[apparmor] [patch 15/12] v3 unix socket rules
John Johansen
john.johansen at canonical.com
Sun Aug 31 02:19:07 UTC 2014
fix output of listen and setopts commands
The listen and setopts commands have broken encodings because the
tmp stream they use to handle diverging from the other commands
has does not set its write position to to the end of the copied data.
Instead the write head is set to the beginning so that when the
new data for the command is written it overwrites the begging of
the command instead of appending to it.
Signed-off-by: John Johansen <john.johansen at canonical.com>
---
=== modified file 'parser/af_unix.cc'
--- parser/af_unix.cc 2014-08-30 05:32:14 +0000
+++ parser/af_unix.cc 2014-08-31 02:09:00 +0000
@@ -316,7 +312,7 @@
*/
int unix_rule::gen_policy_re(Profile &prof)
{
- std::ostringstream buffer, tmp;
+ std::ostringstream buffer;
std::string buf;
int mask = mode;
@@ -371,7 +367,8 @@
}
if (mask & AA_NET_LISTEN) {
- tmp.str(buffer.str());
+ std::ostringstream tmp(buffer.str());
+ tmp.seekp(0, ios_base::end);
tmp << "\\x" << std::setfill('0') << std::setw(2) << std::hex << CMD_LISTEN;
/* TODO: backlog conditional: for now match anything*/
tmp << "..";
@@ -383,7 +380,8 @@
goto fail;
}
if (mask & AA_NET_OPT) {
- tmp.str(buffer.str());
+ std::ostringstream tmp(buffer.str());
+ tmp.seekp(0, ios_base::end);
tmp << "\\x" << std::setfill('0') << std::setw(2) << std::hex << CMD_OPT;
/* TODO: sockopt conditional: for now match anything */
tmp << "..";
More information about the AppArmor
mailing list