[apparmor] [patch] Fix writing network rules
Seth Arnold
seth.arnold at canonical.com
Thu Apr 9 18:58:20 UTC 2015
On Thu, Apr 09, 2015 at 01:38:57PM +0200, Christian Boltz wrote:
> > I wonder what happens if the 'audit' bit is
> > triggered above; would this then emit rules like:
> >
> > auditnetwork bluetooth,
> Fix writing network rules, part 2
>
> write_net_rules() doesn't add a space after 'audit' in two of three
> cases, leading to invalid network rules.
> This patch adds the missing spaces.
>
> (This also tells us that not too many people use network rules with
> the audit flag set ;-)
>
>
> I propose this patch for trunk and 2.9.
Excellent, thanks so much of tracking down my suspicion.
Acked-by: Seth Arnold <seth.arnold at canonical.com>
for both trunk and 2.9
Thanks
>
>
> [ 37-write_net_rules-audit-spacing.diff ]
>
> === modified file utils/apparmor/aa.py
> --- utils/apparmor/aa.py 2015-04-09 00:05:04.600726808 +0200
> +++ utils/apparmor/aa.py 2015-04-09 13:24:18.177577762 +0200
> @@ -3401,12 +3401,12 @@
> for fam in sorted(prof_data[allow]['netdomain']['rule'].keys()):
> if prof_data[allow]['netdomain']['rule'][fam] is True:
> if prof_data[allow]['netdomain']['audit'][fam]:
> - audit = 'audit'
> + audit = 'audit '
> data.append('%s%s%snetwork %s,' % (pre, audit, allowstr, fam))
> else:
> for typ in sorted(prof_data[allow]['netdomain']['rule'][fam].keys()):
> if prof_data[allow]['netdomain']['audit'][fam].get(typ, False):
> - audit = 'audit'
> + audit = 'audit '
> data.append('%s%s%snetwork %s %s,' % (pre, audit, allowstr, fam, typ))
> if prof_data[allow].get('netdomain', False):
> data.append('')
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150409/0ac118e4/attachment.pgp>
More information about the AppArmor
mailing list