interfaces/apparmor: use snap.* as mask
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
- Loading branch information...
|
|
@@ -75,7 +75,7 @@ var profilesPath = realProfilesPath |
|
|
|
|
|
// LoadedProfiles interrogates the kernel and returns a list of loaded apparmor profiles.
|
|
|
//
|
|
|
-// Snappy manages apparmor profiles named *.snap. Other profiles might exist on
|
|
|
+// Snappy manages apparmor profiles named "snap.*". Other profiles might exist on
|
|
|
// the system (via snappy dimension) and those are filtered-out.
|
|
|
func LoadedProfiles() ([]Profile, error) {
|
|
|
file, err := os.Open(profilesPath)
|
|
|
@@ -97,7 +97,7 @@ func LoadedProfiles() ([]Profile, error) { |
|
|
return nil, err
|
|
|
}
|
|
|
mode = strings.Trim(mode, "()")
|
|
|
- if strings.HasSuffix(name, ".snap") {
|
|
|
+ if strings.HasPrefix(name, "snap.") {
|
|
|
profiles = append(profiles, Profile{Name: name, Mode: mode})
|
|
|
}
|
|
|
}
|
|
|
|
|
|
@@ -124,16 +124,16 @@ func (s *appArmorSuite) TestLoadedApparmorProfilesParsesAndFiltersData(c *C) { |
|
|
/usr/lib/telepathy/telepathy-* (enforce)
|
|
|
/usr/lib/telepathy/telepathy-*//pxgsettings (enforce)
|
|
|
/usr/lib/telepathy/telepathy-*//sanitized_helper (enforce)
|
|
|
-pi2-piglow.background.snap (enforce)
|
|
|
-pi2-piglow.foreground.snap (enforce)
|
|
|
+snap.pi2-piglow.background (enforce)
|
|
|
+snap.pi2-piglow.foreground (enforce)
|
|
|
webbrowser-app (enforce)
|
|
|
webbrowser-app//oxide_helper (enforce)
|
|
|
`), 0600)
|
|
|
profiles, err := apparmor.LoadedProfiles()
|
|
|
c.Assert(err, IsNil)
|
|
|
c.Check(profiles, DeepEquals, []apparmor.Profile{
|
|
|
- {"pi2-piglow.background.snap", "enforce"},
|
|
|
- {"pi2-piglow.foreground.snap", "enforce"},
|
|
|
+ {"snap.pi2-piglow.background", "enforce"},
|
|
|
+ {"snap.pi2-piglow.foreground", "enforce"},
|
|
|
})
|
|
|
}
|
|
|
|
|
|
|
zyga
committed