Due to changes in path looks and the work going forward default profiles
to resolve relative to the chroot instead of the namespace.
This will only affect profiles that are used on tasks within a chroot.
For now it will be possible to get the old default namespace relative
behavior by passing the namespace_relative flag to the profile
eg.
profile /example (namespace_relative) { .. }
Signed-off-by: John Johansen <[email protected]>
---
parser/parser_yacc.y | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/parser/parser_yacc.y b/parser/parser_yacc.y
index 79a5ab2..9e05d24 100644
--- a/parser/parser_yacc.y
+++ b/parser/parser_yacc.y
@@ -418,6 +418,10 @@ flagvals: flagvals flagval
(PATH_CHROOT_REL | PATH_NS_REL))
yyerror(_("Profile flag chroot_relative conflicts with
namespace_relative"));
+ if (!($1.path & PATH_NS_REL))
+ /* default to chroot relative profiles */
+ $1.path |= PATH_CHROOT_REL;
+
if (($1.path & (PATH_MEDIATE_DELETED | PATH_DELEGATE_DELETED))
==
(PATH_MEDIATE_DELETED | PATH_DELEGATE_DELETED))
yyerror(_("Profile flag mediate_deleted conflicts with
delegate_deleted"));
--
1.7.9
--
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
