[apparmor] [patch] Fix a missing comma in parser_misc.c capnames
John Johansen
john.johansen at canonical.com
Sat Jan 16 22:56:39 UTC 2016
On 01/15/2016 04:01 PM, Seth Arnold wrote:
> On Fri, Jan 15, 2016 at 01:34:58PM +0100, Christian Boltz wrote:
>> Hello,
>>
>> the capnames list missed a comma, which lead to the funny
>> "mac_overridesyslog" capability name.
>>
>> __debug_capabilities() seems to be the only user of capnames, which
>> might explain why this bug wasn't noticed earlier.
>>
>>
>> I propose this patch for trunk, 2.10 and 2.9.
>
> Acked-by: Seth Arnold <seth.arnold at canonical.com>
>
> Acked for all.
>
>>
>> BTW: Do we really need capnames or could the code be changed to use the
>> list from cap_names.h?
>
> It sure looksl ike cap_names.h could be used instead. It'd require
> modifying the search routines but might make a fun weekend project for
> someone interested in learning C better. :)
>
with a little work yes. The goal is to rework cap_names.h and af_names.h.
So that they are static, but new versions of them are still auto built, they
are compared and the build fails if the autobuilt versions contain info
the old ones don't.
This way the parser can support newer stuff when built on older releases,
or with older kernels installed but we still can catch when new stuff
needs to be added.
Eg. Building the parser on trusty so it can support the xenial backport
kernel.
More information about the AppArmor
mailing list