[apparmor] [patch 13/12] v3 unix socket rules
John Johansen
john.johansen at canonical.com
Sat Aug 30 04:05:26 UTC 2014
On 08/29/2014 04:54 PM, Seth Arnold wrote:
> On Fri, Aug 29, 2014 at 12:40:37PM -0700, John Johansen wrote:
>> This changes/fixes the encoding for unix socket rules.
>>
>> the changes look larger than they are because it refactors the code, instead
>> of duplicating.
>>
>> The major changes are:
>> - it changes where the accept perm is stored
>> - it moves anyone_match_pattern to default_match_pattern
>> - it fixes the layout of the local addr only being written when local perms
>> are present
>
> I think there's an additional change here:
>
>> === modified file 'parser/network.h'
>> --- parser/network.h 2014-08-26 05:51:50 +0000
>> +++ parser/network.h 2014-08-29 17:53:45 +0000
>> @@ -70,8 +70,9 @@
>> AA_NET_GETATTR | AA_NET_BIND | AA_NET_ACCEPT | \
>> AA_NET_LISTEN | AA_NET_SETOPT | AA_NET_GETOPT)
>> #define AA_NET_OPT (AA_NET_SETOPT | AA_NET_GETOPT)
>> -#define AA_LOCAL_NET_CMD (AA_NET_ACCEPT | AA_NET_LISTEN | AA_NET_OPT)
>> -#define AA_PEER_NET_PERMS (AA_VALID_NET_PERMS & ~AA_LOCAL_NET_PERMS)
>> +#define AA_LOCAL_NET_CMD (AA_NET_LISTEN | AA_NET_OPT)
>> +#define AA_PEER_NET_PERMS (AA_VALID_NET_PERMS & (~AA_LOCAL_NET_PERMS | \
>> + AA_NET_ACCEPT))
>>
>
> AA_NET_ACCEPT was removed from AA_LOCAL_NET_CMD but the final line was
> adjusted as if it were removed from AA_LOCAL_NET_PERMS.
>
> I can't tell if this has any actual influence on anything...
>
okay, yes my description of the accept perm change wasn't enough, though
I did mean for it to cover this
More information about the AppArmor
mailing list