[apparmor] [PATCH 5/5] Revert to using permission hashing as part of dfa minimization.
Steve Beattie
steve at nxnw.org
Mon Nov 29 20:05:07 GMT 2010
On Tue, Nov 23, 2010 at 01:18:55AM -0800, John Johansen wrote:
> This is a short term fix to deal with permission merging in dfa minimization
> not handling overlapping x permissions correctly. Until this is fixed
> a profile with overlapping x permissions will have invalid x values which
> will either be rejected by the kernel or result in the wrong transition.
>
> Signed-off-by: John Johansen <john.johansen at canonical.com>
Acked-By: Steve Beattie <sbeattie at ubuntu.com>
Do you have a reproducer example that we can use as a test case?
> ---
> parser/parser_main.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/parser/parser_main.c b/parser/parser_main.c
> index f9b590a..15598eb 100644
> --- a/parser/parser_main.c
> +++ b/parser/parser_main.c
> @@ -69,7 +69,7 @@ int binary_input = 0;
> int names_only = 0;
> int dump_vars = 0;
> int dump_expanded_vars = 0;
> -dfaflags_t dfaflags = DFA_CONTROL_TREE_NORMAL | DFA_CONTROL_TREE_SIMPLE | DFA_CONTROL_MINIMIZE | DFA_CONTROL_MINIMIZE_HASH_TRANS;
> +dfaflags_t dfaflags = DFA_CONTROL_TREE_NORMAL | DFA_CONTROL_TREE_SIMPLE | DFA_CONTROL_MINIMIZE | DFA_CONTROL_MINIMIZE_HASH_TRANS | DFA_CONTROL_MINIMIZE_HASH_PERMS;
> int conf_verbose = 0;
> int conf_quiet = 0;
> int kernel_load = 1;
> --
> 1.7.1
>
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/apparmor/attachments/20101129/31a80ee0/attachment.pgp
More information about the AppArmor
mailing list