diff --git a/pkg/aa/all.go b/pkg/aa/all.go index 5351afb7d..b3acb5d96 100644 --- a/pkg/aa/all.go +++ b/pkg/aa/all.go @@ -26,7 +26,8 @@ func (r *All) Compare(other Rule) int { func (r *All) Merge(other Rule) bool { o, _ := other.(*All) - return r.RuleBase.merge(o.RuleBase) + b := &r.RuleBase + return b.merge(o.RuleBase) } func (r *All) String() string { diff --git a/pkg/aa/base.go b/pkg/aa/base.go index 92aa76f85..c05954267 100644 --- a/pkg/aa/base.go +++ b/pkg/aa/base.go @@ -83,8 +83,10 @@ func (r RuleBase) Merge(other Rule) bool { return false } -func (r RuleBase) merge(other RuleBase) bool { - r.Comment += " " + other.Comment +func (r *RuleBase) merge(other RuleBase) bool { + if other.Comment != "" { + r.Comment += " " + other.Comment + } return true } diff --git a/pkg/aa/dbus.go b/pkg/aa/dbus.go index 8602e93dd..f34b8e09c 100644 --- a/pkg/aa/dbus.go +++ b/pkg/aa/dbus.go @@ -120,7 +120,8 @@ func (r *Dbus) Merge(other Rule) bool { r.Interface == o.Interface && r.Member == o.Member && r.PeerName == o.PeerName && r.PeerLabel == o.PeerLabel { r.Access = merge(r.Kind(), "access", r.Access, o.Access) - return r.RuleBase.merge(o.RuleBase) + b := &r.RuleBase + return b.merge(o.RuleBase) } return false } diff --git a/pkg/aa/file.go b/pkg/aa/file.go index 928e897c8..56ae9c499 100644 --- a/pkg/aa/file.go +++ b/pkg/aa/file.go @@ -138,7 +138,8 @@ func (r *File) Merge(other Rule) bool { } if r.Owner == o.Owner && r.Path == o.Path && r.Target == o.Target { r.Access = merge(r.Kind(), "access", r.Access, o.Access) - return r.RuleBase.merge(o.RuleBase) + b := &r.RuleBase + return b.merge(o.RuleBase) } return false } diff --git a/pkg/aa/io_uring.go b/pkg/aa/io_uring.go index 06c33ad3d..4402f07a9 100644 --- a/pkg/aa/io_uring.go +++ b/pkg/aa/io_uring.go @@ -71,7 +71,8 @@ func (r *IOUring) Merge(other Rule) bool { } if r.Label == o.Label { r.Access = merge(r.Kind(), "access", r.Access, o.Access) - return r.RuleBase.merge(o.RuleBase) + b := &r.RuleBase + return b.merge(o.RuleBase) } return false } diff --git a/pkg/aa/mount.go b/pkg/aa/mount.go index 480afa2fc..272076d07 100644 --- a/pkg/aa/mount.go +++ b/pkg/aa/mount.go @@ -65,7 +65,7 @@ func (m MountConditions) Compare(other MountConditions) int { return compare(m.Options, other.Options) } -func (m MountConditions) Merge(other MountConditions) bool { +func (m *MountConditions) Merge(other MountConditions) bool { if m.FsType == other.FsType { m.Options = merge(MOUNT, "flags", m.Options, other.Options) return true @@ -143,13 +143,15 @@ func (r *Mount) Compare(other Rule) int { func (r *Mount) Merge(other Rule) bool { o, _ := other.(*Mount) + mc := &r.MountConditions if !r.Qualifier.Equal(o.Qualifier) { return false } if r.Source == o.Source && r.MountPoint == o.MountPoint && - r.MountConditions.Merge(o.MountConditions) { - return r.RuleBase.merge(o.RuleBase) + mc.Merge(o.MountConditions) { + b := &r.RuleBase + return b.merge(o.RuleBase) } return false } @@ -220,12 +222,14 @@ func (r *Umount) Compare(other Rule) int { func (r *Umount) Merge(other Rule) bool { o, _ := other.(*Umount) + mc := &r.MountConditions if !r.Qualifier.Equal(o.Qualifier) { return false } - if r.MountPoint == o.MountPoint && r.MountConditions.Merge(o.MountConditions) { - return r.RuleBase.merge(o.RuleBase) + if r.MountPoint == o.MountPoint && mc.Merge(o.MountConditions) { + b := &r.RuleBase + return b.merge(o.RuleBase) } return false } @@ -297,12 +301,14 @@ func (r *Remount) Compare(other Rule) int { func (r *Remount) Merge(other Rule) bool { o, _ := other.(*Remount) + mc := &r.MountConditions if !r.Qualifier.Equal(o.Qualifier) { return false } - if r.MountPoint == o.MountPoint && r.MountConditions.Merge(o.MountConditions) { - return r.RuleBase.merge(o.RuleBase) + if r.MountPoint == o.MountPoint && mc.Merge(o.MountConditions) { + b := &r.RuleBase + return b.merge(o.RuleBase) } return false } diff --git a/pkg/aa/mqueue.go b/pkg/aa/mqueue.go index 7edd9358d..889dcde6c 100644 --- a/pkg/aa/mqueue.go +++ b/pkg/aa/mqueue.go @@ -105,7 +105,8 @@ func (r *Mqueue) Merge(other Rule) bool { } if r.Type == o.Type && r.Label == o.Label && r.Name == o.Name { r.Access = merge(r.Kind(), "access", r.Access, o.Access) - return r.RuleBase.merge(o.RuleBase) + b := &r.RuleBase + return b.merge(o.RuleBase) } return false } diff --git a/pkg/aa/preamble.go b/pkg/aa/preamble.go index e628417b9..4ad65fe97 100644 --- a/pkg/aa/preamble.go +++ b/pkg/aa/preamble.go @@ -261,7 +261,8 @@ func (r *Variable) Merge(other Rule) bool { if r.Name == o.Name && r.Define == o.Define { r.Values = merge(r.Kind(), "access", r.Values, o.Values) - return r.RuleBase.merge(o.RuleBase) + b := &r.RuleBase + return b.merge(o.RuleBase) } return false } diff --git a/pkg/aa/ptrace.go b/pkg/aa/ptrace.go index 1ecec49a7..2c7f9f225 100644 --- a/pkg/aa/ptrace.go +++ b/pkg/aa/ptrace.go @@ -62,7 +62,8 @@ func (r *Ptrace) Merge(other Rule) bool { } if r.Peer == o.Peer { r.Access = merge(r.Kind(), "access", r.Access, o.Access) - return r.RuleBase.merge(o.RuleBase) + b := &r.RuleBase + return b.merge(o.RuleBase) } return false } diff --git a/pkg/aa/signal.go b/pkg/aa/signal.go index 6d590b103..097e8b827 100644 --- a/pkg/aa/signal.go +++ b/pkg/aa/signal.go @@ -86,10 +86,12 @@ func (r *Signal) Merge(other Rule) bool { switch { case r.Peer == o.Peer && compare(r.Set, o.Set) == 0: r.Access = merge(r.Kind(), "access", r.Access, o.Access) - return r.RuleBase.merge(o.RuleBase) + b := &r.RuleBase + return b.merge(o.RuleBase) case r.Peer == o.Peer && compare(r.Access, o.Access) == 0: r.Set = merge(r.Kind(), "set", r.Set, o.Set) - return r.RuleBase.merge(o.RuleBase) + b := &r.RuleBase + return b.merge(o.RuleBase) } return false } diff --git a/pkg/aa/unix.go b/pkg/aa/unix.go index 5ccae9714..677330ecb 100644 --- a/pkg/aa/unix.go +++ b/pkg/aa/unix.go @@ -119,7 +119,8 @@ func (r *Unix) Merge(other Rule) bool { r.Label == o.Label && r.Attr == o.Attr && r.Opt == o.Opt && r.PeerLabel == o.PeerLabel && r.PeerAddr == o.PeerAddr { r.Access = merge(r.Kind(), "access", r.Access, o.Access) - return r.RuleBase.merge(o.RuleBase) + b := &r.RuleBase + return b.merge(o.RuleBase) } return false } diff --git a/pkg/aa/userns.go b/pkg/aa/userns.go index 6770106b4..424911f08 100644 --- a/pkg/aa/userns.go +++ b/pkg/aa/userns.go @@ -56,7 +56,8 @@ func (r *Userns) Compare(other Rule) int { func (r *Userns) Merge(other Rule) bool { o, _ := other.(*Userns) - return r.RuleBase.merge(o.RuleBase) + b := &r.RuleBase + return b.merge(o.RuleBase) } func (r *Userns) String() string {