felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(aa): handle appending value to defined variables.

Browse source
This commit is contained in:
Alexandre Pujol 2024-05-30 14:23:56 +01:00
parent 264f30cf12
commit 7f1de3626e
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
4 changed files with 59 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

6
pkg/prebuild/directive/exec.go
View file

@ -42,8 +42,10 @@ func (d Exec) Apply(opt *Option, profileRaw string) (string, error) {
for name := range opt.ArgMap {
profiletoTransition := util.MustReadFile(cfg.RootApparmord.Join(name))
dstProfile := aa.DefaultTunables()
err := dstProfile.Parse(profiletoTransition)
if err != nil {
if err := dstProfile.Parse(profiletoTransition); err != nil {
return "", err
}
if err := dstProfile.Resolve(); err != nil {
return "", err
}
for _, variable := range dstProfile.Preamble.GetVariables() {

8
pkg/prebuild/directive/exec_test.go
View file

@ -31,8 +31,8 @@ func TestExec_Apply(t *testing.T) {
Raw: " #aa:exec DiscoverNotifier",
},
profile: ` #aa:exec DiscoverNotifier`,
want: ` @{lib}/@{multiarch}/{,libexec/}DiscoverNotifier Px,
@{lib}/DiscoverNotifier Px,`,
want: ` /{,usr/}lib{,exec,32,64}/*-linux-gnu*/{,libexec/}DiscoverNotifier Px,
/{,usr/}lib{,exec,32,64}/DiscoverNotifier Px,`,
},
{
name: "exec-unconfined",
@ -45,8 +45,8 @@ func TestExec_Apply(t *testing.T) {
Raw: " #aa:exec U polkit-agent-helper",
},
profile: ` #aa:exec U polkit-agent-helper`,
want: ` @{lib}/polkit-[0-9]/polkit-agent-helper-[0-9] Ux,
@{lib}/polkit-agent-helper-[0-9] Ux,`,
want: ` /{,usr/}lib{,exec,32,64}/polkit-[0-9]/polkit-agent-helper-[0-9] Ux,
/{,usr/}lib{,exec,32,64}/polkit-agent-helper-[0-9] Ux,`,
},
}
for _, tt := range tests {