[apparmor] Patch - Fix attachment failure for profiles with name and attachment specification
John Johansen
john.johansen at canonical.com
Fri Mar 18 15:43:50 UTC 2011
On 03/08/2011 01:58 AM, John Johansen wrote:
> Profiles that specify a name and attachment specification fail to attach when the
> attachment specification doesn't contain globbing.
>
> eg.
> # profile name and attachment the same - attaches as expected
> profile /usr/lib/chromium-browser/chromium-browser
>
> # profile without attachment specification - does not attach as expected
> profile chromium-browser
>
> # profile with name and attachment specification where the attachment specification uses globbing - attaches as expected
> profile chromium-browser /usr/lib/chromium-browser/chromium-broswer*
>
> # profile with name and attachment specification without globbing - FAILS to attach when it should
> profile chromium-browser /usr/lib/chromium-browser/chromium-browser
>
>
> This occurs because the xmatch_len is not set correctly for the profiles that specify
> a name and an attachment specification, where the attachment specification does not
> contain globbing characters.
>
> In this situation the correct length for the xmatch_len is the length of the name, as
> the shortest possible unambiguous match is the name length.
>
> This patch does not fix a related bug where an attachment specification of ** will not
> match (/**) will.
>
forgot to add
Nominated for 2.6.1
More information about the AppArmor
mailing list