[apparmor] [PATCH] parser: Return non-zero when a specified profile fails to parse
Tyler Hicks
tyhicks at canonical.com
Thu May 11 21:39:17 UTC 2017
Christian reported that `apparmor_parser -r /file/not/found` returns 0
indicating that the profile was loaded as expected even though
/file/not/found does not exist in the filesystem. This patch ensures
that a non-zero error code is returned when a specified file or
directory is not found, readable, etc.
Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
Tested-by: Christian Boltz <apparmor at cboltz.de>
Acked-by: John Johansen <john.johansen at canonical.com>
---
parser/lib.c | 3 +++
parser/parser_main.c | 2 ++
2 files changed, 5 insertions(+)
diff --git a/parser/lib.c b/parser/lib.c
index 11c2210..053765e 100644
--- a/parser/lib.c
+++ b/parser/lib.c
@@ -16,6 +16,7 @@
* Ltd.
*/
+#include <errno.h>
#include <string.h>
#include <sys/stat.h>
@@ -32,10 +33,12 @@ int dirat_for_each(int dirfd, const char *name, void *data,
int (* cb)(int, const char *, struct stat *, void *))
{
int retval = _aa_dirat_for_each(dirfd, name, data, cb);
+ int save = errno;
if (retval)
PDEBUG("dirat_for_each failed: %m\n");
+ errno = save;
return retval;
}
diff --git a/parser/parser_main.c b/parser/parser_main.c
index 80c243d..5c5129f 100644
--- a/parser/parser_main.c
+++ b/parser/parser_main.c
@@ -1160,6 +1160,7 @@ int main(int argc, char *argv[])
if (profilename && stat(profilename, &stat_file) == -1) {
PERROR("File %s not found, skipping...\n", profilename);
+ last_error = ENOENT;
continue;
}
@@ -1175,6 +1176,7 @@ int main(int argc, char *argv[])
cb = binary_input ? binary_dir_cb : profile_dir_cb;
if ((retval = dirat_for_each(AT_FDCWD, profilename,
&cb_data, cb))) {
+ last_error = errno;
PDEBUG("Failed loading profiles from %s\n",
profilename);
}
--
2.7.4
More information about the AppArmor
mailing list