[apparmor] [patch] [29/38] let _is_covered_aare() check against the AARE instead of the (str) regex
Steve Beattie
steve at nxnw.org
Mon Sep 26 21:59:09 UTC 2016
On Fri, Aug 12, 2016 at 11:03:33PM +0200, Christian Boltz wrote:
> This is the correct way of doing AARE matches. However, this check is
> more strict when matching against an AARE containing wildcards etc.
> (which can "by luck" match when doing str matching)
>
> To avoid breaking DbusRule, PtraceRule and SignalRule (especially their
> tests), introduce _is_covered_aare_compat() which keeps the previous
> behaviour of doing str matching, and use it in these classes.
>
> On the long term, _is_covered_aare_compat() needs to go away, but doing
> the changes needed in DbusRule, PtraceRule and SignalRule (or ideally
> just in AARE) are out of scope for the FileRule patch series.
(Refactorings or other cleanups that occur because adding a rule type
exposes issues with other types of rules are certainly what I would
consider in scope for a patch series.)
> [ 29-aare-covered-regex.diff ]
Acked-by: Steve Beattie <steve at nxnw.org>. Thanks!
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160926/4dd41337/attachment.pgp>
More information about the AppArmor
mailing list