[apparmor] [patch] fix aa-logprof rewrite of PUx modes.

John Johansen john.johansen at canonical.com
Tue Apr 24 18:24:17 UTC 2012

On 04/24/2012 10:58 AM, Steve Beattie wrote:
> On Tue, Apr 24, 2012 at 09:38:12AM -0700, John Johansen wrote:
>> On 04/24/2012 09:02 AM, Steve Beattie wrote:
>>> Subject: fix aa-logprof rewrite of PUx modes.
>>> When writing out a profile, aa-logprof incorrectly converts PUx execute
>>> permission modes to the syntactically invalid UPx mode, because the
>>> function that converts the internal representation of permissions to
>>> a string emits the U(nconfined) mode bit before the P bit.
>>> This patch corrects this by reordering the way the exec permissions
>>> are emitted, so that P and C modes come before U and i. Based on
>>> http://wiki.apparmor.net/index.php/AppArmor_Core_Policy_Reference#Execute_rules
>>> this should emit the modes correctly in all combined exec modes.
>>> Other approaches to fixing this would require adjusting the data
>>> structure that contains the permission modes, resulting in a more
>>> invasive patch.
>>> Bug: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/982619
>> it looks good
>> Acked-by: John Johansen <john.johansen at canonical.com>
> Thanks. This should probably go into 2.7 as well. Okay to do so?
yes please

More information about the AppArmor mailing list