[apparmor] Rev 1497: Effectively revert revno 1471, and fix the misdetected error condition

Steve Beattie steve at nxnw.org
Wed Sep 15 08:31:44 BST 2010 

On Tue, Sep 14, 2010 at 07:40:48PM -0000, noreply at launchpad.net wrote:
> ------------------------------------------------------------
> revno: 1497
> committer: Kees Cook <kees.cook at canonical.com>
> branch nick: master
> timestamp: Tue 2010-09-14 12:38:38 -0700
> message:
>   Effectively revert revno 1471, and fix the misdetected error condition
>   so that caching will work again without needing kernel_load.
> modified:
>   parser/parser_interface.c
>   parser/parser_main.c

There are four different issues with merging this commit to the
2.5 branch:

> === modified file 'parser/parser_interface.c'
> --- parser/parser_interface.c	2010-08-26 17:37:46 +0000
> +++ parser/parser_interface.c	2010-09-14 19:38:38 +0000
> @@ -550,7 +550,6 @@
>  int sd_serialize_profile(sd_serialize *p, struct codomain *profile,
>  			 int flattened)
>  {
> -	struct cod_entry *entry;
>  	uint64_t allowed_caps;
>  
>  	if (!sd_write_struct(p, "profile"))

(1) The code re-org that happened that makes this declaration no longer
    needed in sd_serialize_profile() hasn't happened on the 2.5 branch.
    NACK.

> @@ -749,13 +748,9 @@
>  		break;
>  	}
>  
> -	if (fd < 0) {
> -		if (kernel_load)
> -			PERROR(_("Unable to open %s - %s\n"), filename,
> -			       strerror(errno));
> -		else
> -			PERROR(_("Unable to open output file - %s\n"),
> -			       strerror(errno));

(2) Commit 1471 didn't get merged to 2.5, so the split out of the
    (fd < 0) and (kernel_load) into different 'if' statements didn't
    happen. So that part is a NOP.

> +	if (fd < 0 && (kernel_load || option == OPTION_OFILE || option == OPTION_STDOUT)) {

(3) The trunk rev 1420 "Add the -o flag to allow specifying the
    output file" also (conservatively) didn't get merged into 2.5, so
    OPTION_OFILE doesn't exist.

> +		PERROR(_("Unable to open %s - %s\n"), filename,
> +		       strerror(errno));

Again, due to (2), the + PERROR statement is a NOP.

>  		error = -errno;
>  		goto exit;

> === modified file 'parser/parser_main.c'
> --- parser/parser_main.c	2010-09-14 19:37:59 +0000
> +++ parser/parser_main.c	2010-09-14 19:38:38 +0000
> @@ -895,8 +895,7 @@
>  		goto out;
>  	}
>  
> -	if (kernel_load || option == OPTION_STDOUT || option == OPTION_OFILE)
> -		retval = load_policy(option);
> +	retval = load_policy(option);

(4) This is also a reversion of the unapplied-on-2.5 trunk commit 1471;
    NACK.

Thus, I think the relevant bit of this commit that can be merged into
the 2.5 branch is the following:

=== modified file 'parser/parser_interface.c'
--- parser/parser_interface.c	2010-08-26 18:24:41 +0000
+++ parser/parser_interface.c	2010-09-15 07:15:59 +0000
@@ -844,7 +844,7 @@
 		break;
 	}
 
-	if (kernel_load && fd < 0) {
+	if (fd < 0 && (kernel_load || option == OPTION_STDOUT)) {
 		PERROR(_("Unable to open %s - %s\n"), filename,
 		       strerror(errno));
 		error = -errno;

Okay to commit to 2.5?

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/apparmor/attachments/20100915/79c31730/attachment.pgp

More information about the AppArmor mailing list