[apparmor] [patch] Make sure 'x' log events always come with type 'exec'

Christian Boltz apparmor at cboltz.de
Sun Feb 21 19:07:01 UTC 2016 

Hello,

Am Sonntag, 21. Februar 2016, 23:53:40 CET schrieb Kshitij Gupta:
> On Sun, Feb 21, 2016 at 9:48 PM, Christian Boltz wrote:
> > according to a discussion with John on IRC, denied_mask="x" can only
> > happen for 'exec' log events. This patch raises an exception if John
> > is wrong ;-)
> > 
> > 
> > [ 75-x-but-not-exec-exception.diff ]
> > 
> > === modified file ./utils/apparmor/aa.py
> > --- utils/apparmor/aa.py        2016-02-21 15:43:58.021985441 +0100
> > +++ utils/apparmor/aa.py        2016-02-21 16:06:41.744595751 +0100

> > +                    elif typ != 'exec':
> > +                        raise AppArmorBug('exec permissions
> > requested for %i(exec_target)s, but mode is %(mode)s instead of
> > exec. This
> Is that "%i(exec_target)s: above containing the "%i" what you were
> aiming for?

Nice catch - it should be %(...), not %i(...) ;-)


Updated patch:

[ 75-x-but-not-exec-exception.diff ]

=== modified file ./utils/apparmor/aa.py
--- utils/apparmor/aa.py        2016-02-21 15:43:58.021985441 +0100
+++ utils/apparmor/aa.py        2016-02-21 16:06:41.744595751 +0100
@@ -1210,6 +1210,8 @@
                 if mode & str_to_mode('x'):
                     if os.path.isdir(exec_target):
                         raise AppArmorBug('exec permissions requested for directory %s. This should not happen - please open a bugreport!' % exec_target)
+                    elif typ != 'exec':
+                        raise AppArmorBug('exec permissions requested for %(exec_target)s, but mode is %(mode)s instead of exec. This should not happen - please open a bugreport!' % {'exec_target': exec_target, 'mode':mode})
                     else:
                         do_execute = True
 



Regards,

Christian Boltz
-- 
There is only so much everybody can do. We suffer from hour-shortage
on the day I guess :)    [Dominique Leuenberger in opensuse-factory]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160221/af2a4b98/attachment.pgp>

More information about the AppArmor mailing list