[apparmor] [patch] Make sure 'x' log events always come with type 'exec'
Kshitij Gupta
kgupta8592 at gmail.com
Sun Feb 21 18:23:40 UTC 2016
On Sun, Feb 21, 2016 at 9:48 PM, Christian Boltz <apparmor at cboltz.de> wrote:
> Hello,
>
> according to a discussion with John on IRC, denied_mask="x" can only
> happen for 'exec' log events. This patch raises an exception if John
> is wrong ;-)
>
>
> [ 75-x-but-not-exec-exception.diff ]
>
> === modified file ./utils/apparmor/aa.py
> --- utils/apparmor/aa.py 2016-02-21 15:43:58.021985441 +0100
> +++ utils/apparmor/aa.py 2016-02-21 16:06:41.744595751 +0100
> @@ -1210,6 +1210,8 @@
> if mode & str_to_mode('x'):
> if os.path.isdir(exec_target):
> raise AppArmorBug('exec permissions requested for
> directory %s. This should not happen - please open a bugreport!' %
> exec_target)
> + elif typ != 'exec':
> + raise AppArmorBug('exec permissions requested for
> %i(exec_target)s, but mode is %(mode)s instead of exec. This
Is that "%i(exec_target)s: above containing the "%i" what you were aiming
for?
> should not happen - please open a bugreport!' % {'exec_target':
> exec_target, 'mode':mode})
> else:
> do_execute = True
>
>
>
> Regards,
>
> Christian Boltz
> --
> >Weil es sehr weit verbreitet ist, eingespielt und "überall drauf".
> Die weite Verbreitung ist allenfalls geeignet, die kaputte Syntax
> auszugleichen, ein Erfordernis also, kein Pluspunkt.
> [> Ratti und Thorsten Haude in suse-linux zur Frage "Warum procmail?"]
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/apparmor
>
>
--
Regards,
Kshitij Gupta
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160221/ad182787/attachment-0001.html>
More information about the AppArmor
mailing list