[apparmor] [PATCH 5/5] Revert to using permission hashing as part of dfa minimization.

Steve Beattie steve at nxnw.org
Mon Nov 29 20:05:07 GMT 2010


On Tue, Nov 23, 2010 at 01:18:55AM -0800, John Johansen wrote:
> This is a short term fix to deal with permission merging in dfa minimization
> not handling overlapping x permissions correctly.  Until this is fixed
> a profile with overlapping x permissions will have invalid x values which
> will either be rejected by the kernel or result in the wrong transition.
> 
> Signed-off-by: John Johansen <john.johansen at canonical.com>
Acked-By: Steve Beattie <sbeattie at ubuntu.com>

Do you have a reproducer example that we can use as a test case?

> ---
>  parser/parser_main.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/parser/parser_main.c b/parser/parser_main.c
> index f9b590a..15598eb 100644
> --- a/parser/parser_main.c
> +++ b/parser/parser_main.c
> @@ -69,7 +69,7 @@ int binary_input = 0;
>  int names_only = 0;
>  int dump_vars = 0;
>  int dump_expanded_vars = 0;
> -dfaflags_t dfaflags = DFA_CONTROL_TREE_NORMAL | DFA_CONTROL_TREE_SIMPLE | DFA_CONTROL_MINIMIZE | DFA_CONTROL_MINIMIZE_HASH_TRANS;
> +dfaflags_t dfaflags = DFA_CONTROL_TREE_NORMAL | DFA_CONTROL_TREE_SIMPLE | DFA_CONTROL_MINIMIZE | DFA_CONTROL_MINIMIZE_HASH_TRANS | DFA_CONTROL_MINIMIZE_HASH_PERMS;
>  int conf_verbose = 0;
>  int conf_quiet = 0;
>  int kernel_load = 1;
> -- 
> 1.7.1
> 
> 
> -- 
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/apparmor/attachments/20101129/31a80ee0/attachment.pgp 


More information about the AppArmor mailing list