felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(aa): refractor apparmor templates to the last changes.

Browse source
This commit is contained in:
Alexandre Pujol 2024-04-23 21:27:35 +01:00
parent 5483668574
commit 120db93396
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
15 changed files with 236 additions and 152 deletions
Download patch file Download diff file Expand all files Collapse all files

14
pkg/aa/templates/rule/abi.j2 Normal file
View file

@ -0,0 +1,14 @@
{{- /* apparmor.d - Full set of apparmor profiles */ -}}
{{- /* Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io> */ -}}
{{- /* SPDX-License-Identifier: GPL-2.0-only */ -}}
{{- define "abi" -}}
{{- "abi" -}}
{{- if .IsMagic -}}
{{ " <" }}{{ .Path }}{{ ">" }}
{{- else -}}
{{ " \"" }}{{ .Path }}{{ "\"" }}
{{- end -}}
{{- "," -}}
{{- template "comment" . -}}
{{- end -}}

12
pkg/aa/templates/rule/alias.j2 Normal file
View file

@ -0,0 +1,12 @@
{{- /* apparmor.d - Full set of apparmor profiles */ -}}
{{- /* Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io> */ -}}
{{- /* SPDX-License-Identifier: GPL-2.0-only */ -}}
{{- define "alias" -}}
{{- "alias " -}}
{{- .Path -}}
{{- " -> " -}}
{{- .RewrittenPath -}}
{{- "," -}}
{{- template "comment" . -}}
{{- end -}}

8
pkg/aa/templates/rule/capability.j2
View file

@ -3,5 +3,11 @@
{{- /* SPDX-License-Identifier: GPL-2.0-only */ -}}
{{- define "capability" -}}
{{ template "qualifier" . }}{{ "capability " }}{{ .Name }}{{ "," }}{{ template "comment" . }}
{{- template "qualifier" . -}}
{{- "capability" -}}
{{- range .Names -}}
{{ " " }}{{ . }}
{{- end -}}
{{- "," -}}
{{- template "comment" . -}}
{{- end -}}

30
pkg/aa/templates/rule/comment.j2
View file

@ -4,18 +4,22 @@
{{- define "comment" -}}
{{- if or .FileInherit .NoNewPrivs .Optional .Comment -}}
{{- " #" -}}
{{- end -}}
{{- if .FileInherit -}}
{{- " file_inherit" -}}
{{- end -}}
{{- if .NoNewPrivs -}}
{{- " no new privs" -}}
{{- end -}}
{{- if .Optional -}}
{{- " optional:" -}}
{{- end -}}
{{- with .Comment -}}
{{ " " }}{{ . }}
{{- if .IsLineRule }}
{{- "#" -}}
{{- else -}}
{{- " #" -}}
{{- end -}}
{{- if .FileInherit -}}
{{- " file_inherit" -}}
{{- end -}}
{{- if .NoNewPrivs -}}
{{- " no new privs" -}}
{{- end -}}
{{- if .Optional -}}
{{- " optional:" -}}
{{- end -}}
{{- with .Comment -}}
{{ " " }}{{ . }}
{{- end -}}
{{- end -}}
{{- end -}}

19
pkg/aa/templates/rule/dbus.j2
View file

@ -5,11 +5,15 @@
{{- define "dbus" -}}
{{- template "qualifier" . -}}
{{- "dbus" -}}
{{- if eq .Access "bind" -}}
{{- $access := "" -}}
{{- if .Access -}}
{{- $access = index .Access 0 -}}
{{- end -}}
{{- if eq $access "bind" -}}
{{ " bind bus=" }}{{ .Bus }}{{ " name=" }}{{ .Name }}
{{- else -}}
{{- with .Access -}}
{{ " " }}{{ . }}
{{ " " }}{{ cjoin . }}
{{- end -}}
{{- with .Bus -}}
{{ " bus=" }}{{ . }}
@ -17,21 +21,20 @@
{{- with .Path -}}
{{ " path=" }}{{ . }}
{{- end -}}
{{ "\n" }}
{{- with .Interface -}}
{{ overindent "interface=" }}{{ . }}{{ "\n" }}
{{ "\n" }}{{ overindent "interface=" }}{{ . }}
{{- end -}}
{{- with .Member -}}
{{ overindent "member=" }}{{ . }}{{ "\n" }}
{{ "\n" }}{{ overindent "member=" }}{{ . }}
{{- end -}}
{{- if and .PeerName .PeerLabel -}}
{{ overindent "peer=(name=" }}{{ .PeerName }}{{ ", label="}}{{ .PeerLabel }}{{ ")" }}
{{ "\n" }}{{ overindent "peer=(name=" }}{{ .PeerName }}{{ ", label="}}{{ .PeerLabel }}{{ ")" }}
{{- else -}}
{{- with .PeerName -}}
{{ overindent "peer=(name=" }}{{ . }}{{ ")" }}
{{ "\n" }}{{ overindent "peer=(name=" }}{{ . }}{{ ")" }}
{{- end -}}
{{- with .PeerLabel -}}
{{ overindent "peer=(label=" }}{{ . }}{{ ")" }}
{{ "\n" }}{{ overindent "peer=(label=" }}{{ . }}{{ ")" }}
{{- end -}}
{{- end -}}
{{- end -}}

4
pkg/aa/templates/rule/file.j2
View file

@ -12,7 +12,9 @@
{{- with .Padding -}}
{{ . }}
{{- end -}}
{{- .Access -}}
{{- range .Access -}}
{{- . -}}
{{- end -}}
{{- with .Target -}}
{{ " -> " }}{{ . }}
{{- end -}}

6
pkg/aa/templates/rule/mount.j2
View file

@ -9,7 +9,7 @@
{{ " fstype=" }}{{ . }}
{{- end -}}
{{- with .Options -}}
{{ " options=(" }}{{ join . }}{{ ")" }}
{{ " options=" }}{{ cjoin . }}
{{- end -}}
{{- with .Source -}}
{{ " " }}{{ . }}
@ -28,7 +28,7 @@
{{ " fstype=" }}{{ . }}
{{- end -}}
{{- with .Options -}}
{{ " options=(" }}{{ join . }}{{ ")" }}
{{ " options=" }}{{ cjoin . }}
{{- end -}}
{{- with .MountPoint -}}
{{ " " }}{{ . }}
@ -44,7 +44,7 @@
{{ " fstype=" }}{{ . }}
{{- end -}}
{{- with .Options -}}
{{ " options=(" }}{{ join . }}{{ ")" }}
{{ " options=" }}{{ cjoin . }}
{{- end -}}
{{- with .MountPoint -}}
{{ " " }}{{ . }}

2
pkg/aa/templates/rule/mqueue.j2
View file

@ -6,7 +6,7 @@
{{- template "qualifier" . -}}
{{- "mqueue" -}}
{{- with .Access -}}
{{ " " }}{{ . }}
{{ " " }}{{ cjoin . }}
{{- end -}}
{{- with .Type -}}
{{ " type=" }}{{ . }}

2
pkg/aa/templates/rule/ptrace.j2
View file

@ -6,7 +6,7 @@
{{- template "qualifier" . -}}
{{- "ptrace" -}}
{{- with .Access -}}
{{ " (" }}{{ . }}{{ ")" }}
{{ " " }}{{ cjoin . }}
{{- end -}}
{{- with .Peer -}}
{{ " peer=" }}{{ . }}

4
pkg/aa/templates/rule/signal.j2
View file

@ -6,10 +6,10 @@
{{- template "qualifier" . -}}
{{- "signal" -}}
{{- with .Access -}}
{{ " (" }}{{ . }}{{ ")" }}
{{ " " }}{{ cjoin . }}
{{- end -}}
{{- with .Set -}}
{{ " set=(" }}{{ . }}{{ ")" }}
{{ " set=" }}{{ cjoin . }}
{{- end -}}
{{- with .Peer -}}
{{ " peer=" }}{{ . }}

2
pkg/aa/templates/rule/unix.j2
View file

@ -6,7 +6,7 @@
{{- template "qualifier" . -}}
{{- "unix" -}}
{{- with .Access -}}
{{ " (" }}{{ . }}{{ ")" }}
{{ " " }}{{ cjoin . }}
{{- end -}}
{{- with .Type -}}
{{ " type=" }}{{ . }}

14
pkg/aa/templates/rule/variable.j2 Normal file
View file

@ -0,0 +1,14 @@
{{- /* apparmor.d - Full set of apparmor profiles */ -}}
{{- /* Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io> */ -}}
{{- /* SPDX-License-Identifier: GPL-2.0-only */ -}}
{{- define "variable" -}}
{{- "@{" -}}{{- .Name -}}{{- "}" -}}
{{- if .Define }}
{{- " = " -}}
{{- else -}}
{{- " += " -}}
{{- end -}}
{{- join .Values -}}
{{- template "comment" . -}}
{{- end -}}