[apparmor] [patch] [2.9] Fix crash in profile_known_network() and profile_known_capability() with #include <directory>
Steve Beattie
steve at nxnw.org
Tue Jul 7 23:13:44 UTC 2015
On Sat, Jul 04, 2015 at 08:46:34PM +0200, Christian Boltz wrote:
> preamble: this is the 2.9 version of
> 61-is_known_rule-check-directory-includes.diff.
>
> Since the patch "only" ignores include directories, the
> 60-split-off-include_dir_filelist.diff patch is not really needed for
> 2.9 - but it shouldn't hurt ;-)
>
> $subject ;-)
>
> Ignore include files that were not read before (= don't exist in
> include[], which typically happens for #include <directory>) so that
> the profile_known_*() functions don't crash.
>
> Note: Since the 2.9 code is too different, this patch only avoids the
> crash, but doesn't ensure that the files in the included directory are
> honored (which would need in a rewrite of the profile_known_*()
> functions).
>
> BTW: I tested with a network log entry and hope the best for
> profile_known_capability() ;-)
>
> References: https://bugs.launchpad.net/apparmor/+bug/1471425
> (includes reproducer)
>
> [ 61-2.9-profile_known_network-and-capability-fix-dir-include-crash.diff ]
Acked-by: Steve Beattie <steve at nxnw.org>. Thanks.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150707/3567f5cc/attachment.pgp>
More information about the AppArmor
mailing list