[apparmor] [patch] Fix aa-mergeprof crash with files containing multiple profiles
Kshitij Gupta
kgupta8592 at gmail.com
Thu Feb 11 21:56:36 UTC 2016
Hello,
On Sat, Dec 26, 2015 at 10:06 PM, Christian Boltz <apparmor at cboltz.de>
wrote:
> Hello,
>
> if a profile file contains multiple profiles, aa-mergeprof crashes on
> saving in write_profile() because the second profile in the file is not
> listed in 'changed'.
>
> This patch first checks if 'changed' contains the profile before
> pop()ing it.
>
Assuming, this is because the second profile is actually not changing
)looking at the in and out files, only comment was removed)/
I guess ideally we should probably have two lists of profiles for a
file(changed and unchanged), to maintain that the profile is always
processed and we may show this info elsewhere.
> Reproducer: copy utils/test/cleanprof_test.in to your profile directory
> and run aa-mergeprof utils/test/cleanprof_test.out. Then just press
> 's' to save the profile.
>
>
> I can reproduce this with trunk, 2.10 and 2.9 and therefore propose this
> patch for all these branches.
>
>
> [ 47-fix-multi-profile-mergeprof-crash.diff ]
>
> --- utils/apparmor/aa.py 2015-12-26 16:47:30.614839586 +0100
> +++ utils/apparmor/aa.py 2015-12-26 17:27:36.376228122 +0100
> @@ -4039,7 +4039,11 @@
>
> os.rename(newprof.name, prof_filename)
>
> - changed.pop(profile)
> + if profile in changed:
> + changed.pop(profile)
> + else:
> + debug_logger.error("%s written, but not listed in 'changed' list"
> % profile)
> +
>
We may rephrase it to something like: "Unchanged/unlisted profile %s
written to file" with a log level of warn?
With above nit-pick considered:
Acked-by: Kshitij Gupta <kgupta8592 at gmail.com>
for trunk, 2.10 and 2.9
Thanks for the patch.
original_aa[profile] = deepcopy(aa[profile])
>
> def matchliteral(aa_regexp, literal):
>
>
> Regards,
>
> Christian Boltz
> --
> [Glaskugel?] Ich habe früher Aufsicht im Rechnerpool an der Uni gemacht.
> Irgendwie hat es die User beeindruckt, wenn ich Ihnen (ohne den Monitor
> einsehen zu können und ohne dass die User etwas gesagt hätten) erklärt
> habe, dass Word abstürzt, wenn man erst die Diskette entfernt und dann
> Word schließt. Das Laufwerksknurpsgeräusch und der Gesichtsausdruck der
> User war eindeutig genug... [Antje M. Bendrich in suse-linux]
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/apparmor
>
>
--
Regards,
Kshitij Gupta
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160212/7347f385/attachment.html>
More information about the AppArmor
mailing list