[apparmor] [PATCH 14/14] Fix: the default pattern for missing change_onexec id

Steve Beattie steve at nxnw.org
Mon Jun 8 19:59:07 UTC 2015

On Thu, Jun 04, 2015 at 03:56:43AM -0700, John Johansen wrote:
> The default change_onexec id is slightly wrong, it allows matching
> '/' as an executable but it really should be anything under /
> This results in the equality tests for change_profile failing as it
> is different than what specifying /** in a rule does.
> We could define rules need to be {/,}** to be equivalent but since
> / can not be an executable change the default value to match what
> /** is converted in to.
> Signed-off-by: John Johansen <john.johansen at canonical.com>

Acked-by: Steve Beattie <steve at nxnw.org>

Steve Beattie
<sbeattie at ubuntu.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150608/ea22395f/attachment.pgp>

More information about the AppArmor mailing list