[apparmor] [Patch] [Bug 731184] Re: apparmor_parser fails to consider its own time stamp when determining if profile cache is stale
steve at nxnw.org
Tue Mar 8 22:48:59 UTC 2011
On Tue, Mar 08, 2011 at 02:13:33PM -0800, John Johansen wrote:
> On 03/08/2011 11:26 AM, Kees Cook wrote:
> > On Tue, Mar 08, 2011 at 10:50:58AM -0800, John Johansen wrote:
> >> + cmd = fopen(progname, "r");
> > Unfortunately, this won't work since "progname" may be relative to a
> > PATH directory.
> > $ /sbin/apparmor_parser -h | grep Usage
> > Usage: /sbin/apparmor_parser [options] [profile]
> > $ apparmor_parser -h | grep Usage
> > Usage: apparmor_parser [options] [profile]
> > I would suggest fully canonicalizing either progname or this fopen target
> > using readlink(/proc/self/exe).
> > I would learn toward the former, actually, so that invocation method
> > doesn't change the Usage output, etc.
> hrmm, I actually lean towards the latter, mostly because the usage message
> matches how the parser was invoked.
> Also if going with the latter we can just directly open /proc/self/exe
I think this approach is okay; I'm guessing situations where /proc is
either not mounted or in a non-standard location may have similar issues
around sysfs. And even if that's the case, we'd not be any worse off
than the current situtation.
Kees: is there a specific objection you have to this approach?
<sbeattie at ubuntu.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: Digital signature
More information about the AppArmor