[PATCH 2/2] UBUNTU: SAUCE: AppArmor: allow newer tools to load policyon older kernels
John Johansen
john.johansen at canonical.com
Tue Sep 21 08:32:34 UTC 2010
On 09/17/2010 04:54 PM, Tetsuo Handa wrote:
> John Johansen wrote:
>> for (i = 0; i< size; i++) {
>> + /* discard extraneous rules that this kernel will
>> + * never request
>> + */
>> + if (size> AF_MAX) {
>
> Do you want to discard all rules rather than extraneous rules?
> I think this should be (i>= AF_MAX) rather than (size> AF_MAX).
>
>> + u16 tmp;
>> + if (!unpack_u16(e,&tmp, NULL) ||
>> + !unpack_u16(e,&tmp, NULL) ||
>> + !unpack_u16(e,&tmp, NULL))
>> + goto fail;
>> + continue;
>> + }
>> if (!unpack_u16(e,&profile->net.allow[i], NULL))
>> goto fail;
>> if (!unpack_u16(e,&profile->net.audit[i], NULL))
sigh, yes. I can't believe I did that :(
thanks Tetsuo
More information about the kernel-team
mailing list