[apparmor] [patch] Make sure 'x' log events always come with type 'exec'
Christian Boltz
apparmor at cboltz.de
Sun Feb 21 16:18:41 UTC 2016
Hello,
according to a discussion with John on IRC, denied_mask="x" can only
happen for 'exec' log events. This patch raises an exception if John
is wrong ;-)
[ 75-x-but-not-exec-exception.diff ]
=== modified file ./utils/apparmor/aa.py
--- utils/apparmor/aa.py 2016-02-21 15:43:58.021985441 +0100
+++ utils/apparmor/aa.py 2016-02-21 16:06:41.744595751 +0100
@@ -1210,6 +1210,8 @@
if mode & str_to_mode('x'):
if os.path.isdir(exec_target):
raise AppArmorBug('exec permissions requested for directory %s. This should not happen - please open a bugreport!' % exec_target)
+ elif typ != 'exec':
+ raise AppArmorBug('exec permissions requested for %i(exec_target)s, but mode is %(mode)s instead of exec. This should not happen - please open a bugreport!' % {'exec_target': exec_target, 'mode':mode})
else:
do_execute = True
Regards,
Christian Boltz
--
>Weil es sehr weit verbreitet ist, eingespielt und "überall drauf".
Die weite Verbreitung ist allenfalls geeignet, die kaputte Syntax
auszugleichen, ein Erfordernis also, kein Pluspunkt.
[> Ratti und Thorsten Haude in suse-linux zur Frage "Warum procmail?"]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160221/e682b1ad/attachment.pgp>
More information about the AppArmor
mailing list