[apparmor] [Patch] fix parser to check for network flag when generating policy

John Johansen john.johansen at canonical.com
Sat Jun 30 07:26:48 UTC 2012


Fix the parser so it checks for the presence of the network feature in the
compatibility interface. Previously it was assuming that if the compatibility
interface was present that network rules where also present, this is not
necessarily true and causes apparmor to break when only the compatibility
patch is applied.

Signed-off-by: John Johansen <john.johansen at canonical.com>

=== modified file 'parser/parser_main.c'
--- parser/parser_main.c	2012-04-11 23:03:21 +0000
+++ parser/parser_main.c	2012-06-30 06:31:05 +0000
@@ -873,6 +873,11 @@
 //fprintf(stderr, "flags string: %s\n", flags_string);
 //fprintf(stderr, "changehat %d\n", flag_changehat_version);
 	}
+	if (strstr(flags_string, "network"))
+		kernel_supports_network = 1;
+	else
+		kernel_supports_network = 0;
+
 	return;
 
 fail:



More information about the AppArmor mailing list