[apparmor] [patch] fix aa-logprof rewrite of PUx modes.

Steve Beattie steve at nxnw.org
Tue Apr 24 17:58:37 UTC 2012


On Tue, Apr 24, 2012 at 09:38:12AM -0700, John Johansen wrote:
> On 04/24/2012 09:02 AM, Steve Beattie wrote:
> > Subject: fix aa-logprof rewrite of PUx modes.
> > 
> > When writing out a profile, aa-logprof incorrectly converts PUx execute
> > permission modes to the syntactically invalid UPx mode, because the
> > function that converts the internal representation of permissions to
> > a string emits the U(nconfined) mode bit before the P bit.
> > 
> > This patch corrects this by reordering the way the exec permissions
> > are emitted, so that P and C modes come before U and i. Based on
> > http://wiki.apparmor.net/index.php/AppArmor_Core_Policy_Reference#Execute_rules
> > this should emit the modes correctly in all combined exec modes.
> > Other approaches to fixing this would require adjusting the data
> > structure that contains the permission modes, resulting in a more
> > invasive patch.
> > 
> > Bug: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/982619
> > 
> it looks good
> 
> Acked-by: John Johansen <john.johansen at canonical.com>

Thanks. This should probably go into 2.7 as well. Okay to do so?

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20120424/b82ae6a7/attachment.pgp>


More information about the AppArmor mailing list