[apparmor] [patch] fix aa-complain to work with quoted profile names
Christian Boltz
apparmor at cboltz.de
Tue Jun 10 22:11:29 UTC 2014
Hello,
the attached patch fixes a crash in aa-complain when a profile name is
quoted. It also makes sure aa-complain actually adds the complain flag
in such cases. (aa-enforce etc. will also benefit from this fix.)
Note: superfluous quotes will be removed when saving the profile (for
example with aa-cleanprof), but they are kept if needed, like in
profile "/bin/foo bar"
(tested with aa-complain and aa-cleanprof - and also with "rcapparmor
reload", where the initscript bailed out because my profile filename
contained a space...)
The patch also adds some TODO notes.
References: https://bugs.launchpad.net/apparmor/+bug/1296218
There are other regexes that handle quotes:
RE_PROFILE_ALIAS
RE_PROFILE_CHANGE_HAT
RE_PROFILE_HAT_DEF
They probably also need to be changed to work with quotes (can someone
test them, please?), but that can be a separate patch.
I also noticed that aa-cleanprof (and therefore probably all python
tools) adds additional quotes in file rules, so
"/bin/foo bar" mrix,
becomes
""/bin/foo bar"" mrix,
and in the next run
"""/bin/foo bar""" mrix,
One more patch to write...
Regards,
Christian Boltz
--
a computer without an Internet connection is essentially a very
expensive DVD player
[http://www.randsinrepose.com/archives/2006/07/10/a_nerd_in_a_cave.html]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lp1296218.diff
Type: text/x-patch
Size: 2844 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140611/97e92c3d/attachment.bin>
More information about the AppArmor
mailing list