Re: [apparmor] [PATCH 8/8] Convert codomain to a class

Fri, 20 Sep 2013 13:52:23 -0700 

On Wed, Sep 11, 2013 at 01:47:47AM -0700, Tyler Hicks wrote:
> From: John Johansen <john.johan...@canonical.com>
> 
> Convert the codomain to a class, and the policy lists that store
> codomains to stl containers instead of glibc twalk.
> 
> Signed-off-by: John Johansen <john.johan...@canonical.com>
> [tyhicks: Merge with dbus changes and process_file_entries() cleanup]
> Signed-off-by: Tyler Hicks <tyhi...@canonical.com>

There's still a problem with this patch (even with the other fixes I
made to it), it's not loading profiles with multiple hats properly:

  $ cat /tmp/example_profile
  /tests/regression/apparmor/changehat {

    ^sub {
      /proc/*/attr/current w,
      /tmp/sdtest.1713-15650-z0Mlub/file2 rw,
    }

    ^sub2 {
      /proc/*/attr/current w,
      /tmp/sdtest.1713-15650-z0Mlub/file2 rw,
    }

    ^sub3 {
      /proc/*/attr/current w,
      /tmp/sdtest.1713-15650-z0Mlub/file2 rw,
    }
  }

  $ sudo ./apparmor_parser /tmp/example_profile

  $ sudo grep changehat /sys/kernel/security/apparmor/profiles
  /tests/regression/apparmor/changehat (enforce)
  /tests/regression/apparmor/changehat//sub (enforce)

Rebuilding the parser with debugging enabled for just parser_interface.c
(via 'make clean all && rm parser_interface.o && make parser_interface.o && 
make')
gives the following output when loading the profile:

  $ sudo ./apparmor_parser /tmp/example_profile
  parser: Serializing policy for /tests/regression/apparmor/changehat.
  parser: Writing name 'version'
  parser: Writing name 'profile'
  parser: Writing name '(null)'
  parser: Writing name 'flags'
  parser: Writing name 'caps64'
  parser: Writing name 'aadfa'
  parser: Serializing policy for sub.
  parser: Writing name 'version'
  parser: Writing name 'profile'
  parser: Writing name '(null)'
  parser: Writing name 'flags'
  parser: Writing name 'caps64'
  parser: Writing name 'aadfa'

I'm not sure why it's only picking out the first of the hats.

-- 
Steve Beattie
<sbeat...@ubuntu.com>
http://NxNW.org/~steve/

Attachment: signature.asc
Description: Digital signature

-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Reply via email to