[PATCH 2/2] UBUNTU: SAUCE: AppArmor: allow newer tools to load policyon older kernels
Tetsuo Handa
from-ubuntu at I-love.SAKURA.ne.jp
Fri Sep 17 23:54:30 UTC 2010
John Johansen wrote:
> for (i = 0; i < size; i++) {
> + /* discard extraneous rules that this kernel will
> + * never request
> + */
> + if (size > AF_MAX) {
Do you want to discard all rules rather than extraneous rules?
I think this should be (i >= AF_MAX) rather than (size > AF_MAX).
> + u16 tmp;
> + if (!unpack_u16(e, &tmp, NULL) ||
> + !unpack_u16(e, &tmp, NULL) ||
> + !unpack_u16(e, &tmp, NULL))
> + goto fail;
> + continue;
> + }
> if (!unpack_u16(e, &profile->net.allow[i], NULL))
> goto fail;
> if (!unpack_u16(e, &profile->net.audit[i], NULL))
More information about the kernel-team
mailing list