[apparmor] [patch] Fix wrong usage of write_prof_data in serialize_profile_from_old_profile()
Christian Boltz
apparmor at cboltz.de
Sat Dec 26 15:37:57 UTC 2015
Hello,
write_prof_data[hat] is correct (it only contains one profile, see also
bug 1528139), write_prof_data[profile][hat] is not and returns an empty
(sub)hasher.
This affects RE_PROFILE_START and RE_PROFILE_BARE_FILE_ENTRY.
I propose this patch for trunk, 2.10 and 2.9.
[ 46-serialize_profile_from_old_profile-fix-wrong-access-to-write_prof_data.diff ]
=== modified file ./utils/apparmor/aa.py
--- utils/apparmor/aa.py 2015-12-06 19:36:00.818745321 +0100
+++ utils/apparmor/aa.py 2015-12-08 18:59:09.625261162 +0100
@@ -3718,7 +3718,7 @@
if RE_PROFILE_START.search(line):
(profile, hat, attachment, flags, in_contained_hat, correct) = serialize_parse_profile_start(
- line, prof_filename, None, profile, hat, write_prof_data[profile][hat]['profile'], write_prof_data[profile][hat]['external'], correct)
+ line, prof_filename, None, profile, hat, write_prof_data[hat]['profile'], write_prof_data[hat]['external'], correct)
if not write_prof_data[hat]['name'] == profile:
correct = False
@@ -3954,7 +3954,7 @@
if matches[0]:
audit = mode
- path_rule = write_prof_data[profile][hat][allow]['path'][ALL]
+ path_rule = write_prof_data[hat][allow]['path'][ALL]
if path_rule.get('mode', set()) & mode and \
(not audit or path_rule.get('audit', set()) & audit) and \
path_rule.get('file_prefix', set()):
Regards,
Christian Boltz
--
programmers' biggest strength is that they're lazy bastards.
[Claudio Freire in opensuse-factory]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20151226/517fb90b/attachment.pgp>
More information about the AppArmor
mailing list