[apparmor] [utils][patch]Fix indentation for return command in cleanprofile.py

Christian Boltz apparmor at cboltz.de
Sun Jun 7 17:25:44 UTC 2015 

Hello,

Am Sonntag, 7. Juni 2015 schrieb Kshitij Gupta:
> As discovered by cboltz there was a strange random behaviour of
> crashing by aa-cleanprof. After a fun bughunt we traced it to 4 extra
> white spaces before the return statement. The patch also adds a
> sorted call on the key set to make things more deterministic (for
> when we have to bughunt next time).

bughunt? bugs? we have bugs? really? ;-)

> Note: This patch just fixes the randomness, the cause of crash is
> fixed by "Add profile_storage()" patch which initialises thing as
> necessary.

Right. Let me add that with with the "Add profile_storage()" patch 
applied, the randomness moves from crashing to the number of deleted 
superfluous rules ;-)

> The following patch:
> - Brings the return to the correct indentation
> - Adds a sorted call over the set keys of hat in the profile
> 
> === modified file 'utils/apparmor/cleanprofile.py'
> --- utils/apparmor/cleanprofile.py      2015-04-26 19:54:38 +0000
> +++ utils/apparmor/cleanprofile.py      2015-06-07 16:48:49 +0000
> @@ -48,7 +48,7 @@
>          #Process every hat in the profile individually
>          file_includes =
> list(self.profile.filelist[self.profile.filename]['include'].keys())
>          deleted = 0
> -        for hat in self.profile.aa[program].keys():
> +        for hat in sorted(self.profile.aa[program].keys()):
>              #The combined list of includes from profile and the file
>              includes =
> list(self.profile.aa[program][hat]['include'].keys()) + file_includes
> 
> @@ -76,7 +76,7 @@
>              deleted +=
> delete_path_duplicates(self.profile.aa[program][hat],
> self.other.aa[program][hat], 'allow', self.same_file)
>              deleted +=
> delete_path_duplicates(self.profile.aa[program][hat],
> self.other.aa[program][hat], 'deny', self.same_file)
> 
> -            return deleted
> +        return deleted

Acked-by: Christian Boltz <apparmor at cboltz.de> for trunk and 2.9.

For the records: In the 2.9 branch this issue didn't cause crashes. 
2.9 doesn't have the rule classes and therefore can't crash because of a 
not-initialized rule class ;-)  Nevertheless, this patch makes sure that 
superfluous rules in all hats (instead of just one hat) get removed.


Regards,

Christian Boltz
-- 
> oder das absolut berauschende ;-))
>   [ -d "/test/" ] || echo mkd
Danke, zum Glück muß ich heute nicht mehr mit dem Auto fahren :-)
[> Thomas Preissler und Al Bogner in suse-linux]

More information about the AppArmor mailing list