[apparmor] [patch 06/11] mod_apparmor: fix AADefaultHatName storage [resend]
John Johansen
john.johansen at canonical.com
Thu Jan 23 11:18:57 UTC 2014
On 01/23/2014 02:45 AM, Steve Beattie wrote:
> When defining an AADefaultHatName entry, it was being stored in the
> passed mconfig location, which is not the module specific server
> config, but instead the top level (i.e. no path defined) default
> directory/location config. This would be superceded by a more specific
> directory config if it applied to the request. Thus, if an AAHatName was
> defined that applied, but the named hat was not defined in the apparmor
> policy, mod_apparmor would not attempt to fall back to the defined
> AADefaultHatName, but instead jump directly to trying the DEFAULT_URI
> hat.
>
> This patch fixes it by storing the defined AADefaultHatName correctly in
> the module specific storage in the related server data structure. It
> also adds a bit of developer debugging statements.
>
> This patch (perhaps without the debugging info) would also be a good
> candidate for the 2.8 branch.
>
> Signed-off-by: Steve Beattie <steve at nxnw.org>
Acked-by: John Johansen <john.johansen at canonical.com>
More information about the AppArmor
mailing list