diff --git a/pkg/prebuild/cli/cli.go b/pkg/prebuild/cli/cli.go index d192dd664..2ae440afc 100644 --- a/pkg/prebuild/cli/cli.go +++ b/pkg/prebuild/cli/cli.go @@ -15,6 +15,7 @@ import ( "github.com/roddhjav/apparmor.d/pkg/prebuild/builder" "github.com/roddhjav/apparmor.d/pkg/prebuild/directive" "github.com/roddhjav/apparmor.d/pkg/prebuild/prepare" + "github.com/roddhjav/apparmor.d/pkg/util" ) const ( diff --git a/pkg/prebuild/directive/exec.go b/pkg/prebuild/directive/exec.go index 5aee73740..26722349a 100644 --- a/pkg/prebuild/directive/exec.go +++ b/pkg/prebuild/directive/exec.go @@ -8,10 +8,12 @@ package directive import ( "fmt" + "path/filepath" "slices" "strings" "github.com/roddhjav/apparmor.d/pkg/aa" + "github.com/roddhjav/apparmor.d/pkg/paths" "github.com/roddhjav/apparmor.d/pkg/prebuild" ) @@ -43,7 +45,14 @@ func (d Exec) Apply(opt *Option, profileRaw string) (string, error) { rules := aa.Rules{} for name := range opt.ArgMap { - profiletoTransition := prebuild.RootApparmord.Join(name).MustReadFileAsString() + match, err := filepath.Glob(prebuild.Root.String() + "/*/" + name) + if err != nil { + return "", err + } + if len(match) != 1 { + return "", fmt.Errorf("No profile found for %s", name) + } + profiletoTransition := paths.New(match[0]).MustReadFileAsString() dstProfile := aa.DefaultTunables() if _, err := dstProfile.Parse(profiletoTransition); err != nil { return "", err diff --git a/pkg/prebuild/directive/stack.go b/pkg/prebuild/directive/stack.go index 03dd826e1..631c6f00f 100644 --- a/pkg/prebuild/directive/stack.go +++ b/pkg/prebuild/directive/stack.go @@ -6,10 +6,12 @@ package directive import ( "fmt" + "path/filepath" "regexp" "slices" "strings" + "github.com/roddhjav/apparmor.d/pkg/paths" "github.com/roddhjav/apparmor.d/pkg/prebuild" "github.com/roddhjav/apparmor.d/pkg/util" ) @@ -55,7 +57,14 @@ func (s Stack) Apply(opt *Option, profile string) (string, error) { res := "" for name := range opt.ArgMap { - stackedProfile := prebuild.RootApparmord.Join(name).MustReadFileAsString() + match, err := filepath.Glob(prebuild.Root.String() + "/*/" + name) + if err != nil { + return "", err + } + if len(match) != 1 { + return "", fmt.Errorf("No profile found for %s", name) + } + stackedProfile := paths.New(match[0]).MustReadFileAsString() m := regRules.FindStringSubmatch(stackedProfile) if len(m) < 2 { return "", fmt.Errorf("No profile found in %s", name) diff --git a/pkg/prebuild/directories.go b/pkg/prebuild/directories.go index 38f3f53e6..7859fa89d 100644 --- a/pkg/prebuild/directories.go +++ b/pkg/prebuild/directories.go @@ -66,7 +66,7 @@ func getRootBuild() *paths.Path { func getPackages() []string { files, err := PkgDir.ReadDirRecursiveFiltered(nil, paths.FilterOutDirectories()) if err != nil { - panic(err) + return []string{} } packages := make([]string, 0, len(files)) for _, file := range files { diff --git a/pkg/prebuild/prepare/ignore.go b/pkg/prebuild/prepare/ignore.go index 2aece5174..4a7eb929a 100644 --- a/pkg/prebuild/prepare/ignore.go +++ b/pkg/prebuild/prepare/ignore.go @@ -5,6 +5,9 @@ package prepare import ( + "fmt" + "strings" + "github.com/roddhjav/apparmor.d/pkg/paths" "github.com/roddhjav/apparmor.d/pkg/prebuild" ) @@ -26,21 +29,39 @@ func (p Ignore) Apply() ([]string, error) { res := []string{} for _, name := range []string{"main", prebuild.Distribution} { for _, ignore := range prebuild.Ignore.Read(name) { - profile := prebuild.Root.Join(ignore) - if profile.NotExist() { - files, err := prebuild.RootApparmord.ReadDirRecursiveFiltered(nil, paths.FilterNames(ignore)) + // Ignore file from share/ + path := prebuild.Root.Join(ignore) + if path.Exist() { + if err := path.RemoveAll(); err != nil { + return res, err + } + continue + } + + // Ignore file from apparmor.d/ + profile := strings.TrimPrefix(ignore, prebuild.Src+"/") + if strings.HasPrefix(ignore, prebuild.Src) { + path = prebuild.RootApparmord.Join(profile) + } + if path.Exist() { + if err := path.RemoveAll(); err != nil { + return res, err + } + + } else { + files, err := prebuild.RootApparmord.ReadDirRecursiveFiltered(nil, paths.FilterNames(profile)) if err != nil { return res, err } + if len(files) == 0 { + return res, fmt.Errorf("%s.ignore: no files found for '%s'", name, profile) + } for _, path := range files { if err := path.RemoveAll(); err != nil { return res, err } } - } else { - if err := profile.RemoveAll(); err != nil { - return res, err - } + } } res = append(res, prebuild.IgnoreDir.Join(name+".ignore").String()) diff --git a/pkg/prebuild/prepare/merge.go b/pkg/prebuild/prepare/merge.go index d2c720003..bc8be9062 100644 --- a/pkg/prebuild/prepare/merge.go +++ b/pkg/prebuild/prepare/merge.go @@ -48,7 +48,7 @@ func (p Merge) Apply() ([]string, error) { files, err = filepath.Glob(prebuild.RootApparmord.Join(dirRemoved).String()) if err != nil { - return []string{}, err + return res, err } for _, file := range files { if err := paths.New(file).RemoveAll(); err != nil { diff --git a/pkg/prebuild/prepare/overwrite.go b/pkg/prebuild/prepare/overwrite.go index 6f8951161..4f31fee70 100644 --- a/pkg/prebuild/prepare/overwrite.go +++ b/pkg/prebuild/prepare/overwrite.go @@ -50,7 +50,6 @@ func (p Overwrite) Apply() ([]string, error) { continue } if err := origin.Rename(dest); err != nil { - return res, err } originRel, err := origin.RelFrom(dest) diff --git a/pkg/prebuild/prepare/synchronise.go b/pkg/prebuild/prepare/synchronise.go index b272388c7..6dbfd8bb8 100644 --- a/pkg/prebuild/prepare/synchronise.go +++ b/pkg/prebuild/prepare/synchronise.go @@ -33,14 +33,15 @@ func (p Synchronise) Apply() ([]string, error) { } } if p.Path == "" { - for _, name := range []string{"apparmor.d", "share"} { - if err := paths.CopyTo(paths.New(name), prebuild.Root.Join(name)); err != nil { - return res, err - } + if err := paths.CopyTo(paths.New("share"), prebuild.Root.Join("share")); err != nil { + return res, err + } + if err := paths.CopyTo(prebuild.SrcApparmord, prebuild.RootApparmord); err != nil { + return res, err } } else { file := paths.New(p.Path) - destination, err := file.RelFrom(paths.New("apparmor.d")) + destination, err := file.RelFrom(prebuild.SrcApparmord) if err != nil { return res, err }