felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(aa-log): add support for mqueue.

Browse source
This commit is contained in:
Alexandre Pujol 2023-12-05 20:47:32 +00:00
parent 319b976beb
commit 735e3529fb
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
5 changed files with 38 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

14
pkg/aa/mqueue.go
View file

@ -4,19 +4,29 @@
package aa package aa
import "strings"
type Mqueue struct { type Mqueue struct {
Qualifier Qualifier
Access string Access string
Type string Type string
Label string Label string
Name string
} }
func MqueueFromLog(log map[string]string) ApparmorRule { func MqueueFromLog(log map[string]string) ApparmorRule {
mqueueType := "posix"
if strings.Contains(log["class"], "posix") {
mqueueType = "posix"
} else if strings.Contains(log["class"], "sysv") {
mqueueType = "sysv"
}
return &Mqueue{ return &Mqueue{
Qualifier: NewQualifierFromLog(log), Qualifier: NewQualifierFromLog(log),
Access: maskToAccess[log["requested_mask"]], Access: maskToAccess[log["requested"]],
Type: log["type"], Type: mqueueType,
Label: log["label"], Label: log["label"],
Name: log["name"],
} }
} }

2
pkg/aa/profile.go
View file

@ -97,7 +97,7 @@ func (p *AppArmorProfile) AddRule(log map[string]string) {
case "pivotroot": case "pivotroot":
p.Rules = append(p.Rules, PivotRootFromLog(log)) p.Rules = append(p.Rules, PivotRootFromLog(log))
} }
case "mqueue": case "posix_mqueue", "sysv_mqueue":
p.Rules = append(p.Rules, MqueueFromLog(log)) p.Rules = append(p.Rules, MqueueFromLog(log))
case "signal": case "signal":
p.Rules = append(p.Rules, SignalFromLog(log)) p.Rules = append(p.Rules, SignalFromLog(log))

5
pkg/aa/template.go
View file

@ -35,10 +35,14 @@ var (
"a": "w", "a": "w",
"ac": "w", "ac": "w",
"c": "w", "c": "w",
"create": "create",
"d": "w", "d": "w",
"delete": "delete",
"getattr": "getattr",
"k": "k", "k": "k",
"l": "l", "l": "l",
"m": "rm", "m": "rm",
"open": "open",
"r": "r", "r": "r",
"ra": "rw", "ra": "rw",
"read write": "read write", "read write": "read write",
@ -49,6 +53,7 @@ var (
"rw": "rw", "rw": "rw",
"send receive": "send receive", "send receive": "send receive",
"send": "send", "send": "send",
"setattr": "setattr",
"w": "w", "w": "w",
"wc": "w", "wc": "w",
"wd": "w", "wd": "w",

19
pkg/aa/templates/profile.j2
View file

@ -161,6 +161,25 @@
{{- template "comment" . -}} {{- template "comment" . -}}
{{- end -}} {{- end -}}
{{- if eq $type "Mqueue" -}}
{{- template "qualifier" . -}}
{{- "mqueue" -}}
{{- with .Access -}}
{{ " " }}{{ . }}
{{- end -}}
{{- with .Type -}}
{{ " type=" }}{{ . }}
{{- end -}}
{{- with .Label -}}
{{ " label=" }}{{ . }}
{{- end -}}
{{- with .Name -}}
{{ " " }}{{ . }}
{{- end -}}
{{- "," -}}
{{- template "comment" . -}}
{{- end -}}
{{- if eq $type "Unix" -}} {{- if eq $type "Unix" -}}
{{- template "qualifier" . -}} {{- template "qualifier" . -}}
{{- "unix" -}} {{- "unix" -}}

1
pkg/prebuild/build.go
View file

@ -28,6 +28,7 @@ var (
regAbi4To3 = util.ToRegexRepl([]string{ // Currently Abi3 -> Abi4 regAbi4To3 = util.ToRegexRepl([]string{ // Currently Abi3 -> Abi4
`abi/3.0`, `abi/4.0`, `abi/3.0`, `abi/4.0`,
`# userns,`, `userns,`, `# userns,`, `userns,`,
`# mqueue`, `mqueue`,
}) })
) )