[PATCH 2/2] UBUNTU: SAUCE: AppArmor: allow newer tools to load policyon older kernels
Tim Gardner
tim.gardner at canonical.com
Tue Sep 21 11:31:01 UTC 2010
On 09/21/2010 04:32 PM, John Johansen wrote:
> On 09/17/2010 04:54 PM, Tetsuo Handa wrote:
>> John Johansen wrote:
>>> for (i = 0; i< size; i++) {
>>> + /* discard extraneous rules that this kernel will
>>> + * never request
>>> + */
>>> + if (size> AF_MAX) {
>>
>> Do you want to discard all rules rather than extraneous rules?
>> I think this should be (i>= AF_MAX) rather than (size> AF_MAX).
>>
>>> + u16 tmp;
>>> + if (!unpack_u16(e,&tmp, NULL) ||
>>> + !unpack_u16(e,&tmp, NULL) ||
>>> + !unpack_u16(e,&tmp, NULL))
>>> + goto fail;
>>> + continue;
>>> + }
>>> if (!unpack_u16(e,&profile->net.allow[i], NULL))
>>> goto fail;
>>> if (!unpack_u16(e,&profile->net.audit[i], NULL))
>
> sigh, yes. I can't believe I did that :(
>
> thanks Tetsuo
>
So, whats the impact? Does this mean that we're dropping all AA rules?
rtg
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list