[apparmor] [patch] Error out if the log contains an exec event for a directory
Christian Boltz
apparmor at cboltz.de
Thu Feb 4 16:53:30 UTC 2016
Hello,
according to the discussion with John on IRC, exec log events for
directories should never happen, therefore let handle_children()
raise an exception.
[ 69-error-out-on-dir-exec.diff ]
--- utils/apparmor/aa.py 2016-02-04 01:21:33.010848414 +0100
+++ utils/apparmor/aa.py 2016-02-04 17:49:00.985255184 +0100
@@ -1208,8 +1203,7 @@
if mode & str_to_mode('x'):
if os.path.isdir(exec_target):
- mode = mode - apparmor.aamode.ALL_AA_EXEC_TYPE
- mode = mode | str_to_mode('ix')
+ raise AppArmorBug('exec permissions requested for directory %s. This should not happen - please open a bugreport!' % exec_target)
else:
do_execute = True
Regards,
Christian Boltz
--
> > "Frontpage" is a M$ WYSIWYG web page creation program.
Would you like some Wine with that ActiveX?
You must have a different Outlook(tm) on things, I thought it was an
Excel(tm)lent Word(tm). [>> Carl Hartung and Peter Flodin in opensuse]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160204/7ba89d67/attachment.pgp>
More information about the AppArmor
mailing list