[apparmor] [patch] fix aa-logprof rewrite of PUx modes.

John Johansen john.johansen at canonical.com
Tue Apr 24 18:24:17 UTC 2012


On 04/24/2012 10:58 AM, Steve Beattie wrote:
> On Tue, Apr 24, 2012 at 09:38:12AM -0700, John Johansen wrote:
>> On 04/24/2012 09:02 AM, Steve Beattie wrote:
>>> Subject: fix aa-logprof rewrite of PUx modes.
>>>
>>> When writing out a profile, aa-logprof incorrectly converts PUx execute
>>> permission modes to the syntactically invalid UPx mode, because the
>>> function that converts the internal representation of permissions to
>>> a string emits the U(nconfined) mode bit before the P bit.
>>>
>>> This patch corrects this by reordering the way the exec permissions
>>> are emitted, so that P and C modes come before U and i. Based on
>>> http://wiki.apparmor.net/index.php/AppArmor_Core_Policy_Reference#Execute_rules
>>> this should emit the modes correctly in all combined exec modes.
>>> Other approaches to fixing this would require adjusting the data
>>> structure that contains the permission modes, resulting in a more
>>> invasive patch.
>>>
>>> Bug: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/982619
>>>
>> it looks good
>>
>> Acked-by: John Johansen <john.johansen at canonical.com>
> 
> Thanks. This should probably go into 2.7 as well. Okay to do so?
> 
yes please



More information about the AppArmor mailing list