[apparmor] [patch] Fix writing network rules
Seth Arnold
seth.arnold at canonical.com
Wed Apr 8 22:17:31 UTC 2015
On Wed, Apr 08, 2015 at 10:38:03PM +0200, Christian Boltz wrote:
> Hello,
>
> sometimes fixing a bug is easy ;-)
>
> write_net_rules() creates invalid rules for network rules with one
> parameter (for example "network bluetooth").
> Add a trailing comma to create valid rules.
>
> This is another bug uncovered by playing with the LibreOffice profile
> ("why does the profile have invalid syntax after an aa-logprof run?!")
>
> I propose this patch for trunk and 2.9
>
>
> [ 34-fix-writing-network-rules.diff ]
>
> === modified file utils/apparmor/aa.py
> --- utils/apparmor/aa.py 2015-04-08 00:09:02.931423160 +0200
> +++ utils/apparmor/aa.py 2015-04-08 22:24:23.556993393 +0200
> @@ -3401,7 +3402,7 @@
> if prof_data[allow]['netdomain']['rule'][fam] is True:
> if prof_data[allow]['netdomain']['audit'][fam]:
> audit = 'audit'
> - data.append('%s%s%snetwork %s' % (pre, audit, allowstr, fam))
> + data.append('%s%s%snetwork %s,' % (pre, audit, allowstr, fam))
> else:
> for typ in sorted(prof_data[allow]['netdomain']['rule'][fam].keys()):
> if prof_data[allow]['netdomain']['audit'][fam].get(typ, False):
This patch looks good but I wonder what happens if the 'audit' bit is
triggered above; would this then emit rules like:
auditnetwork bluetooth,
?
Anyway,
Acked-by: Seth Arnold <seth.arnold at canonical.com>
for both trunk and 2.9.
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150408/3b2331a6/attachment.pgp>
More information about the AppArmor
mailing list