[apparmor] [patch 06/12] parser: Add support for unix domain socket rules.
Steve Beattie
steve at nxnw.org
Thu Aug 21 22:01:54 UTC 2014
On Wed, Aug 20, 2014 at 12:58:41AM -0700, Steve Beattie wrote:
> On Fri, Aug 15, 2014 at 12:20:41PM -0700, john.johansen at canonical.com wrote:
> I'm slowly working my way through this. A couple of code comments follow:
This is the patch I'm testing on top of patch 6 locally to address these
Signed-off-by: Steve Beattie <steve at nxnw.org>
---
parser/af_rule.cc | 2 +-
parser/af_unix.cc | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
Index: b/parser/af_rule.cc
===================================================================
--- a/parser/af_rule.cc
+++ b/parser/af_rule.cc
@@ -80,7 +80,7 @@ int af_rule::move_base_cond(struct cond_
} else if (strcmp(ent->name, "protocol") == 0) {
yyerror("socket rule: 'protocol' conditional is not currently supported\n");
} else if (strcmp(ent->name, "label") == 0) {
- if (peer)
+ if (!peer)
move_conditional_value("unix", &label, ent);
else
move_conditional_value("unix", &peer_label, ent);
Index: b/parser/af_unix.cc
===================================================================
--- a/parser/af_unix.cc
+++ b/parser/af_unix.cc
@@ -350,7 +350,7 @@ int unix_rule::gen_policy_re(Profile &pr
/* peer addr */
if (peer_path) {
- if (strcmp(path, "none") == 0) {
+ if (strcmp(peer_path, "none") == 0) {
buffer << "\\x01";
} else {
/* skip leading @ */
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140821/50569a24/attachment.pgp>
More information about the AppArmor
mailing list