[apparmor] [PATCH 18/43] apparmor: provide base for multiple profiles to be replaced at once

Seth Arnold seth.arnold at canonical.com
Wed Feb 13 02:14:14 UTC 2013


On Fri, Feb 08, 2013 at 01:00:54PM -0800, John Johansen wrote:
>  /**
> + * __lookup_replace - lookup replacement information for a profile
> + * @ns - namespace the lookup occurs in
> + * @new - profile to lookup who it is replacing
> + * @noreplace - true if not replacing an existing profile
> + * @old - Returns: pointer to profile to replace (NO REFCOUNT)
> + * @rename - Returns: pointer to profile to rename (NO REFCOUNT)

old and rename do appear to be refcounted:

> ...
> +	if (r_old)
> +		*r_old = aa_get_profile(old);
> +	if (r_rename)
> +		*r_rename = aa_get_profile(rename);




> @@ -622,29 +623,40 @@ fail:
>  /**
>   * verify_head - unpack serialized stream header
>   * @e: serialized data read head (NOT NULL)
> + * @required: whether the header is required or optional
>   * @ns: Returns - namespace if one is specified else NULL (NOT NULL)
>   *
>   * Returns: error or 0 if header is good
>   */
> -static int verify_header(struct aa_ext *e, const char **ns)
> +static int verify_header(struct aa_ext *e, int required, const char **ns)
>  {
>  	int error = -EPROTONOSUPPORT;
> +	const char *name = NULL;
> +	*ns = NULL;
> +
>  	/* get the interface version */
>  	if (!unpack_u32(e, &e->version, "version")) {
> -		audit_iface(NULL, NULL, "invalid profile format", e, error);
> -		return error;
> -	}
> +		if (required) {
> +			audit_iface(NULL, NULL, "invalid profile format", e, error);
> +			return error;
> +		}

I know the message hasn't changed, but it feels like it could be more
specific about an expected version packet that was not found -- it might
make future debugging easier to have a more specific message.

Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130212/8d67e49c/attachment.pgp>


More information about the AppArmor mailing list