[apparmor] [patch] fix hasher usage for interpreter path in handle_children
Christian Boltz
apparmor at cboltz.de
Wed Nov 26 20:33:53 UTC 2014
Hello,
this patch fixes the usage of the aa hasher in aa.py handle_children() -
for interpreters, it used
aa[profile][hat]['path'][interpreter_path]['mode']
instead of
aa[profile][hat]['allow']['path'][interpreter_path]['mode']
The ['allow'] part was missing.
Note that the interpreter is already added in create_new_profile, which
explains why even the buggy code included the interpreter in the profile.
(That could also mean that we don't need the interpreter stuff in
handle_children(), but that's another question that needs to be checked
carefully. And that means "not part of this patch" ;-)
=== modified file 'utils/apparmor/aa.py'
--- utils/apparmor/aa.py 2014-11-26 19:25:07 +0000
+++ utils/apparmor/aa.py 2014-11-26 19:57:04 +0000
@@ -1371,9 +1373,9 @@
interpreter_path = get_full_path(interpreter)
interpreter = re.sub('^(/usr)?/bin/', '', interpreter_path)
- aa[profile][hat]['path'][interpreter_path]['mode'] = aa[profile][hat]['path'][interpreter_path].get('mode', str_to_mode('ix')) | str_to_mode('ix')
+ aa[profile][hat]['allow']['path'][interpreter_path]['mode'] = aa[profile][hat]['allow']['path'][interpreter_path].get('mode', str_to_mode('ix')) | str_to_mode('ix')
- aa[profile][hat]['path'][interpreter_path]['audit'] = aa[profile][hat]['path'][interpreter_path].get('audit', set())
+ aa[profile][hat]['allow']['path'][interpreter_path]['audit'] = aa[profile][hat]['allow']['path'][interpreter_path].get('audit', set())
if interpreter == 'perl':
aa[profile][hat]['include']['abstractions/perl'] = True
Regards,
Christian Boltz
--
> $ rpm -q --queryformat "%{name}-%{version} %{buildtime:date}" mod_php
> mod_php-3.0.11 Fri 23 Jul 1999 03:25:43 PM CEST
> -dn'*SCNR*'h
Jaja.
| grep "root" /etc/aliases
kaiser_willem:root
[> David Haller und Ratti in suse-linux]
More information about the AppArmor
mailing list