Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support parsing dir keywords #588

Closed
jw3 opened this issue Aug 12, 2022 · 0 comments · Fixed by #872
Closed

Support parsing dir keywords #588

jw3 opened this issue Aug 12, 2022 · 0 comments · Fixed by #872
Labels
enhancement New feature or request fapolicyd-feature New feature in fapolicyd that is not yet supported. rules
Milestone
v1.1

Comments

@jw3
Copy link
Member

jw3 commented Aug 12, 2022 

 dir         If you wish to match a directory, then use this by giving the full path to the directory. Its recommended to
                          end with the / to ensure it matches a directory. There are 3 keywords  that  dir  supports:  execdirs,  sys‐
                          temdirs, untrusted.

                          execdirs    The execdirs option will match against the following list of directories:

                                      /usr/       /bin/ /sbin/ /lib/ /lib64/ /usr/libexec/

                          systemdirs  The systemdirs option will match against the same list as execdirs but also includes /etc/.

                          untrusted   The  untrusted option will look up the current executable's full path in the rpm database to see
                                      if the executable is known to the system. The rule will trigger if the file in question  is  not
                                      in  the  trust database. This option is deprecated in favor of using obj_trust with execute per‐
                                      mission when writing rules.
@jw3 jw3 added enhancement New feature or request rules labels Aug 12, 2022
@jw3 jw3 added this to the 9 milestone Sep 1, 2022
@jw3 jw3 added the fapolicyd-feature New feature in fapolicyd that is not yet supported. label Mar 21, 2023
jw3 added a commit to jw3/fapolicy-analyzer that referenced this issue May 16, 2023
@jw3
Parse dir object keywords
bd9b8d1 
In addition to the string path parsing that we currently support there are 3 keywords that need special handling:
- execdirs
- systemdirs
- untrusted

This implementes a type that wraps up these three and the string type to add support for the keywords.

Closes ctc-oss#588
@jw3 jw3 mentioned this issue May 16, 2023
Merged
@jw3 jw3 closed this as completed in #872 May 16, 2023
jw3 added a commit that referenced this issue May 16, 2023
@jw3
Parse dir object keywords (#872)
ca904ac 
In addition to the string path parsing for object dirs that we currently support there
are 3 keywords that need special handling:
- execdirs
- systemdirs
- untrusted

This commit implementes a type that wraps up these new three with the existing string path type to complete support for all
available dir combinations.

Closes #588
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request fapolicyd-feature New feature in fapolicyd that is not yet supported. rules
Projects
None yet
Milestone
v1.1
Development

Successfully merging a pull request may close this issue.

Parse dir object keywords jw3/fapolicy-analyzer
1 participant
@jw3