feat(aa): improve apparmor struct.

2024-04-14 23:58:34 +01:00 · 2024-04-14 23:58:34 +01:00 · ab4feda5ba
commit ab4feda5ba
parent ea1736083a
28 changed files with 638 additions and 496 deletions
--- a/pkg/aa/templates/include.j2
+++ b/pkg/aa/templates/include.j2
@ -8,4 +8,5 @@
    {{- else -}}
        {{ " \"" }}{{ .Path }}{{ "\"" }}
    {{- end -}}
+    {{- template "comment" . -}}
 {{- end -}}
--- a/pkg/aa/templates/profile.j2
+++ b/pkg/aa/templates/profile.j2
@ -56,7 +56,7 @@
    {{- end -}}

    {{- if eq $type "Rlimit" -}}
-        {{ "set rlimit " }}{{ .Key }} {{ .Op }} {{ .Value }}{{ "," }}
+        {{ "set rlimit " }}{{ .Key }} {{ .Op }} {{ .Value }}{{ "," }}{{ template "comment" . }}
    {{- end -}}

    {{- if eq $type "Capability" -}}
@ -191,15 +191,24 @@
        {{- with .Type -}}
            {{ " type=" }}{{ . }}
        {{- end -}}
+        {{- with .Protocol -}}
+            {{ " protocol=" }}{{ . }}
+        {{- end -}}
        {{- with .Address -}}
            {{ " addr=" }}{{ . }}
        {{- end -}}
-        {{- if .Peer -}}
-            {{ " peer=(label=" }}{{ .Peer }}
-            {{- with .PeerAddr -}}
-                {{ ", addr="}}{{ . }}
+        {{- with .Label -}}
+            {{ " label=" }}{{ . }}
+        {{- end -}}
+        {{- if and .PeerLabel .PeerAddr -}}
+            {{ " peer=(label=" }}{{ .PeerLabel }}{{ ", addr="}}{{ .PeerAddr }}{{ ")" }}
+        {{- else -}}
+            {{- with .PeerLabel -}}
+                {{ overindent "peer=(label=" }}{{ . }}{{ ")" }}
+            {{- end -}}
+            {{- with .PeerAddr -}}
+                {{ overindent "peer=(addr=" }}{{ . }}{{ ")" }}
            {{- end -}}
-            {{- ")" -}}
        {{- end -}}
        {{- "," -}}
        {{- template "comment" . -}}
@ -256,13 +265,13 @@
            {{- with .Member -}}
                {{ overindent "member=" }}{{ . }}{{ "\n" }}
            {{- end -}}
-            {{- if and .Name .Label -}}
-                {{ overindent "peer=(name=" }}{{ .Name }}{{ ", label="}}{{ .Label }}{{ ")" }}
+            {{- if and .PeerName .PeerLabel -}}
+                {{ overindent "peer=(name=" }}{{ .PeerName }}{{ ", label="}}{{ .PeerLabel }}{{ ")" }}
            {{- else -}}
-                {{- with .Name -}}
+                {{- with .PeerName -}}
                    {{ overindent "peer=(name=" }}{{ . }}{{ ")" }}
                {{- end -}}
-                {{- with .Label -}}
+                {{- with .PeerLabel -}}
                    {{ overindent "peer=(label=" }}{{ . }}{{ ")" }}
                {{- end -}}
            {{- end -}}
@ -273,6 +282,9 @@

    {{- if eq $type "File" -}}
        {{- template "qualifier" . -}}
+        {{- if .Owner -}}
+            {{- "owner " -}}
+        {{- end -}}
        {{- .Path -}}
        {{- " " -}}
        {{- with .Padding -}}
--- a/pkg/aa/templates/qualifier.j2
+++ b/pkg/aa/templates/qualifier.j2
@ -2,9 +2,6 @@
    {{- with .Prefix -}}
        {{ . }}
    {{- end -}}
-    {{- if .Owner -}}
-        {{- "owner " -}}
-    {{- end -}}
    {{- if .Audit -}}
        {{- "audit " -}}
    {{- end -}}