Hello, Am Sonntag, 15. März 2015 schrieb Christian Boltz: > Am Sonntag, 15. März 2015 schrieb Christian Boltz: > > and finally... > > > > *drumroll* > > > > This patch implements attachment handling - aa-logprof now works > > with > > profiles that have an attachment defined, instead of ignoring > > audit.log entries for those profiles. > > > > > > > > Changes: > > - parse_profile_start_line(): remove workaround that merged the > > > > attachment into the profile name > > > > - parse_profile_data(): store attachment when parsing a profile > > - update test_parse_profile_start_03, > > test_serialize_parse_profile_start_03 and some > > parse_profile_start_line() tests - they now expect correct > > attachment > > handling > > > > > > > > Note: this patch is not fully covered by tests. > > I manually tested aa-logprof with some profiles with and without > > attachment, and it works for both. > > > > > > > > As usual, I propose this patch for trunk and 2.9 (I do that for all > > patches in this series, even if I forgot to mention it in some > > patches ;-) > > Here's v2 - the only change is an update to > test_set_flags_nochange_09() which I missed before.
After the whitespace changes in patch 20, this patch failed to apply. Here's v3 that adopts to the whitespace changes in test-regex_matches.py [ 22-handle-profiles-with-attachment.diff ] === modified file utils/apparmor/aa.py --- utils/apparmor/aa.py 2015-04-02 11:48:17.658643651 +0200 +++ utils/apparmor/aa.py 2015-04-02 11:48:38.750444605 +0200 @@ -2683,6 +2683,8 @@ # Starting line of a profile if RE_PROFILE_START.search(line): (profile, hat, attachment, flags, in_contained_hat, pps_set_profile, pps_set_hat_external) = parse_profile_start(line, file, lineno, profile, hat) + if attachment: + profile_data[profile][hat]['attachment'] = attachment if pps_set_profile: profile_data[profile][hat]['profile'] = True if pps_set_hat_external: === modified file utils/apparmor/regex.py --- utils/apparmor/regex.py 2015-04-02 11:43:19.788471155 +0200 +++ utils/apparmor/regex.py 2015-04-02 11:48:38.750444605 +0200 @@ -100,10 +100,6 @@ result['profile'] = result['namedprofile'] result['profile_keyword'] = True - if result['attachment']: - # XXX keep the broken behaviour until proper handling for attachment is implemented - result['profile'] = "%s %s" % (result['profile'], result['attachment']) - return result === modified file utils/test/test-aa.py --- utils/test/test-aa.py 2015-04-02 11:48:17.661643480 +0200 +++ utils/test/test-aa.py 2015-04-02 11:48:38.750444605 +0200 @@ -151,7 +151,7 @@ def test_set_flags_nochange_08(self): self._test_set_flags('profile /foo', 'flags=(complain)', 'complain') def test_set_flags_nochange_09(self): - self._test_set_flags('profile xy /foo', 'flags=(complain)', 'complain', profile_name='xy /foo') # XXX profile_name should be 'xy' + self._test_set_flags('profile xy /foo', 'flags=(complain)', 'complain', profile_name='xy') def test_set_flags_nochange_10(self): self._test_set_flags('profile "/foo bar"', 'flags=(complain)', 'complain', profile_name='/foo bar') #def test_set_flags_nochange_11(self): @@ -277,7 +277,7 @@ def test_parse_profile_start_03(self): result = self._parse('profile foo /foo {', None, None) # named profile - expected = ('foo /foo', 'foo /foo', '/foo', None, False, False, False) # XXX yes, that's what happens with the current code :-/ + expected = ('foo', 'foo', '/foo', None, False, False, False) self.assertEqual(result, expected) def test_parse_profile_start_04(self): @@ -361,7 +361,7 @@ def test_serialize_parse_profile_start_03(self): result = self._parse('profile foo /foo {', None, None, False, False) # named profile - expected = ('foo /foo', 'foo /foo', '/foo', None, False, True) # XXX yes, that's what happens with the current code :-/ + expected = ('foo', 'foo', '/foo', None, False, True) self.assertEqual(result, expected) def test_serialize_parse_profile_start_04(self): === modified file utils/test/test-regex_matches.py --- utils/test/test-regex_matches.py 2015-04-02 11:36:35.675152811 +0200 +++ utils/test/test-regex_matches.py 2015-04-02 11:54:34.836104606 +0200 @@ -429,11 +429,10 @@ (' "/foo" {', { 'profile': '/foo', 'profile_keyword': False, 'plainprofile': '/foo', 'namedprofile': None, 'attachment': None, 'flags': None, 'comment': None }), (' profile /foo {', { 'profile': '/foo', 'profile_keyword': True, 'plainprofile': None, 'namedprofile': '/foo', 'attachment': None, 'flags': None, 'comment': None }), (' profile "/foo" {', { 'profile': '/foo', 'profile_keyword': True, 'plainprofile': None, 'namedprofile': '/foo', 'attachment': None, 'flags': None, 'comment': None }), - (' profile foo /foo {', { 'profile': 'foo /foo','profile_keyword': True, 'plainprofile': None, 'namedprofile': 'foo', 'attachment': '/foo', 'flags': None, 'comment': None }), # XXX - (' profile foo /foo (audit) {', { 'profile': 'foo /foo','profile_keyword': True, 'plainprofile': None, 'namedprofile': 'foo', 'attachment': '/foo', 'flags': 'audit', 'comment': None }), # XXX - (' profile "foo" "/foo" {', { 'profile': 'foo /foo','profile_keyword': True, 'plainprofile': None, 'namedprofile': 'foo', 'attachment': '/foo', 'flags': None, 'comment': None }), # XXX - (' profile "foo bar" /foo {', { 'profile': 'foo bar /foo', 'profile_keyword': True, 'plainprofile': None, 'namedprofile': 'foo bar', 'attachment': '/foo', 'flags': None, 'comment': None }), # XXX - # XXX lines marked with XXX include the "broken" behaviour for 'profile' - they need to be changed when attachment is handled correctly + (' profile foo /foo {', { 'profile': 'foo', 'profile_keyword': True, 'plainprofile': None, 'namedprofile': 'foo', 'attachment': '/foo', 'flags': None, 'comment': None }), + (' profile foo /foo (audit) {', { 'profile': 'foo', 'profile_keyword': True, 'plainprofile': None, 'namedprofile': 'foo', 'attachment': '/foo', 'flags': 'audit', 'comment': None }), + (' profile "foo" "/foo" {', { 'profile': 'foo', 'profile_keyword': True, 'plainprofile': None, 'namedprofile': 'foo', 'attachment': '/foo', 'flags': None, 'comment': None }), + (' profile "foo bar" /foo {', { 'profile': 'foo bar', 'profile_keyword': True, 'plainprofile': None, 'namedprofile': 'foo bar','attachment': '/foo', 'flags': None, 'comment': None }), (' /foo (complain) {', { 'profile': '/foo', 'profile_keyword': False, 'plainprofile': '/foo', 'namedprofile': None, 'attachment': None, 'flags': 'complain', 'comment': None }), (' /foo flags=(complain) {', { 'profile': '/foo', 'profile_keyword': False, 'plainprofile': '/foo', 'namedprofile': None, 'attachment': None, 'flags': 'complain', 'comment': None }), (' /foo (complain) { # x', { 'profile': '/foo', 'profile_keyword': False, 'plainprofile': '/foo', 'namedprofile': None, 'attachment': None, 'flags': 'complain', 'comment': '# x'}), Regards, Christian Boltz -- Jedes meiner Postings ist alt genug, um für sich selbst zu sprechen. Ich übernehme keinerlei Verantwortung für das Verhalten meiner Mails. -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor