[apparmor] [PATCH] parser: Return non-zero when a specified profile fails to parse
Tyler Hicks
tyhicks at canonical.com
Thu May 11 22:53:37 UTC 2017
On 05/11/2017 04:39 PM, Tyler Hicks wrote:
> Christian reported that `apparmor_parser -r /file/not/found` returns 0
> indicating that the profile was loaded as expected even though
> /file/not/found does not exist in the filesystem. This patch ensures
> that a non-zero error code is returned when a specified file or
> directory is not found, readable, etc.
>
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
> Tested-by: Christian Boltz <apparmor at cboltz.de>
> Acked-by: John Johansen <john.johansen at canonical.com>
> ---
> parser/lib.c | 3 +++
> parser/parser_main.c | 2 ++
> 2 files changed, 5 insertions(+)
>
> diff --git a/parser/lib.c b/parser/lib.c
> index 11c2210..053765e 100644
> --- a/parser/lib.c
> +++ b/parser/lib.c
> @@ -16,6 +16,7 @@
> * Ltd.
> */
>
> +#include <errno.h>
> #include <string.h>
>
> #include <sys/stat.h>
> @@ -32,10 +33,12 @@ int dirat_for_each(int dirfd, const char *name, void *data,
> int (* cb)(int, const char *, struct stat *, void *))
> {
> int retval = _aa_dirat_for_each(dirfd, name, data, cb);
> + int save = errno;
>
> if (retval)
> PDEBUG("dirat_for_each failed: %m\n");
>
> + errno = save;
> return retval;
> }
>
> diff --git a/parser/parser_main.c b/parser/parser_main.c
> index 80c243d..5c5129f 100644
> --- a/parser/parser_main.c
> +++ b/parser/parser_main.c
> @@ -1160,6 +1160,7 @@ int main(int argc, char *argv[])
>
> if (profilename && stat(profilename, &stat_file) == -1) {
> PERROR("File %s not found, skipping...\n", profilename);
> + last_error = ENOENT;
We can do better than this. last_error should be assigned the value of
errno just before PERROR() is called. I'll send a v2 after the tests
finish running.
Tyler
> continue;
> }
>
> @@ -1175,6 +1176,7 @@ int main(int argc, char *argv[])
> cb = binary_input ? binary_dir_cb : profile_dir_cb;
> if ((retval = dirat_for_each(AT_FDCWD, profilename,
> &cb_data, cb))) {
> + last_error = errno;
> PDEBUG("Failed loading profiles from %s\n",
> profilename);
> }
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170511/0d880101/attachment.pgp>
More information about the AppArmor
mailing list