[apparmor] [PATCH 5/2] Fix compilation of audit modifiers
John Johansen
john.johansen at canonical.com
Wed Mar 18 17:24:14 UTC 2015
On 03/18/2015 08:32 AM, Tyler Hicks wrote:
> On 2015-03-17 16:13:03, Steve Beattie wrote:
>> On Tue, Mar 17, 2015 at 12:14:07AM -0700, John Johansen wrote:
>>> This fixes the incorrect compilation of audit modifiers for exec and
>>> pivot_root as detailed in
>>>
>>> https://launchpad.net/bugs/1431717
>>> https://launchpad.net/bugs/1432045
>>>
>>> The permission accumulation routine on the backend was incorrectly setting
>>> the audit mask based off of the exec type bits (info about the exec) and
>>> not the actual exec permission.
>>>
>>> This bug could have also caused permissions issues around overlapping exec
>>> generic and exact match exec rules, except the encoding of EXEC_MODIFIERS
>>> ensured that the
>>> exact_match_allow & AA_USER/OTHER_EXEC_TYPE
>>> test would never fail for a permission accumulation with the exec permission
>>> set.
>>>
>>> Signed-off-by: John Johansen <john.johansen at canonical.com>
>>
>> Acked-by: Steve Beattie <steve at nxnw.org> for trunk and 2.9. Thanks!
>
> It gets my ack, too.
>
> Do I have the green light to commit the tests to 2.9, as well?
>
yes please, the fix is checked in
More information about the AppArmor
mailing list