[apparmor] [patch] Fix missing profile init in create_new_profile()

Christian Boltz apparmor at cboltz.de
Sun Oct 18 15:34:13 UTC 2015


create_new_profile() didn't init missing required_hats as
profile_storage(), which might lead to crashes when creating a profile
for an application listed in the required_hats config option (= in very
rare cases).

This patch adds the missing profile_storage() call.

[ 96-fix-missing-profile-init-in-create_new_profile.diff ]

--- utils/apparmor/aa.py        2015-10-18 17:16:04.009741472 +0200
+++ utils/apparmor/aa.py        2015-10-18 17:25:17.953411183 +0200
@@ -502,6 +502,8 @@
     for hatglob in cfg['required_hats'].keys():
         if re.search(hatglob, localfile):
             for hat in sorted(cfg['required_hats'][hatglob].split()):
+                if not local_profile.get(hat, False):
+                    local_profile[hat] = profile_storage()
                 local_profile[hat]['flags'] = 'complain'
     if not is_stub:


Christian Boltz
<prusnak> i am not going to use obs instead of mediawiki just
because i can edit descriptions of the packages, right?
[from #opensuse-project]

More information about the AppArmor mailing list