[apparmor] [patch] fix "list index out of range" when allowing inet rules
Steve Beattie
steve at nxnw.org
Tue Oct 14 19:00:57 UTC 2014
On Sun, Oct 12, 2014 at 08:45:44PM +0200, Christian Boltz wrote:
> Hello,
>
> another (this time easy) bug found by Stallmanu:
>
> When adding inet rules in aa-logprof, it crashes with
> IndexError: list index out of range
>
> The reason is that it doesn't display the options if only the raw rule
> is available (aka "no abstraction").
>
> This patch checks if options[] is set and otherwise sets selection to
> the raw rule.
>
> As an alternative, we could always display the options - even if only
> one option is available. Opinions?
I think I'm okay with this patch as is, though I don't know this code
well enough to know what "display the options" means; I thought the
CMD_ALLOW indicated that the user had already accepted a choice, but
probably that's my misunderstanding. Would adding it to the options list
give the user the opportunity to modify the proposed rule (e.g. shorten
'network inet dgram,' down to 'network inet' say) and not adding it
prevent that? Because if so, then I think we ought to offer the option.
(But I can live with the patch as is, so
Acked-by: Steve Beattie <steve at nxnw.org> if you don't want to do that.)
Thanks.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20141014/f1cb770c/attachment.pgp>
More information about the AppArmor
mailing list