[apparmor] [PATCH] parser: Honor the --namespace-string commandline option

Tyler Hicks tyhicks at canonical.com
Mon Dec 14 23:21:40 UTC 2015 

https://launchpad.net/bugs/1526085

Revno 2934 'Add fns to handle profile removal to the kernel interface'
introduced a regression in the parser's namespace support by causing the
--namespace-string option to be ignored. This resulted in the profile(s)
being loaded into the global namespace rather than the namespace
specified on the command line.

This patch fixes the bug by setting the Profile object's ns member, if
the --namespace-string option was specified, immediately after the
Profile object is allocated.

Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
---

Nominated for 2.10 and trunk.

Tyler

 parser/parser_yacc.y | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/parser/parser_yacc.y b/parser/parser_yacc.y
index d17eab9..2a48367 100644
--- a/parser/parser_yacc.y
+++ b/parser/parser_yacc.y
@@ -318,6 +318,13 @@ profile_base: TOK_ID opt_id_or_var flags TOK_OPEN rules TOK_CLOSE
 			yyerror(_("Memory allocation error."));
 		}
 
+		/* Honor the --namespace-string command line option */
+		if (profile_ns) {
+			prof->ns = strdup(profile_ns);
+			if (!prof->ns)
+				yyerror(_("Memory allocation error."));
+		}
+
 		prof->name = $1;
 		prof->attachment = $2;
 		if ($2 && !($2[0] == '/' || strncmp($2, "@{", 2) == 0))
@@ -351,12 +358,17 @@ profile:  opt_profile_flag opt_ns profile_base
 		if ($3->name[0] != '/' && !($1 || $2))
 			yyerror(_("Profile names must begin with a '/', namespace or keyword 'profile' or 'hat'."));
 
-		if ($2 && profile_ns) {
-			pwarn("%s: -n %s overriding policy specified namespace :%s:\n", progname, profile_ns, $2);
+		if (prof->ns) {
+			/**
+			 * Print warning if the profile specified a namespace
+			 * different than the one specified with the
+			 * --namespace-string commandline option
+			 */
+			if ($2 && strcmp(prof->ns, $2)) {
+				pwarn("%s: -n %s overriding policy specified namespace :%s:\n",
+				      progname, prof->ns, $2);
+			}
 			free($2);
-			prof->ns = strdup(profile_ns);
-			if (!prof->ns)
-				yyerror(_("Memory allocation error."));
 		} else
 			prof->ns = $2;
 		if ($1 == 2)
-- 
2.5.0

More information about the AppArmor mailing list