[apparmor] [utils] [patch] Fix stack trace in aa-mergeprof

Kshitij Gupta kgupta8592 at gmail.com
Thu Sep 4 21:08:56 UTC 2014 

Hello,

On Fri, Sep 5, 2014 at 1:27 AM, Christian Boltz <apparmor at cboltz.de> wrote:
> Hello,
>
> Am Donnerstag, 4. September 2014 schrieb Kshitij Gupta:
>> An incorrect dictionary of netrules was being in the for condition
>> resulting in the following trace:
>>
>>   File
>> "/home/kshitij/workspace/apparmor-workspace/patch1/apparmor/utils/app
>> armor/cleanprofile.py", line 147, in delete_net_duplicates
>>     for sock_type in netrules_other['rule'][fam].keys():
>> RuntimeError: dictionary changed size during iteration
>>
>>
>> The following patch:
>> - the correct dictionary was being used
>>
>> === modified file 'utils/apparmor/cleanprofile.py'
>> --- utils/apparmor/cleanprofile.py    2014-02-12 23:54:00 +0000
>> +++ utils/apparmor/cleanprofile.py    2014-09-04 17:40:27 +0000
>> @@ -144,7 +144,7 @@
>>                          netrules_other['rule'].pop(fam)
>>                          deleted += 1
>>              else:
>> -                for sock_type in netrules_other['rule'][fam].keys():
>> +                for sock_type in copy_netrules_other['rule'][fam].keys():
>
> I'm afraid you are a bit late with this patch ;-)
>
> I fixed this yesterday, but in a different way:
>
> +               for sock_type in list(netrules_other['rule'][fam].keys()):
>
> This seems to work (any objections?) and avoids the need for
> copy_netrules_other.
>
> (If we also change the first usage of copy_netrules_other to list(),
> we can completely get rid of copy_netrules_other and avoid a
> copy.deepcopy call ;-)
>

Sorry I missed that patch. I've been having great troubles with net connection.

I did pull the latest version a few hours before sending this patch,
maybe I missed it.

Yes it seems like a good idea to be consistent.

But is list(netrules_other['rule'][fam].keys()) very intuitive/readable?
Its not instantly obvious that a new list object is being created
which is not affected by the pop operation being performed later on.

Either way a consistent style would be better.

Regards,
Kshitij Gupta


>
> Regards,
>
> Christian Boltz
> --
> Ein großer Teil Deines Freundeskreises arbeitet wahrscheinlich
> im IT-Bereich. Nicht verwunderlich, dass eine Hotline als
> Problemlösungsansatz sofort verworfen wird... [Guido auf
> http://blog.koehntopp.de/archives/3095-Booking-geht-ran.html#c27967]
>
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor

More information about the AppArmor mailing list