[PATCH 1/2] AppArmor: compatibility patch for v5 network controll
John Johansen
john.johansen at canonical.com
Mon Nov 1 21:58:58 UTC 2010
On 11/01/2010 05:36 PM, Tetsuo Handa wrote:
> John Johansen wrote:
>> +struct aa_net {
>> + u16 allow[AF_MAX];
>> + u16 audit[AF_MAX];
>> + u16 quiet[AF_MAX];
>> +};
>
>> @@ -559,6 +573,38 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
>> if (!unpack_rlimits(e, profile))
>> goto fail;
>>
>> + size = unpack_array(e, "net_allowed_af");
>> + if (size) {
>> +
>> + for (i = 0; i < size; i++) {
>> + /* discard extraneous rules that this kernel will
>> + * never request
>> + */
>> + if (i > AF_MAX) {
>
> Please (i >= AF_MAX).
>
yes
thanks Tetsuo
More information about the kernel-team
mailing list