[apparmor] [PATCH] parser: Honor the --namespace-string commandline option

Seth Arnold seth.arnold at canonical.com
Mon Dec 14 23:55:33 UTC 2015 

On Mon, Dec 14, 2015 at 05:21:40PM -0600, Tyler Hicks wrote:
> https://launchpad.net/bugs/1526085
> 
> Revno 2934 'Add fns to handle profile removal to the kernel interface'
> introduced a regression in the parser's namespace support by causing the
> --namespace-string option to be ignored. This resulted in the profile(s)
> being loaded into the global namespace rather than the namespace
> specified on the command line.
> 
> This patch fixes the bug by setting the Profile object's ns member, if
> the --namespace-string option was specified, immediately after the
> Profile object is allocated.
> 
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>

Acked-by: Seth Arnold <seth.arnold at canonical.com>

Acked for both trunk and 2.10.

Thanks

> ---
> 
> Nominated for 2.10 and trunk.
> 
> Tyler
> 
>  parser/parser_yacc.y | 22 +++++++++++++++++-----
>  1 file changed, 17 insertions(+), 5 deletions(-)
> 
> diff --git a/parser/parser_yacc.y b/parser/parser_yacc.y
> index d17eab9..2a48367 100644
> --- a/parser/parser_yacc.y
> +++ b/parser/parser_yacc.y
> @@ -318,6 +318,13 @@ profile_base: TOK_ID opt_id_or_var flags TOK_OPEN rules TOK_CLOSE
>  			yyerror(_("Memory allocation error."));
>  		}
>  
> +		/* Honor the --namespace-string command line option */
> +		if (profile_ns) {
> +			prof->ns = strdup(profile_ns);
> +			if (!prof->ns)
> +				yyerror(_("Memory allocation error."));
> +		}
> +
>  		prof->name = $1;
>  		prof->attachment = $2;
>  		if ($2 && !($2[0] == '/' || strncmp($2, "@{", 2) == 0))
> @@ -351,12 +358,17 @@ profile:  opt_profile_flag opt_ns profile_base
>  		if ($3->name[0] != '/' && !($1 || $2))
>  			yyerror(_("Profile names must begin with a '/', namespace or keyword 'profile' or 'hat'."));
>  
> -		if ($2 && profile_ns) {
> -			pwarn("%s: -n %s overriding policy specified namespace :%s:\n", progname, profile_ns, $2);
> +		if (prof->ns) {
> +			/**
> +			 * Print warning if the profile specified a namespace
> +			 * different than the one specified with the
> +			 * --namespace-string commandline option
> +			 */
> +			if ($2 && strcmp(prof->ns, $2)) {
> +				pwarn("%s: -n %s overriding policy specified namespace :%s:\n",
> +				      progname, prof->ns, $2);
> +			}
>  			free($2);
> -			prof->ns = strdup(profile_ns);
> -			if (!prof->ns)
> -				yyerror(_("Memory allocation error."));
>  		} else
>  			prof->ns = $2;
>  		if ($1 == 2)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20151214/e1f44c7c/attachment.pgp>

More information about the AppArmor mailing list