On Tue, Aug 26, 2014 at 01:17:56PM -0700, Steve Beattie wrote: > On Mon, Aug 25, 2014 at 05:06:07PM -0700, [email protected] wrote: > > +unix_rule::unix_rule(unsigned int type_p, bool audit_p, bool denied): > > + af_rule("unix"), path(NULL), peer_path(NULL) > > +{ > > + if (type_p != 0xffffffff) { > > + sock_type_n = type_p; > > + sock_type = strdup(net_find_type_name(type_p)); > > + if (!sock_type) > > + yyerror("socket rule: invalid socket type '%d'", > > type_p); > > + } > > + mode = AA_VALID_NET_PERMS; > > + audit = audit_p ? AA_VALID_NET_PERMS : 0; > > + deny = denied; > > +} > > This unix_rule constructor sets audit and deny (so they do > not to be initialized); yet > > > +unix_rule::unix_rule(int mode_p, struct cond_entry *conds, > > + struct cond_entry *peer_conds): > > + af_rule("unix"), path(NULL), peer_path(NULL) > > +{ > > + move_conditionals(conds); > > + move_peer_conditionals(peer_conds); > > + > > + if (mode_p) { > > + mode = mode_p; > > + if (mode & ~AA_VALID_NET_PERMS) > > + yyerror("mode contains invalid permissions for unix > > socket rules\n"); > > + else if ((mode & AA_NET_BIND) && > > + ((mode & AA_PEER_NET_PERMS) || has_peer_conds())) > > + /* Do we want to loosen this? */ > > + yyerror("unix socket 'bind' access cannot be used with > > message rule conditionals\n"); > > + else if ((mode & AA_NET_LISTEN) && > > + ((mode & AA_PEER_NET_PERMS) || has_peer_conds())) > > + /* Do we want to loosen this? */ > > + yyerror("unix socket 'listen' access cannot be used > > with message rule conditionals\n"); > > + else if ((mode & AA_NET_ACCEPT) && > > + ((mode & AA_PEER_NET_PERMS) || has_peer_conds())) > > + /* Do we want to loosen this? */ > > + yyerror("unix socket 'accept' access cannot be used > > with message rule conditionals\n"); > > + } else { > > + mode = AA_VALID_NET_PERMS; > > + } > > + > > + free_cond_list(conds); > > + free_cond_list(peer_conds); > > this unix_rule constructor does not. The following patch fixes the issue. > > Signed-off-by: Steve Beattie <[email protected]>
Acked-by: Seth Arnold <[email protected]> Thanks > --- > parser/af_unix.cc | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > Index: b/parser/af_unix.cc > =================================================================== > --- a/parser/af_unix.cc > +++ b/parser/af_unix.cc > @@ -105,7 +105,8 @@ unix_rule::unix_rule(unsigned int type_p > > unix_rule::unix_rule(int mode_p, struct cond_entry *conds, > struct cond_entry *peer_conds): > - af_rule("unix"), addr(NULL), peer_addr(NULL) > + af_rule("unix"), addr(NULL), peer_addr(NULL), > + audit(0), deny(0) > { > move_conditionals(conds); > move_peer_conditionals(peer_conds); > > -- > Steve Beattie > <[email protected]> > http://NxNW.org/~steve/ > -- > AppArmor mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
