[apparmor] [PATCH 5/2] Fix compilation of audit modifiers
Steve Beattie
steve at nxnw.org
Wed Mar 18 17:26:36 UTC 2015
On Wed, Mar 18, 2015 at 10:32:16AM -0500, Tyler Hicks wrote:
> On 2015-03-17 16:13:03, Steve Beattie wrote:
> > On Tue, Mar 17, 2015 at 12:14:07AM -0700, John Johansen wrote:
> > > This fixes the incorrect compilation of audit modifiers for exec and
> > > pivot_root as detailed in
> > >
> > > https://launchpad.net/bugs/1431717
> > > https://launchpad.net/bugs/1432045
> > >
> > > The permission accumulation routine on the backend was incorrectly setting
> > > the audit mask based off of the exec type bits (info about the exec) and
> > > not the actual exec permission.
> > >
> > > This bug could have also caused permissions issues around overlapping exec
> > > generic and exact match exec rules, except the encoding of EXEC_MODIFIERS
> > > ensured that the
> > > exact_match_allow & AA_USER/OTHER_EXEC_TYPE
> > > test would never fail for a permission accumulation with the exec permission
> > > set.
> > >
> > > Signed-off-by: John Johansen <john.johansen at canonical.com>
> >
> > Acked-by: Steve Beattie <steve at nxnw.org> for trunk and 2.9. Thanks!
>
> It gets my ack, too.
>
> Do I have the green light to commit the tests to 2.9, as well?
Yes, please do. Thanks!
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150318/6424137a/attachment.pgp>
More information about the AppArmor
mailing list