felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(aa-log): improve error formating on rules.

Browse source
This commit is contained in:
Alexandre Pujol 2023-10-20 23:11:11 +01:00
parent 04cae35e6e
commit 46d25ed922
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
6 changed files with 45 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

7
pkg/aa/profile.go
View file

@ -66,15 +66,16 @@ func (p *AppArmorProfile) String() string {
// AddRule adds a new rule to the profile from a log map
func (p *AppArmorProfile) AddRule(log map[string]string) {
// Generate profile flags and extra rules
switch log["error"] {
case "-2":
if !slices.Contains(p.Flags, "mediate_deleted") {
p.Flags = append(p.Flags, "mediate_deleted")
}
case "-13":
// FIXME: -13 can be a lot of things, not only attach_disconnected
// Eg: info="User namespace creation restricted"
if !slices.Contains(p.Flags, "attach_disconnected") {
if strings.Contains(log["info"], "namespace creation restricted") {
p.Rules = append(p.Rules, UsernsFromLog(log))
} else if strings.Contains(log["info"], "disconnected path") && !slices.Contains(p.Flags, "attach_disconnected") {
p.Flags = append(p.Flags, "attach_disconnected")
}
default: