[apparmor] [patch] Fix writing network rules

[Christian Boltz]

Hello,

Am Mittwoch, 8. April 2015 schrieb Seth Arnold:
> I wonder what happens if the 'audit' bit is
> triggered above; would this then emit rules like:
> 
>   auditnetwork bluetooth,
> 
> ?

Short answer: Yes, nice catch!

Long answer:


Fix writing network rules, part 2

write_net_rules() doesn't add a space after 'audit' in two of three 
cases, leading to invalid network rules. 
This patch adds the missing spaces.

(This also tells us that not too many people use network rules with 
the audit flag set ;-)


I propose this patch for trunk and 2.9.


[ 37-write_net_rules-audit-spacing.diff ]

=== modified file utils/apparmor/aa.py
--- utils/apparmor/aa.py        2015-04-09 00:05:04.600726808 +0200
+++ utils/apparmor/aa.py        2015-04-09 13:24:18.177577762 +0200
@@ -3401,12 +3401,12 @@
             for fam in sorted(prof_data[allow]['netdomain']['rule'].keys()):
                 if prof_data[allow]['netdomain']['rule'][fam] is True:
                     if prof_data[allow]['netdomain']['audit'][fam]:
-                        audit = 'audit'
+                        audit = 'audit '
                     data.append('%s%s%snetwork %s,' % (pre, audit, allowstr, fam))
                 else:
                     for typ in sorted(prof_data[allow]['netdomain']['rule'][fam].keys()):
                         if prof_data[allow]['netdomain']['audit'][fam].get(typ, False):
-                            audit = 'audit'
+                            audit = 'audit '
                         data.append('%s%s%snetwork %s %s,' % (pre, audit, allowstr, fam, typ))
         if prof_data[allow].get('netdomain', False):
             data.append('')



Regards,

Christian Boltz
-- 
[20:21] <jospoortvliet> ok but IF we do that, note that you'll have to 
        cook for 50+ people. [...]
[20:21] <suseROCKs> jospoortvliet,   so you're saying you need 50 
        microwaves???   :-)
[from #opensuse-project]