[apparmor] [patch] Write unix rules when saving a profile

[Christian Boltz]

Hello,

Am Donnerstag, 17. Dezember 2015 schrieb Tyler Hicks:
> On 2015-12-05 13:09:25, Christian Boltz wrote:
> > Am Freitag, 4. Dezember 2015 schrieb Christian Boltz:
> > > r2637 added support for parsing unix rules, but forgot to add
> > > write
> > > support. The result was that a profile lost its unix rules when it
> > > was saved.
> > >
> > > This patch adds the write_unix_rules() and write_unix() functions
> > > (based on the write_pivot_root() and write_pivot_root_rules()
> > > functions) and makes sure they get called at the right place.
´> > >
> > > The cleanprof testcase gets an unix rule added to ensure it's not
> > > deleted when writing the profile. (Note that minitools_test.py is
> > > not
> > > part of the default "make check", however I always run it.)
> > >
> > > I propose this patch for trunk, 2.10 and 2.9, which all share this
> > > bug.
> > >
> > > References: https://bugs.launchpad.net/apparmor/+bug/1522938
> > >             https://bugzilla.opensuse.org/show_bug.cgi?id=954104

> This patch looks pretty good. Can you take a look at whether or not
> you need to update profile_storage() for 'unix' rules? I don't know
> the code well enough to say if it is needed or not.

The fact that the rules are written to the profile indicates that they 
get stored somewhere ;-)

Seriously: Yes, I checked this, and it doesn't need to be changed. 
parse_profile_data() ensures that there's a list() for unix rules when 
hitting the first unix rule in a profile.

Since we don't have logprof support for unix rules yet, 
parse_profile_data() is currently the only code that stores an unix rule 
in a profile.

> After making that determination, feel free to add
> 
>   Acked-by: Tyler Hicks <tyhicks at canonical.com>

Thanks!


Regards,

Christian Boltz
-- 
> Was haltet ihr von Lindows??
ABSTAND :-)
[> Glenn Charpantier und Axel Lindlau in suse-linux]