[apparmor] [PATCH] handle upstream AppArmor more gracefully
Kees Cook
kees at ubuntu.com
Wed Sep 15 02:00:13 BST 2010
When loading without the 2.4 compatibility patch, the parser needs the
following patch or it will explode when it can't find the "features" file.
Nominated for 2.5.1.
=== modified file 'parser/parser_main.c'
--- parser/parser_main.c 2010-09-14 19:45:34 +0000
+++ parser/parser_main.c 2010-09-15 00:57:04 +0000
@@ -934,6 +934,15 @@
get_match_string();
/* Get kernel features string */
get_flags_string(&flags_string, FLAGS_FILE);
+ /* Gracefully handle AppArmor kernel without compatibility patch */
+ if (!flags_string) {
+ PERROR("Cache read/write disabled: %s interface file missing. "
+ "(Kernel needs AppArmor 2.4 compatibility patch.)\n",
+ FLAGS_FILE);
+ write_cache = 0;
+ skip_read_cache = 1;
+ return;
+ }
/*
* Deal with cache directory versioning:
--
Kees Cook
Ubuntu Security Team
More information about the AppArmor
mailing list