[apparmor] [patch 2/4] utils/aa-unconfined: avoid using cat(1) to read /proc/PID/cmdline
Steve Beattie
steve at nxnw.org
Fri Dec 30 07:24:56 UTC 2016
This patch adjusts aa-unconfined to avoid using cat(1) to read
/proc/PID/cmdline entries, and instead opens them for reading directly.
Signed-off-by: Steve Beattie <steve at nxnw.org>
---
utils/aa-unconfined | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
Index: b/utils/aa-unconfined
===================================================================
--- a/utils/aa-unconfined
+++ b/utils/aa-unconfined
@@ -113,14 +113,17 @@ for pid in sorted(map(int, pids)):
continue
attr = None
if os.path.exists("/proc/%s/attr/current"%pid):
- with aa.open_file_read("/proc/%s/attr/current"%pid) as current:
+ with apparmor.common.open_file_read("/proc/%s/attr/current"%pid) as current:
for line in current:
line = line.strip()
if line.endswith(' (complain)', 1) or line.endswith(' (enforce)', 1): # enforce at least one char as profile name
attr = line
- cmdline = apparmor.common.cmd(["cat", "/proc/%s/cmdline"%pid])[1]
- pname = cmdline.split("\0")[0]
+ pname = None
+ cmdline = None
+ with apparmor.common.open_file_read("/proc/%s/cmdline" % pid) as cmd:
+ cmdline = cmd.readlines()[0]
+ pname = cmdline.split("\0")[0]
if '/' in pname and pname != prog:
pname = "(%s)"% pname
else:
More information about the AppArmor
mailing list