[apparmor] [PATCH] parser: Return non-zero when a specified profile fails to parse

Tyler Hicks tyhicks at canonical.com
Thu May 11 22:53:37 UTC 2017 

On 05/11/2017 04:39 PM, Tyler Hicks wrote:
> Christian reported that `apparmor_parser -r /file/not/found` returns 0
> indicating that the profile was loaded as expected even though
> /file/not/found does not exist in the filesystem. This patch ensures
> that a non-zero error code is returned when a specified file or
> directory is not found, readable, etc.
> 
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
> Tested-by: Christian Boltz <apparmor at cboltz.de>
> Acked-by: John Johansen <john.johansen at canonical.com>
> ---
>  parser/lib.c         | 3 +++
>  parser/parser_main.c | 2 ++
>  2 files changed, 5 insertions(+)
> 
> diff --git a/parser/lib.c b/parser/lib.c
> index 11c2210..053765e 100644
> --- a/parser/lib.c
> +++ b/parser/lib.c
> @@ -16,6 +16,7 @@
>   *   Ltd.
>   */
>  
> +#include <errno.h>
>  #include <string.h>
>  
>  #include <sys/stat.h>
> @@ -32,10 +33,12 @@ int dirat_for_each(int dirfd, const char *name, void *data,
>  		   int (* cb)(int, const char *, struct stat *, void *))
>  {
>  	int retval = _aa_dirat_for_each(dirfd, name, data, cb);
> +	int save = errno;
>  
>  	if (retval)
>  		PDEBUG("dirat_for_each failed: %m\n");
>  
> +	errno = save;
>  	return retval;
>  }
>  
> diff --git a/parser/parser_main.c b/parser/parser_main.c
> index 80c243d..5c5129f 100644
> --- a/parser/parser_main.c
> +++ b/parser/parser_main.c
> @@ -1160,6 +1160,7 @@ int main(int argc, char *argv[])
>  
>  		if (profilename && stat(profilename, &stat_file) == -1) {
>  			PERROR("File %s not found, skipping...\n", profilename);
> +			last_error = ENOENT;

We can do better than this. last_error should be assigned the value of
errno just before PERROR() is called. I'll send a v2 after the tests
finish running.

Tyler

>  			continue;
>  		}
>  
> @@ -1175,6 +1176,7 @@ int main(int argc, char *argv[])
>  			cb = binary_input ? binary_dir_cb : profile_dir_cb;
>  			if ((retval = dirat_for_each(AT_FDCWD, profilename,
>  						     &cb_data, cb))) {
> +				last_error = errno;
>  				PDEBUG("Failed loading profiles from %s\n",
>  				       profilename);
>  			}
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170511/0d880101/attachment.pgp>

More information about the AppArmor mailing list