build: add the X option to the stack directive.

2024-09-10 18:13:48 +01:00 · 2024-09-10 18:13:48 +01:00 · f3094cc741
commit f3094cc741
parent 67c5181ba9
6 changed files with 30 additions and 8 deletions
--- a/pkg/prebuild/directive/stack.go
+++ b/pkg/prebuild/directive/stack.go
@ -7,6 +7,7 @@ package directive
 import (
 	"fmt"
 	"regexp"
+	"slices"
 	"strings"

 	"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
@ -19,7 +20,6 @@ var (
 	regCleanStakedRules = util.ToRegexRepl([]string{
 		`(?m)^.*include <abstractions/base>.*$`, ``, // Remove mandatory base abstraction
 		`(?m)^.*@{exec_path}.*$`, ``, // Remove entry point
-		`(?m)^.*(|P|p)(|U|u)(|i)x,.*$`, ``, // Remove transition rules
 		`(?m)^(?:[\t ]*(?:\r?\n))+`, ``, // Remove empty lines
 	})
 )
@ -33,12 +33,26 @@ func init() {
 		Base: cfg.Base{
 			Keyword: "stack",
 			Msg:     "Stack directive applied",
-			Help:    Keyword + `stack profiles...`,
+			Help:    Keyword + `stack [X] profiles...`,
 		},
 	})
 }

 func (s Stack) Apply(opt *Option, profile string) (string, error) {
+	if len(opt.ArgList) == 0 {
+		return "", fmt.Errorf("No profile to stack")
+	}
+	t := opt.ArgList[0]
+	if t != "X" {
+		regCleanStakedRules = slices.Insert(regCleanStakedRules, 0,
+			util.ToRegexRepl([]string{
+				`(?m)^.*(|P|p)(|U|u)(|i)x,.*$`, ``, // Remove X transition rules
+			})...,
+		)
+	} else {
+		delete(opt.ArgMap, t)
+	}
+
 	res := ""
 	for name := range opt.ArgMap {
 		stackedProfile := util.MustReadFile(cfg.RootApparmord.Join(name))