[apparmor] [PATCH v2] utils: Handle the safe/unsafe change_profile exec modes
Christian Boltz
apparmor at cboltz.de
Wed Jul 20 14:16:42 UTC 2016
Hello,
Am Freitag, 15. Juli 2016, 20:34:47 CEST schrieb Tyler Hicks:
> https://launchpad.net/bugs/1584069
>
> This patch adds support for the safe and unsafe exec modes for
> change_profile rules. The logic is pretty simple at this point because
> the kernel's default for exec modes changed in newer versions.
> Therefore, this patch simply retains any specified exec mode in
> parsed rules. If an exec mode is not specified in a rule, there is no
> attempt to force the usage of "safe" because older kernels do not
> support it.
>
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
> Acked-by: Seth Arnold <seth.arnold at canonical.com>
> ---
>
> * Changes since v1:
> - Added Seth's acked-by
> - Addressed feedback from Christian
> + Embed execmode name in RE_SAFE_OR_UNSAFE
> + AppArmorBug() when an invalid execmode is used in a new
> ChangeProfileRule()
> + Don't use logprof_value_or_all() when setting execmode_txt
> + Only return "Exec Mode" element from logprof_header_localvars()
> when an execmode is set
> + Add invalid execcmode test to InvalidChangeProfileInit()
> + Make 'safe' execmode equivalent to '' and None
One soap box race later:
Thanks, looks much better :-)
Acked-by: Christian Boltz <apparmor at cboltz.de>
Regards,
Christian Boltz
--
Sich aktiv an Wikipedia beteiligen habe ich versucht.
Es war grausam. Dagegen ist das Heise-Forum ein Streichelzoo.
[Charly Kuehnast zu http://vvv.koehntopp.de/wpkris/?p=739032]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160720/53c26cf8/attachment.pgp>
More information about the AppArmor
mailing list