Viewing all changes in revision 3679.
- Committer: John Johansen
- Date: 2017-10-18 21:31:16 UTC
- Revision ID: john.johansen@canonical.com-20171018213116-ghm7bjqsn9m1uud2
Fix af_unix downgrade of network rules
with unix rules we output a downgraded rule compatible with network rules
so that policy will work on kernels that support network socket controls
but not the extended af_unix rules
however this is currently broken if the socket type is left unspecified
(initialized to -1), resulting in denials for kernels that don't support
the extended af_unix rules.
cherry-pick: lp:apparmor r3700
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: timeout
with unix rules we output a downgraded rule compatible with network rules
so that policy will work on kernels that support network socket controls
but not the extended af_unix rules
however this is currently broken if the socket type is left unspecified
(initialized to -1), resulting in denials for kernels that don't support
the extended af_unix rules.
cherry-pick: lp:apparmor r3700
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: timeout
- files modified:
- parser/af_unix.cc
expand all
collapse all
added
removed
