[apparmor] [patch 01/21] Convert mount and dbus to be subclasses of a generic rule class

Steve Beattie steve at nxnw.org
Mon Mar 24 22:31:38 UTC 2014


On Mon, Mar 17, 2014 at 04:29:11PM -0700, john.johansen at canonical.com wrote:
> This will simplify add new features as most of the code can reside in
> its own class. There are still things to improve but its a start.
> Signed-off-by: John Johansen <john.johansen at canonical.com>

I've not reviewed this patch much at all, but after applying it,
valgrind is offering complaints like the following when dealing with
profiles with mount rules:

  ==27919== Conditional jump or move depends on uninitialised value(s)
  ==27919==    at 0x805CDC1: mnt_rule::mnt_rule(cond_entry*, char*, cond_entry*, char*, int) (mount.c:436)
  ==27919==    by 0x805674E: do_mnt_rule(cond_entry*, char*, cond_entry*, char*, int) (parser_yacc.y:1389)
  ==27919==    by 0x8057937: yyparse() (parser_yacc.y:1133)
  ==27919==    by 0x8053916: process_profile(int, char const*) (parser_main.c:1003)
  ==27919==    by 0x804B20E: main (parser_main.c:1340)

I believe something like the following patch is needed:

Index: apparmor/parser/mount.h
--- apparmor.orig/parser/mount.h	2014-03-24 15:11:26.219699746 -0700
+++ apparmor/parser/mount.h	2014-03-24 15:15:07.539707688 -0700
@@ -121,7 +121,7 @@
 	struct value_list *dev_type;
 	struct value_list *opts;
-	unsigned int flags, inv_flags;
+	unsigned int flags = 0, inv_flags = 0;
 	int allow, audit;
 	int deny;

This *may* be the source of bugs like
https://bugs.launchpad.net/bugs/1295774 which people are having
problems reproducing.

Steve Beattie
<sbeattie at ubuntu.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140324/f4bed321/attachment-0001.pgp>

More information about the AppArmor mailing list