felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(aa): sort local include at the end of a profile.

Browse source
This commit is contained in:
Alexandre Pujol 2023-09-29 21:24:15 +01:00
parent bd4e9bb135
commit 26d05f1869
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
2 changed files with 7 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
pkg/aa/profile.go
View file

@ -128,6 +128,12 @@ func (p *AppArmorProfile) Sort() {
if typeOfI != typeOfJ { if typeOfI != typeOfJ {
valueOfI := typeToValue(typeOfI) valueOfI := typeToValue(typeOfI)
valueOfJ := typeToValue(typeOfJ) valueOfJ := typeToValue(typeOfJ)
if typeOfI == reflect.TypeOf((*Include)(nil)) && p.Rules[i].(*Include).IfExists {
valueOfI = "include_if_exists"
}
if typeOfJ == reflect.TypeOf((*Include)(nil)) && p.Rules[j].(*Include).IfExists {
valueOfJ = "include_if_exists"
}
return ruleWeights[valueOfI] < ruleWeights[valueOfJ] return ruleWeights[valueOfI] < ruleWeights[valueOfJ]
} }
return p.Rules[i].Less(p.Rules[j]) return p.Rules[i].Less(p.Rules[j])

2
pkg/aa/template.go
View file

@ -78,7 +78,7 @@ var (
"iouring", "iouring",
"dbus", "dbus",
"file", "file",
"include_local", "include_if_exists",
} }
ruleWeights = map[string]int{} ruleWeights = map[string]int{}