[apparmor] [patch] Handle #include <directory> in is_known_rule()

Christian Boltz apparmor at cboltz.de
Wed Jul 8 20:23:28 UTC 2015


Am Dienstag, 7. Juli 2015 schrieb Steve Beattie:
> On Sat, Jul 04, 2015 at 06:58:39PM +0200, Christian Boltz wrote:
> > this patch fixes the crash reported in
> > https://bugs.launchpad.net/apparmor/+bug/1471425
> > and also avoids asking for and adding superfluous rules that are
> > already covered by a file in the included directory.
> > 
> > This patch looks bigger than it is because it moves quite some lines
> > into the "else:" branch. Everything inside the "else:" just got an
> > additional whitespace level.
> > 
> > Note: 2.9 needs a different patch because it has some
> > profile_known_*() functions instead of is_known_rule().
> > 
> > [ 61-is_known_rule-check-directory-includes.diff ]
> I couldn't reproduce the failure against trunk, but the patch looks
> fine. Acked-by: Steve Beattie <steve at nxnw.org>.

Indeed, that's what you get for switching back and forth between trunk 
and 2.9 while testing ;-)

You are right - trunk didn't crash (the "if include[incname]
[incname].get(...)" prevented the crash), but it asked superfluous 
questions because it didn't honor directory includes.

I'll commit with an updated commit message.


Christian Boltz
[skipping broken packages while installation]
As Michael said, never expect things to finish if you skip glibc.
[Duncan Mac-Vicar Prett in

More information about the AppArmor mailing list