[apparmor] [patch] [05/38] Make sanity check in _is_covered_list() optional

[Christian Boltz]

Hello,

_is_covered_list() has a sanity check that raises an exception if both
other_value and other_all evaluate to False. This breaks when using
_is_covered_list() for FileRule.perms which can be empty if exec_perms
are specified.

This patch adds an optional parameter that allows to skip the sanity
check.


[ 05-is_covered_list-make-sanity-check-optional.diff ]

--- utils/apparmor/rule/__init__.py	2016-01-18 18:59:53.451076435 +0100
+++ utils/apparmor/rule/__init__.py	2016-01-18 18:56:44.740261951 +0100
@@ -167,10 +167,10 @@
         # still here? -> then it is covered
         return True
 
-    def _is_covered_list(self, self_value, self_all, other_value, other_all, cond_name):
+    def _is_covered_list(self, self_value, self_all, other_value, other_all, cond_name, sanity_check=True):
         '''check if other_* is covered by self_* - for lists'''
 
-        if not other_value and not other_all:
+        if sanity_check and not other_value and not other_all:
             raise AppArmorBug('No %(cond_name)s specified in other %(rule_name)s rule' % {'cond_name': cond_name, 'rule_name': self.rule_name})
 
         if not self_all:



Regards,

Christian Boltz
-- 
depressing, infuriating, sickening and
Acked-by: John Johansen <john.johansen at canonical.com>
[John Johansen in apparmor]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160812/7253e827/attachment.pgp>