[apparmor] [patch] handle_binfmt: resolve symlinks in library paths
Christian Boltz
apparmor at cboltz.de
Sun Feb 21 19:03:21 UTC 2016
Hello,
Am Montag, 22. Februar 2016, 00:02:09 CET schrieb Kshitij Gupta:
> On Sun, Feb 21, 2016, Christian Boltz <apparmor at cboltz.de> wrote:
> > $subject.
> >
> > This should happen rarely, but nevertheless it can happen - and
> > since
> > AppArmor needs the symlink target in the profile, we have to resolve
> > any symlink.
> >
> >
> > [ 76-handle_binfmt-resolve-symlinks.diff ]
> >
> > === modified file ./utils/apparmor/aa.py
> > --- utils/apparmor/aa.py 2016-02-21 17:14:28.444520585 +0100
> > +++ utils/apparmor/aa.py 2016-02-21 16:06:41.744595751 +0100
> > @@ -386,6 +388,7 @@
> >
> > reqs = get_reqs(path)
> >
> > while reqs:
> > library = reqs.pop()
> >
> > + library = get_full_path(library) # resolve symlinks
>
> How about inlining the get_full_path with the pop?
I know it would make the code shorter, but I prefer an additional line
if it makes it more readable ;-)
> Also, is the comment above adding any value and worth it?
I think so ;-)
People might wonder why get_full_path() is called because get_reqs()
only returns full library paths (the regexes only match '/.*'), so
explaining that it's about symlinks makes sense IMHO.
> Acked-by: Kshitij Gupta <kgupta8592 at gmail.com>
Thanks for the review!
Regards,
Christian Boltz
--
general rule: if Olaf reports a bug, it is a valid bug.
[Olaf Hering while reopening
https://bugzilla.novell.com/show_bug.cgi?id=168595]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160221/07563307/attachment.pgp>
More information about the AppArmor
mailing list