[apparmor] [patch 01/11] mod_apparmor: fix logging [v3]
Steve Beattie
steve at nxnw.org
Thu Jan 23 22:40:13 UTC 2014
On Thu, Jan 23, 2014 at 02:19:55PM -0800, John Johansen wrote:
> On 01/23/2014 01:59 PM, Christian Boltz wrote:
> > Nevertheless, I'll probably take the risk and test 2.8 with the latest
> > mod_apparmor.c as soon as you commit your patches to trunk. (I want one
> > big patch, not copy&paste from 11 mails all changing the same file ;-)
> >
> > BTW: will the updated mod_apparmor also need 2.8 r2111? ("libapparmor:
> > fix aa_change_hat token format string")
> >
> only if you include the change_hatv patch. The bug comes about because
> change_hat and change_hatv are using different format strings. The
> change_hatv format is correct but despite this the change_hat one seems
> to be consistent, so it should hopefully (is implementation dependent,
> but years of use haven't seem to trip a bug) just work when only
> change_hat is used.
>
> The patch mixes use of change_hat and change_hatv, where change_hatv
> is used to enter and change_hat to exit. In this case the kernel sees
> different tokens because of how the userspace is formating them.
Actually, the version of change_hatv patch I committed included the
suggestion from you, John, to make both the entry and exit calls
be change_hatv(), so no, even if you include trunk rev 2337 (the
change_hatv patch), mod_apparmor should still work with a libapparmor
without the format string fix incorporated.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140123/e7930547/attachment.pgp>
More information about the AppArmor
mailing list