[apparmor] [PATCH 2/6] parser: Fail compilation if unknown mount options are found
Tyler Hicks
tyhicks at canonical.com
Fri Dec 12 00:49:51 UTC 2014
The parser should not indicate success when mount rules contain
unknown mount options:
$ echo "/t { mount options=(XXX) -> **, }" | apparmor_parser -qQ
$ echo $?
0
This patch modifies the parser so that it prints an error message and
exits with 1:
$ echo "/t { mount options=(XXX) -> **, }" | apparmor_parser -qQ
unsupported mount options
$ echo $?
1
Bug: https://bugs.launchpad.net/bugs/1401621
Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
---
parser/mount.cc | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/parser/mount.cc b/parser/mount.cc
index a3ab5d3..b2a408a 100644
--- a/parser/mount.cc
+++ b/parser/mount.cc
@@ -443,6 +443,10 @@ mnt_rule::mnt_rule(struct cond_entry *src_conds, char *device_p,
PERROR(" unsupported mount conditions\n");
exit(1);
}
+ if (opts) {
+ PERROR(" unsupported mount options\n");
+ exit(1);
+ }
}
ostream &mnt_rule::dump(ostream &os)
--
2.1.0
More information about the AppArmor
mailing list