[apparmor] [patch 3/3] utils: use capability rule class in aa.py and cleanprof.py

Christian Boltz apparmor at cboltz.de
Wed Dec 3 22:56:51 UTC 2014 

Hello,

Am Mittwoch, 3. Dezember 2014 schrieb Christian Boltz:
> Am Mittwoch, 3. Dezember 2014 schrieb Steve Beattie:
> > This patch integrated the new capability rule class into aa.py and
> > cleanprof.py.
> > 
> > Patch changes:
> >   v5:
> >       - merge my changes into Christian's original patches
> >       - use CapabilityRule.parse() for parsing raw capability rules
> > 
> > and getting a CapabilityRule instance back
> > 
> >       - cope with move of parse_modifiers back into
> >       rule/__init__.py.
> 
> Looks good and passes a (short) manual test :-)
> 
> Acked-by: Christian Boltz <apparmor at cboltz.de>
> with the note that large parts of this patch were originally written
> by me, so another review won't hurt ;-)

Some more testing showed that aa-cleanprof deletes some capability 
rules that are not covered by any abstraction.

Please apply the following patch on top of the patchset to fix this.

diff -u -p -r v5-utils-sbeattie/apparmor/cleanprofile.py utils/apparmor/cleanprofile.py
--- v5-utils-sbeattie/apparmor/cleanprofile.py  2014-12-03 20:24:23.377470648 +0100
+++ utils/apparmor/cleanprofile.py      2014-12-03 23:28:52.117687706 +0100
@@ -65,7 +65,7 @@ class CleanProf(object):
                 deleted += apparmor.aa.delete_duplicates(self.other.aa[program][hat], inc)
 
             #Clean the duplicates of caps in other profile
-            if self.same_file:
+            if not self.same_file:
                 deleted += self.other.aa[program][hat]['capability'].delete_duplicates(self.profile.aa[program][hat]['capability'])
 
             #Clean the duplicates of path in other profile


Regards,

Christian Boltz
-- 
[von KDE 3.0.0 auf 3.0.1 updaten]
> Wenn KDE 3.0.0 noch immer startet wurde 3.0.1 nicht richtig
> installiert würde ich mal behaupten :)
newer version, bla bla. Aber eben nicht bei "base"
naja. Ich habe nun gemerkt, daß es garnicht installiert wurde. [...]
Ich DAKU (dümmster anzunehmender KDE Updater)
[> Matthias Hentges und Stefan Onken in suse-linux]

More information about the AppArmor mailing list