[apparmor] [PATCH] handle upstream AppArmor more gracefully
Steve Beattie
steve at nxnw.org
Thu Sep 16 18:10:40 BST 2010
On Tue, Sep 14, 2010 at 06:00:13PM -0700, Kees Cook wrote:
> When loading without the 2.4 compatibility patch, the parser needs the
> following patch or it will explode when it can't find the "features" file.
>
> Nominated for 2.5.1.
>
>
> === modified file 'parser/parser_main.c'
> --- parser/parser_main.c 2010-09-14 19:45:34 +0000
> +++ parser/parser_main.c 2010-09-15 00:57:04 +0000
> @@ -934,6 +934,15 @@
> get_match_string();
> /* Get kernel features string */
> get_flags_string(&flags_string, FLAGS_FILE);
> + /* Gracefully handle AppArmor kernel without compatibility patch */
> + if (!flags_string) {
> + PERROR("Cache read/write disabled: %s interface file missing. "
> + "(Kernel needs AppArmor 2.4 compatibility patch.)\n",
> + FLAGS_FILE);
> + write_cache = 0;
> + skip_read_cache = 1;
> + return;
> + }
>
> /*
> * Deal with cache directory versioning:
ACK for both, though all the flags handling code could stand improvement;
why does get_flags_string() not return whether it succeeded or not?
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/apparmor/attachments/20100916/164ff150/attachment.pgp
More information about the AppArmor
mailing list