[apparmor] [patch] fix "list index out of range" when allowing inet rules
Christian Boltz
apparmor at cboltz.de
Sun Oct 12 18:45:44 UTC 2014
Hello,
another (this time easy) bug found by Stallmanu:
When adding inet rules in aa-logprof, it crashes with
IndexError: list index out of range
The reason is that it doesn't display the options if only the raw rule
is available (aka "no abstraction").
This patch checks if options[] is set and otherwise sets selection to
the raw rule.
As an alternative, we could always display the options - even if only
one option is available. Opinions?
That said - there are two more bugs around network rules which I just
entered as bug reports:
- aa-logprof asks for already existing network rules (found by Stallmanu)
https://bugs.launchpad.net/apparmor/+bug/1380367
- abstractions/nameservice contains "network inet dgram", but logprof
doesn't offer it as an option.
https://bugs.launchpad.net/apparmor/+bug/1380368
=== modified file 'utils/apparmor/aa.py'
--- utils/apparmor/aa.py 2014-10-11 21:30:46 +0000
+++ utils/apparmor/aa.py 2014-10-12 18:27:35 +0000
@@ -1993,7 +1993,10 @@
q.headers += [_('Socket Type'), sock_type]
elif ans == 'CMD_ALLOW':
- selection = options[selected]
+ if options:
+ selection = options[selected]
+ else:
+ selection = 'network %s %s' % (family, sock_type)
done = True
if re_match_include(selection): # re.search('#include\s+<.+>$', selection):
inc = re_match_include(selection) # re.search('#include\s+<(.+)>$', selection).groups()[0]
Regards,
Christian Boltz
--
> Was ist das, "Nacht"?
Das ist der Zeitraum, in dem Du effektiv administrieren kannst. Weil
anscheinend die User alle total faul sind, und sich ausgeloggt haben.
[Wilfried Kramer]
More information about the AppArmor
mailing list