On Mon, Mar 26, 2012 at 10:22:31AM -0700, Steve Beattie wrote: > On Sat, Mar 24, 2012 at 12:24:39AM +0100, Christian Boltz wrote: > > + 'FILENAME': r'(\/|\@\{\S*\})\S*', # just a filename (taken > > from @@FILE@@) > > Given the above, it's probably better to make the relation explicit, > so that if the pattern needs to change at some point, you only need > to change it in one location: > > --- > utils/vim/create-apparmor.vim.py | 11 +++++++---- > 1 file changed, 7 insertions(+), 4 deletions(-) > > Index: b/utils/vim/create-apparmor.vim.py > =================================================================== > --- a/utils/vim/create-apparmor.vim.py > +++ b/utils/vim/create-apparmor.vim.py > @@ -28,6 +28,8 @@ aa_network_types=r'\s+tcp|\s+udp|\s+icmp > > > aa_flags=r'(complain|audit|attach_disconnect|no_attach_disconnected|chroot_attach|chroot_no_attach|chroot_relative|namespace_relative)' > > +filename=r'(\/|\@\{\S*\})\S*' > + > def cmd(command, input = None, stderr = subprocess.STDOUT, stdout = > subprocess.PIPE, stdin = None, timeout = None): > '''Try to execute given command (array) and return its stdout, or > return a textual error if it failed.''' > @@ -78,12 +80,13 @@ for af_pair in af_pairs: > # -> currently (2011-01-11) not, but might come back > > aa_regex_map = { > - 'FILE': > r'\v^\s*(audit\s+)?(deny\s+)?(owner\s+)?(\/|\@\{\S*\})\S*\s+', > - 'DENYFILE': > r'\v^\s*(audit\s+)?deny\s+(owner\s+)?(\/|\@\{\S*\})\S*\s+', > + 'FILENAME': filename, > + 'FILE': r'\v^\s*(audit\s+)?(deny\s+)?(owner\s+)?' + filename > '\s+', # Start of a file rule
err, without the syntax error and other thinko, obviously (missing the + after 'filename' and '\s+' should be a raw string r'\s+'): + 'FILE': r'\v^\s*(audit\s+)?(deny\s+)?(owner\s+)?' + filename + r'\s+', # Start of a file rule > + # (whitespace_+_, owner etc. flag_?_, filename > pattern, whitespace_+_) > + 'DENYFILE': r'\v^\s*(audit\s+)?deny\s+(owner\s+)?' + filename + > '\s+', # deny, otherwise like FILE .. and same r'\s+' replacement here. > 'auditdenyowner': r'(audit\s+)?(deny\s+)?(owner\s+)?', > 'auditdeny': r'(audit\s+)?(deny\s+)?', > - 'FILENAME': r'(\/|\@\{\S*\})\S*', > - 'EOL': r'\s*,(\s*$|(\s*#.*$)\@=)', > + 'EOL': r'\s*,(\s*$|(\s*#.*$)\@=)', # End of a line > (whitespace_?_, comma, whitespace_?_ comment.*) > 'TRANSITION': r'(\s+-\>\s+\S+)?', > 'sdKapKey': " ".join(benign_caps), > 'sdKapKeyDanger': " ".join(danger_caps), > > -- > Steve Beattie > <sbeat...@ubuntu.com> > http://NxNW.org/~steve/ > -- > AppArmor mailing list > AppArmor@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor -- Steve Beattie <sbeat...@ubuntu.com> http://NxNW.org/~steve/
signature.asc
Description: Digital signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor