[apparmor] [patch] NetworkRule: allow TYPE without DOMAIN
Steve Beattie
steve at nxnw.org
Tue Jul 7 04:39:04 UTC 2015
On Thu, Jun 25, 2015 at 10:41:15PM +0200, Christian Boltz wrote:
> thanks to a bug in the apparmor.d manpage, NetworkRule rejected rules
> that contained only TYPE (for example "network stream,"). A bugreport on
> IRC and some testing with the parser showed that this is actually
> allowed, so NetworkRule should of course allow it.
>
> Note: not strip()ing rule_details is the easiest way to ensure we have
> whitespace in front of the TYPE in TYPE-only rules, which is needed by
> the RE_NETWORK_DETAILS regex.
>
> Also adjust the tests to the correct behaviour.
>
> [ 57-adjust-NetworkRule-to-fixed-manpage.diff ]
Acked-by: Steve Beattie <steve at nxnw.org>. Thanks.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150706/b9fac3b5/attachment.pgp>
More information about the AppArmor
mailing list