Viewing all changes in revision 1900.
- Committer: Steve Beattie
- Date: 2012-04-24 18:28:23 UTC
- Revision ID: sbeattie@ubuntu.com-20120424182823-gc6xzu3t576882ct
Merge from trunk rev 2034: fix aa-logprof rewrite of PUx modes
When writing out a profile, aa-logprof incorrectly converts PUx execute
permission modes to the syntactically invalid UPx mode, because the
function that converts the internal representation of permissions to
a string emits the U(nconfined) mode bit before the P bit.
This patch corrects this by reordering the way the exec permissions
are emitted, so that P and C modes come before U and i. Based on
http://wiki.apparmor.net/index.php/AppArmor_Core_Policy_Reference#Execute_rules
this should emit the modes correctly in all combined exec modes.
Other approaches to fixing this would require adjusting the data
structure that contains the permission modes, resulting in a more
invasive patch.
Nominated-By: Steve Beattie <sbeattie@ubuntu.com>
Signed-Off-By: John Johansen <john.johansen@canonical.com>
When writing out a profile, aa-logprof incorrectly converts PUx execute
permission modes to the syntactically invalid UPx mode, because the
function that converts the internal representation of permissions to
a string emits the U(nconfined) mode bit before the P bit.
This patch corrects this by reordering the way the exec permissions
are emitted, so that P and C modes come before U and i. Based on
http://wiki.apparmor.net/index.php/AppArmor_Core_Policy_Reference#Execute_rules
this should emit the modes correctly in all combined exec modes.
Other approaches to fixing this would require adjusting the data
structure that contains the permission modes, resulting in a more
invasive patch.
Nominated-By: Steve Beattie <sbeattie@ubuntu.com>
Signed-Off-By: John Johansen <john.johansen@canonical.com>
- files modified:
- utils/Immunix/AppArmor.pm
expand all
collapse all
added
removed
