[apparmor] [patch] [2.9 branch] fix aa-mergeprof capability handling
Christian Boltz
apparmor at cboltz.de
Thu May 14 00:05:40 UTC 2015
Hello,
this patch fixes the 2.9 aa-mergeprof capability handling.
Thanks to a broken optimization (which missed a "not" in the if
condition), aa-mergeprof never asked to merge capability rules.
Also fix a syntax / parameter error uncovered after fixing the
condition.
This patch is only meant for the 2.9 branch.
[ mergeprof-2.9-fix-capability.diff ]
=== modified file 'utils/aa-mergeprof'
--- utils/aa-mergeprof 2014-10-16 21:35:06 +0000
+++ utils/aa-mergeprof 2015-05-13 23:19:42 +0000
@@ -309,7 +309,7 @@
#Add the capabilities
for allow in ['allow', 'deny']:
- if other.aa[profile][hat].get(allow, False):
+ if not other.aa[profile][hat].get(allow, False):
continue
for capability in sorted(other.aa[profile][hat][allow]['capability'].keys()):
severity = sev_db.rank('CAP_%s' % capability)
@@ -366,7 +366,7 @@
apparmor.aa.changed[profile] = True
- aaui.UI_Info(_('Adding capability %s to profile.'), capability)
+ aaui.UI_Info(_('Adding capability %s to profile.') % capability)
done = True
elif ans == 'CMD_DENY':
Regards,
Christian Boltz
--
[Loadbalancer vor Mailservern]
Ausbauen, bei Ebay verhökern und die frei gewordene Zeit zusammen mit
dem Ebay-Erlös in eine große Betriebsparty mit Cocktails anlegen.
[Peer Heinlein in postfixbuch-users]
More information about the AppArmor
mailing list