Commit 3b5bede1 authored by Christian Boltz's avatar Christian Boltz

AppArmor.pm: add basic support for signal, unix, ptrace and dbus rules

YaST still uses AppArmor.pm, and now errors out when starting the 
profile editor because it doesn't know about signal, unix, ptrace and 
dbus rules.

This patch adds basic support for those rules to AppArmor.pm by adding 
them to the "ignore those rules" regex.

Note: Rules covered by this regex are lost when writing the profile
therefore the patch adds a comment to at least make this a "known bug".

References:https://bugzilla.novell.com/show_bug.cgi?id=900013Acked-by: Steve Beattie's avatarSteve Beattie <steve@nxnw.org>
parent 44d2e9da
......@@ -5438,8 +5438,9 @@ sub parse_profile_data($$$) {
$initial_comment .= "$_\n";
}
}
} elsif (/^\s*(audit\s+)?(deny\s+)?(owner\s+)?(capability|dbus|file|mount|pivot_root|remount|umount)/) {
} elsif (/^\s*(audit\s+)?(deny\s+)?(owner\s+)?(capability|dbus|file|mount|pivot_root|remount|umount|signal|unix|ptrace|dbus)/) {
# ignore valid rules that are currently unsupported by AppArmor.pm
# BUG: when writing the profile, those rules are lost!
} else {
# we hit something we don't understand in a profile...
die sprintf(gettext('%s contains syntax errors. Line [%s]'), $file, $_) . "\n";
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment