[apparmor] [patch] Handle ldd $? == 1 in get_reqs()

Christian Boltz apparmor at cboltz.de
Fri Dec 30 21:13:45 UTC 2016


Hello,

ldd exits with $? == 1 if a file is 'not a dynamic executable'.
This is correct behaviour of ldd, so we should handle it instead of
raising an exception ;-)

Also extend fake_ldd and add a test to test-aa.py to cover this.


I propose this patch for trunk, 2.10 and 2.9.

Note that 2.10 and 2.9 don't have tests for get_reqs() nor fake_ldd,
so those branches will only get the aa.py changes.



[ 01-ldd-ret-1.diff ]

=== modified file ./utils/apparmor/aa.py
--- utils/apparmor/aa.py        2016-10-14 20:31:20.282043000 +0200
+++ utils/apparmor/aa.py        2016-12-30 22:05:14.686659297 +0100
@@ -363,9 +363,9 @@
         raise AppArmorException('Can\'t find ldd')
 
     ret, ldd_out = get_output([ldd, file])
-    if ret == 0:
+    if ret == 0 or ret == 1:
         for line in ldd_out:
-            if 'not a dynamic executable' in line:
+            if 'not a dynamic executable' in line:  # comes with ret == 1
                 break
             if 'cannot read header' in line:
                 break
=== modified file ./utils/test/fake_ldd
--- utils/test/fake_ldd 2016-10-01 20:33:23.421684000 +0200
+++ utils/test/fake_ldd 2016-12-30 21:59:18.940461775 +0100
@@ -44,6 +44,10 @@
     print('        linux-vdso.so.1 (0x00007ffde132b000)')
 
 
+elif sys.argv[1] == '/AATest/sbin/ldconfig':
+    print('        not a dynamic executable')
+    sys.exit(1)  # ldd exits with $? == 1 in this case
+
 elif sys.argv[1].startswith('/tmp/aa-test-'):  # test file generated by test-aa.py
     print('        not a dynamic executable')
 
=== modified file ./utils/test/test-aa.py
--- utils/test/test-aa.py       2016-10-01 21:00:58.949770000 +0200
+++ utils/test/test-aa.py       2016-12-30 22:01:06.867913164 +0100
@@ -94,6 +94,7 @@
     tests = [
         ('/AATest/bin/bash',    ['/AATest/lib64/libreadline.so.6', '/AATest/lib64/libtinfo.so.6', '/AATest/lib64/libdl.so.2', '/AATest/lib64/libc.so.6', '/AATest/lib64/ld-linux-x86-64.so.2']),
         ('/tmp/aa-test-foo',    []),
+        ('/AATest/sbin/ldconfig', []),  # comes with $? == 1
     ]
 
     def _run_test(self, params, expected):


Regards,

Christian Boltz
-- 
you are spending too much time in web forums or with apache guys if you
are using "+1" and "-1" :-) [Stefan Seyfried in opensuse-factory]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161230/f6d6604e/attachment.pgp>


More information about the AppArmor mailing list