On Fri, Aug 29, 2014 at 12:40:37PM -0700, John Johansen wrote: > This changes/fixes the encoding for unix socket rules. > > the changes look larger than they are because it refactors the code, instead > of duplicating. > > The major changes are: > - it changes where the accept perm is stored > - it moves anyone_match_pattern to default_match_pattern > - it fixes the layout of the local addr only being written when local perms > are present
I think there's an additional change here: > === modified file 'parser/network.h' > --- parser/network.h 2014-08-26 05:51:50 +0000 > +++ parser/network.h 2014-08-29 17:53:45 +0000 > @@ -70,8 +70,9 @@ > AA_NET_GETATTR | AA_NET_BIND | AA_NET_ACCEPT | \ > AA_NET_LISTEN | AA_NET_SETOPT | AA_NET_GETOPT) > #define AA_NET_OPT (AA_NET_SETOPT | AA_NET_GETOPT) > -#define AA_LOCAL_NET_CMD (AA_NET_ACCEPT | AA_NET_LISTEN | AA_NET_OPT) > -#define AA_PEER_NET_PERMS (AA_VALID_NET_PERMS & ~AA_LOCAL_NET_PERMS) > +#define AA_LOCAL_NET_CMD (AA_NET_LISTEN | AA_NET_OPT) > +#define AA_PEER_NET_PERMS (AA_VALID_NET_PERMS & (~AA_LOCAL_NET_PERMS | \ > + AA_NET_ACCEPT)) > AA_NET_ACCEPT was removed from AA_LOCAL_NET_CMD but the final line was adjusted as if it were removed from AA_LOCAL_NET_PERMS. I can't tell if this has any actual influence on anything... Thanks
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
