pm: add basic support for signal, unix, ptrace and dbus rules

Tyler Hicks tyhicks at canonical.com
Wed Oct 8 15:58:34 UTC 2014 

On 2014-10-07 20:19:15, Christian Boltz wrote:
> Hello,
> 
> YaST still uses AppArmor.pm, and now errors out when starting the 
> profile editor because it doesn't know about signal, unix, ptrace and 
> dbus rules.
> 
> This patch adds basic support for those rules to AppArmor.pm by adding 
> them to the "ignore those rules" regex.
> 
> Note: Rules covered by this regex are lost when writing the profile :-(
> I'll accept that as a known bug for now (and add a comment about it), 
> fixes are of course welcome ;-)
> 
> References:https://bugzilla.novell.com/show_bug.cgi?id=900013
> 
> 
> I also have to merge all multiline rules in the abstractions into one 
> line, but that has to stay an openSUSE-only patch.
> 
> 
> === modified file 'deprecated/utils/Immunix/AppArmor.pm'
> --- deprecated/utils/Immunix/AppArmor.pm        2014-08-02 10:46:15 +0000
> +++ deprecated/utils/Immunix/AppArmor.pm        2014-10-07 18:06:06 +0000
> @@ -5438,8 +5438,9 @@
>                    $initial_comment .= "$_\n";
>                  }
>              }
> -        } elsif (/^\s*(audit\s+)?(deny\s+)?(owner\s+)?(capability|dbus|file|mount|pivot_root|remount|umount)/) {
> +        } elsif (/^\s*(audit\s+)?(deny\s+)?(owner\s+)?(capability|dbus|file|mount|pivot_root|remount|umount|signal|unix|ptrace|dbus)/) {

dbus was already present in this conditional. There are now two matches
for dbus.

I see that you've already applied this patch to trunk so feel free to
commit a simple patch that removes the second dbus match and add my ack.

Tyler

>             # ignore valid rules that are currently unsupported by AppArmor.pm
> +            # BUG: when writing the profile, those rules are lost!
>          } else {
>             # we hit something we don't understand in a profile...
>             die sprintf(gettext('%s contains syntax errors. Line [%s]'), $file, $_) . "\n";
> 
> 
> Regards,
> 
> Christian Boltz
> -- 
> Das soll jetzt wirklich keine Arroganz sein, aber es macht keinen Sinn,
> das Haus abzureissen, weil du den Hausschlüssel vergessen hast. :-)
> [Ratti in suse-linux]
> 
> 
> -- 
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20141008/383a73af/attachment.pgp>

More information about the AppArmor mailing list