[apparmor] [patch 13/12] v3 unix socket rules
Seth Arnold
seth.arnold at canonical.com
Fri Aug 29 23:54:21 UTC 2014
On Fri, Aug 29, 2014 at 12:40:37PM -0700, John Johansen wrote:
> This changes/fixes the encoding for unix socket rules.
>
> the changes look larger than they are because it refactors the code, instead
> of duplicating.
>
> The major changes are:
> - it changes where the accept perm is stored
> - it moves anyone_match_pattern to default_match_pattern
> - it fixes the layout of the local addr only being written when local perms
> are present
I think there's an additional change here:
> === modified file 'parser/network.h'
> --- parser/network.h 2014-08-26 05:51:50 +0000
> +++ parser/network.h 2014-08-29 17:53:45 +0000
> @@ -70,8 +70,9 @@
> AA_NET_GETATTR | AA_NET_BIND | AA_NET_ACCEPT | \
> AA_NET_LISTEN | AA_NET_SETOPT | AA_NET_GETOPT)
> #define AA_NET_OPT (AA_NET_SETOPT | AA_NET_GETOPT)
> -#define AA_LOCAL_NET_CMD (AA_NET_ACCEPT | AA_NET_LISTEN | AA_NET_OPT)
> -#define AA_PEER_NET_PERMS (AA_VALID_NET_PERMS & ~AA_LOCAL_NET_PERMS)
> +#define AA_LOCAL_NET_CMD (AA_NET_LISTEN | AA_NET_OPT)
> +#define AA_PEER_NET_PERMS (AA_VALID_NET_PERMS & (~AA_LOCAL_NET_PERMS | \
> + AA_NET_ACCEPT))
>
AA_NET_ACCEPT was removed from AA_LOCAL_NET_CMD but the final line was
adjusted as if it were removed from AA_LOCAL_NET_PERMS.
I can't tell if this has any actual influence on anything...
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140829/d9d436a0/attachment.pgp>
More information about the AppArmor
mailing list