Hello,
Am Freitag, 5. Dezember 2014 schrieb Tyler Hicks:
> To kick things off, a library friendly version of is_blacklisted() is
> moved into libapparmor.
>
> The purpose of a private libapparmor API is to prevent duplicated code
> between the parser and libapparmor. This becomes an issue as we
> prepare to move chunks of the parser into libapparmor.
I'm also looking forward to use this function in the tools :-)
(even if I'll probably wait some time to allow using latest tools
with an older libapparmor)
> diff --git a/libraries/libapparmor/src/private.c
> b/libraries/libapparmor/src/private.c new file mode 100644
> index 0000000..f6f40b5
> --- /dev/null
> +++ b/libraries/libapparmor/src/private.c
> +static struct ignored_suffix_t ignored_suffixes[] = {
> + /* Debian packging files, which are in flux during install
> + should be silently ignored. */
> + { ".dpkg-new", 9, 1 },
> + { ".dpkg-old", 9, 1 },
> + { ".dpkg-dist", 10, 1 },
> + { ".dpkg-bak", 9, 1 },
> + /* RPM packaging files have traditionally not been silently
> + ignored */
> + { ".rpmnew", 7, 0 },
> + { ".rpmsave", 8, 0 },
> + /* patch file backups/conflicts */
> + { ".orig", 5, 0 },
> + { ".rej", 4, 0 },
> + /* Backup files should be mentioned */
> + { "~", 1, 0 },
> + { NULL, 0, 0 }
> +};
> +
> +int _aa_is_blacklisted(const char *name, const char *path)
> +{
> + int name_len;
> + struct ignored_suffix_t *suffix;
> +
> + /* skip dot files and files with no name */
> + if (*name == '.' || !strlen(name))
> + return 1;
For comparison - this is what the tools use (from aa.py):
# rpm backup files, dotfiles, emacs backup files should not be processed
# The skippable files type needs be synced with apparmor initscript
def is_skippable_file(path):
"""Returns True if filename matches something to be skipped"""
if (re.search('(^|/)\.[^/]*$', path) or re.search('\.rpm(save|new)$', path)
or re.search('\.dpkg-(old|new)$', path) or re.search('\.swp$', path)
or path[-1] == '~' or path == 'README'):
return True
I see some differences here (for example *.dpkg-dist, *.dpkg-bak,
*.orig, *.rej) - ignoring those files makes sense, so I'll come up with
a patch for aa.py in the next days (which will also make the code a bit
more readable ;-)
Also note the "needs to be synced with apparmor initscript" comment -
it might be a good idea to add this comment also to the C code ;-)
Regards,
Christian Boltz
--
Microsoft is a cross between The Borg and the Ferengi. Unfortunately
they use Borg to do their marketing and Ferengi to do their programming.
[Simon Slavin in the SDM]
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
