[apparmor] [patch] Error out if the log contains an exec event for a directory

Christian Boltz apparmor at cboltz.de
Thu Feb 4 16:53:30 UTC 2016


according to the discussion with John on IRC, exec log events for
directories should never happen, therefore let handle_children()
raise an exception.

[ 69-error-out-on-dir-exec.diff ]

--- utils/apparmor/aa.py        2016-02-04 01:21:33.010848414 +0100
+++ utils/apparmor/aa.py        2016-02-04 17:49:00.985255184 +0100
@@ -1208,8 +1203,7 @@
                 if mode & str_to_mode('x'):
                     if os.path.isdir(exec_target):
-                        mode = mode - apparmor.aamode.ALL_AA_EXEC_TYPE
-                        mode = mode | str_to_mode('ix')
+                        raise AppArmorBug('exec permissions requested for directory %s. This should not happen - please open a bugreport!' % exec_target)
                         do_execute = True


Christian Boltz
> > "Frontpage" is a M$ WYSIWYG web page creation program.
Would you like some Wine with that ActiveX?
You must have a different Outlook(tm) on things, I thought it was an
Excel(tm)lent Word(tm). [>> Carl Hartung and Peter Flodin in opensuse]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160204/7ba89d67/attachment.pgp>

More information about the AppArmor mailing list