[apparmor] [patch] fix "unknown capability: CAP_whatever" in aa-logprof
Christian Boltz
apparmor at cboltz.de
Thu Nov 13 20:00:35 UTC 2014
Hello,
when aa-logprof asks for a capability, you'll see something like
WARN: unknown capability: CAP_block_suspend
Profile: /bin/foo
Capability: block_suspend
Severity: unknown
The reason for the warning and "Severity: unknown" is that severity.db
contains the capability names in uppercase, but ask_the_question() calls
sev_db.rank with the capability in lowercase.
This patch converts the "CAP_$capability" string to uppercase before
doing the lookup.
=== modified file 'utils/apparmor/severity.py'
--- utils/apparmor/severity.py 2014-11-06 20:37:02 +0000
+++ utils/apparmor/severity.py 2014-11-13 19:55:45 +0000
@@ -77,8 +77,9 @@
def handle_capability(self, resource):
"""Returns the severity of for the capability resource, default value if no match"""
- if resource in self.severity['CAPABILITIES'].keys():
- return self.severity['CAPABILITIES'][resource]
+ cap = resource.upper()
+ if cap in self.severity['CAPABILITIES'].keys():
+ return self.severity['CAPABILITIES'][cap]
# raise ValueError("unexpected capability rank input: %s"%resource)
warn("unknown capability: %s" % resource)
return self.severity['DEFAULT_RANK']
Regards,
Christian Boltz
--
SUSE is a Linux based company with a very open/participative culture.
This is not the military.
[Agustin Benito Bethencourt in opensuse-factory]
More information about the AppArmor
mailing list