[apparmor] [PATCH v2] utils: Handle the safe/unsafe change_profile exec modes

Christian Boltz apparmor at cboltz.de
Wed Jul 20 14:16:42 UTC 2016


Am Freitag, 15. Juli 2016, 20:34:47 CEST schrieb Tyler Hicks:
> https://launchpad.net/bugs/1584069
> This patch adds support for the safe and unsafe exec modes for
> change_profile rules. The logic is pretty simple at this point because
> the kernel's default for exec modes changed in newer versions.
> Therefore, this patch simply retains any specified exec mode in
> parsed rules. If an exec mode is not specified in a rule, there is no
> attempt to force the usage of "safe" because older kernels do not
> support it.
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
> Acked-by: Seth Arnold <seth.arnold at canonical.com>
> ---
> * Changes since v1:
>   - Added Seth's acked-by
>   - Addressed feedback from Christian
>     + Embed execmode name in RE_SAFE_OR_UNSAFE
>     + AppArmorBug() when an invalid execmode is used in a new
>       ChangeProfileRule()
>     + Don't use logprof_value_or_all() when setting execmode_txt
>     + Only return "Exec Mode" element from logprof_header_localvars()
> when an execmode is set
>     + Add invalid execcmode test to InvalidChangeProfileInit()
>     + Make 'safe' execmode equivalent to '' and None

One soap box race later:

Thanks, looks much better :-)

Acked-by: Christian Boltz <apparmor at cboltz.de>


Christian Boltz
Sich aktiv an Wikipedia beteiligen habe ich versucht.
Es war grausam. Dagegen ist das Heise-Forum ein Streichelzoo.
[Charly Kuehnast zu http://vvv.koehntopp.de/wpkris/?p=739032]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160720/53c26cf8/attachment.pgp>

More information about the AppArmor mailing list