Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:11.4:Update
apparmor.import4816
apparmor-utils-inherit-flags-during-profile-gen...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File apparmor-utils-inherit-flags-during-profile-generation of Package apparmor.import4816
From: Jeff Mahoney <jeffm@suse.com> Subject: apparmor-utils: Inherit flags in sub-profiles when generating profiles References: bnc#496204 When creating profiles with cx subprofiles, genprof will set the sub-profile in enforce mode. When genprof cycles multiple times, it prohibits the sub-profile from working correctly. e.g. # Last Modified: Mon Jan 24 13:52:26 2011 #include <tunables/global> /home/jeffm/mycat flags=(complain) { #include <abstractions/base> #include <abstractions/bash> #include <abstractions/consoles> /bin/bash ix, /bin/cat cx, /home/jeffm/mycat r, profile /bin/cat { #include <abstractions/base> /bin/cat r, /home/jeffm/mycat r, } } This patch allows sub-profiles to inherit the flags from the parent profile, which allows it to be created in complain mode (if appropriate). The temporary complain flags are cleaned up at genprof completion as expected. This issue was reported at: https://bugzilla.novell.com/show_bug.cgi?id=496204 Signed-off-by: Jeff Mahoney <jeffm@suse.com> --- utils/SubDomain.pm | 6 ++++++ 1 file changed, 6 insertions(+) --- a/utils/SubDomain.pm +++ b/utils/SubDomain.pm @@ -2337,6 +2337,12 @@ sub handlechildren { # we have seen more than a declaration so clear it $sd{$profile}{$hat}{'declared'} = 0; $sd{$profile}{$hat}{profile} = 1; + + # Otherwise sub-profiles end up getting + # put in enforce mode with genprof + $sd{$profile}{$hat}{flags} = $sd{$profile}{$profile}{flags} if $profile ne $hat; + + $sd{$profile}{$hat}{flags} = 'complain'; $sd{$profile}{$hat}{allow}{path} = { }; $sd{$profile}{$hat}{allow}{netdomain} = { }; my $file = $sd{$profile}{$profile}{filename};
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor