[apparmor] [PATCH 2/3] Fix protocol error when loading policy to kernels without compat patches
Steve Beattie
steve at nxnw.org
Wed Apr 11 22:35:54 UTC 2012
On Wed, Apr 11, 2012 at 01:53:41PM -0700, John Johansen wrote:
> http://bugs.launchpad.net/bugs/968956
>
> The parser is incorrectly generating network rules for kernels that can
> not support them. This occurs on kernels with the new features directory
> but not the compatibility patches applied.
>
> Signed-off-by: John Johansen <john.johansen at canonical.com>
Acked-By: Steve Beattie <sbeattie at ubuntu.com> though another way to
address this would be to adjust where kernel_supports_network gets set
initially to 0. (It's the reason a corresponding fix isn't needed for
kernel_supports_mount.)
> ---
> parser/parser_main.c | 2 ++
> 1 files changed, 2 insertions(+), 0 deletions(-)
>
> diff --git a/parser/parser_main.c b/parser/parser_main.c
> index fcb8554..f57cfb1 100644
> --- a/parser/parser_main.c
> +++ b/parser/parser_main.c
> @@ -801,6 +801,8 @@ static void get_match_string(void) {
> handle_features_dir(FLAGS_FILE, &flags_string, FLAGS_STRING_SIZE, flags_string);
> if (strstr(flags_string, "network"))
> kernel_supports_network = 1;
> + else
> + kernel_supports_network = 0;
> if (strstr(flags_string, "mount"))
> kernel_supports_mount = 1;
> return;
> --
> 1.7.9.1
>
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20120411/3b3882a7/attachment.pgp>
More information about the AppArmor
mailing list