diff options
| author | Michael Vogt <mvo@ubuntu.com> | 2023-02-16 17:47:43 +0100 |
|---|---|---|
| committer | Michael Vogt <mvo@ubuntu.com> | 2023-02-16 17:47:43 +0100 |
| commit | 58997a5c9885438837ab0a07493fab4cc2e2a3f5 (patch) | |
| tree | 715b3bfdbf0789b6f6934c4ed40a79492f44c3de | |
| parent | 699498127223216a0c344b3fbb30583b84929998 (diff) | |
interfaces: improve the error message when functionfs is usedallow-diagsfs
| -rw-r--r-- | interfaces/builtin/mount_control.go | 5 | ||||
| -rw-r--r-- | interfaces/builtin/mount_control_test.go | 2 |
2 files changed, 5 insertions, 2 deletions
diff --git a/interfaces/builtin/mount_control.go b/interfaces/builtin/mount_control.go index bfef9363ab..43c8d247a3 100644 --- a/interfaces/builtin/mount_control.go +++ b/interfaces/builtin/mount_control.go @@ -278,7 +278,10 @@ func validateWhatAttr(mountInfo *MountInfo) error { // with "functionfs" the "what" can essentially be anything, see // https://www.kernel.org/doc/html/latest/usb/functionfs.html if len(mountInfo.types) == 1 && mountInfo.types[0] == "functionfs" { - return apparmor_sandbox.ValidateNoAppArmorRegexp(what) + if err := apparmor_sandbox.ValidateNoAppArmorRegexp(what); err != nil { + return fmt.Errorf(`cannot use mount-control "what" attribute: %w`, err) + } + return nil } if !whatRegexp.MatchString(what) { diff --git a/interfaces/builtin/mount_control_test.go b/interfaces/builtin/mount_control_test.go index 447711c71e..42312ecc1f 100644 --- a/interfaces/builtin/mount_control_test.go +++ b/interfaces/builtin/mount_control_test.go @@ -262,7 +262,7 @@ func (s *MountControlInterfaceSuite) TestSanitizePlugUnhappy(c *C) { }, { "mount:\n - what: a?\n where: /dev/ffs-diag\n type: [functionfs]\n options: [rw]", - `"a\?" contains a reserved apparmor char from.*`, + `cannot use mount-control "what" attribute: "a\?" contains a reserved apparmor char from.*`, }, } |