[apparmor] [PATCH 1/3] libapparmor: Remove incorrect statement in aa_change_profile man page

[Tyler Hicks]

On 2016-01-27 12:55:45, Christian Boltz wrote:
> Hello,
> 
> Am Dienstag, 26. Januar 2016 schrieb Tyler Hicks:
> > The statement was meant to convey the difference between
> > aa_change_hat() and aa_change_profile(). Unfortunately, it read as if
> > there was something preventing a program from using
> > aa_change_profile() twice to move from profile A to profile B and
> > back to profile A, even if profiles A and B contained the necessary
> > rules.
> > 
> > Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
> > Reported-by: Seth Arnold <seth.arnold at canonical.com>
> > ---
> >  libraries/libapparmor/doc/aa_change_profile.pod | 11 +++++------
> >  1 file changed, 5 insertions(+), 6 deletions(-)
> > 
> > diff --git a/libraries/libapparmor/doc/aa_change_profile.pod
> > b/libraries/libapparmor/doc/aa_change_profile.pod index
> > e5ac0be..6457c33 100644
> > --- a/libraries/libapparmor/doc/aa_change_profile.pod
> > +++ b/libraries/libapparmor/doc/aa_change_profile.pod
> > @@ -40,14 +40,13 @@ An AppArmor profile applies to an executable
> > program; if a portion of the program needs different access
> > permissions than other portions, the program can "change profile" to
> > a different profile. To change into a new profile, it can use the
> > aa_change_profile() function to do so. It passes -in a pointer to the
> > I<profile> to transition to. Transitioning to another -profile via
> > aa_change_profile() is permanent and the process is not -permitted to
> > transition back to the original profile. Confined programs -wanting
> > to use aa_change_profile() need to have rules permitting changing -to
> > the named profile. See apparmor.d(8) for details.
> > +in a pointer to the I<profile> to transition to. Confined programs
> > wanting to +use aa_change_profile() need to have rules permitting
> 
> What about mentioning the rule name to make things clear?
> ... need to have *change_profile* rules permitting...

I hesitate to mention the specific rules required. It isn't just a
change_profile rule that's needed. There's also a file rule needed for
/proc/<PID>/attr/current if calling aa_change_profile() or
/proc/<PID>/attr/exec if calling aa_change_onexec(). In addition, the
required rules could vary across kernel/libapparmor versions.

> 
> > changing to the named +profile. See apparmor.d(8) for details.
> > 
> >  If a program wants to return out of the current profile to the
> > -original profile, it should use aa_change_hat(2) instead.
> > +original profile, it may use aa_change_hat(2). Otherwise, the two
> > profiles must +have rules permitting changing between the two
> > profiles.
> 
> Same here - ...must have *change_profile* rules permitting...
> 
> 
> With or without that changed,
> Acked-by: Christian Boltz <apparmor at cboltz.de> for trunk, 2.10 and 2.9 
> (they all have the same aa_change_profile.pod and therefore all need this 
> fix)

Thanks! I hadn't thought about applying this patch set to 2.10 or 2.9
but it makes a lot of sense.

> The other patches in this series should also be applied to the 2.9 and 
> 2.10 branch once they are acked. However, I'll leave someone else (who 
> knows the technical details of aa_change_profile better) review them ;-)

JJ gave his ack and I can't think of a reason not to apply them to those
branches, so I'll do that.

Tyler

> 
> 
> Regards,
> 
> Christian Boltz
> -- 
> > rpmdb: PANIC: fatal region error detected; run recovery
> Du wohnst nicht zufällig in Bielefeld?
> [> Cornelia Böttge und Michael Raab in opensuse-de]



> -- 
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160127/1169f13b/attachment.pgp>