257685 – security/base-audit: patch to allow ignored jails

Bug 257685 - security/base-audit: patch to allow ignored jails

Summary: security/base-audit: patch to allow ignored jails

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Dan Langille

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-08-08 16:16 UTC by Dan Langille
Modified:	2021-08-10 02:04 UTC (History)
CC List:	2 users (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (000.fbsd)

Attachments
patch for security_status_baseaudit_jails_ignore (1.46 KB, patch) 2021-08-08 16:16 UTC, Dan Langille	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dan Langille freebsd_committer

2021-08-08 16:16:38 UTC

Created attachment 227018 [details]
patch for security_status_baseaudit_jails_ignore

security_status_baseaudit_jails_ignore is a space delimited list of jails
to ignore.

If non-empty, the code iterates over security_status_baseaudit_jails_ignore
to avoid partial matches (i.e. ignore foo.bar, but not foo). If there is a
better way to do that without looping, please let me know.


Example use case: I have jails which purposely are older vulnerable versions for testing.

Comment 1 Li-Wen Hsu freebsd_committer

2021-08-09 16:07:03 UTC

Submitter is committer.

Comment 2 Miroslav Lachman 2021-08-09 18:11:34 UTC

(In reply to Dan Langille from comment #0)
Should it be really that verbose to print "ignoring jail:" for each ignored jail?

I think it will be better to be silent if the jail is ignored on purpose.

Comment 3 Dan Langille freebsd_committer

2021-08-09 18:12:25 UTC

(In reply to Miroslav Lachman from comment #2)

It prints out each jail it is processing. Why not print the jails it is ignoring?

Comment 4 Miroslav Lachman 2021-08-09 23:13:23 UTC

(In reply to Dan Langille from comment #3)
You are right Dan. I already pushed this change to my github
https://github.com/MirLach/freebsd-ports/commit/998ea1a8dbe73bbf14cfde3f69e6aeeb7d57acdb

Go ahead and commit this version 0.5.

Comment 5 commit-hook freebsd_committer

2021-08-10 02:03:51 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=a5bd3edbfb4991f75ec5f2a5580e164f5e977fb4

commit a5bd3edbfb4991f75ec5f2a5580e164f5e977fb4
Author:     Dan Langille <dvl@FreeBSD.org>
AuthorDate: 2021-08-10 02:01:00 +0000
Commit:     Dan Langille <dvl@FreeBSD.org>
CommitDate: 2021-08-10 02:03:29 +0000

    security/base-audit: Add the ability to specify ignored jails

    security_status_baseaudit_jails_ignore is a space delimited list of jails
    to ignore.

    If non-empty, the code iterates over security_status_baseaudit_jails_ignore
    to avoid partial matches (i.e. ignore foo.bar, but not foo). If there is a
    better way to do that without looping, please let me know.

    Example use case: I have jails which purposely are older vulnerable versions
    for testing.

    PR:             257685
    Approved by:    000.fbsd@quip.cz (maintainer)

 security/base-audit/Makefile                              |  2 +-
 security/base-audit/files/405.pkg-base-audit.in (mode +x) | 14 ++++++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

Comment 6 Dan Langille freebsd_committer

2021-08-10 02:04:42 UTC

Committed, thank you. I know I will find this useful, and hope others do too.