On 08/29/2014 04:54 PM, Seth Arnold wrote: > On Fri, Aug 29, 2014 at 12:40:37PM -0700, John Johansen wrote: >> This changes/fixes the encoding for unix socket rules. >> >> the changes look larger than they are because it refactors the code, instead >> of duplicating. >> >> The major changes are: >> - it changes where the accept perm is stored >> - it moves anyone_match_pattern to default_match_pattern >> - it fixes the layout of the local addr only being written when local perms >> are present > > I think there's an additional change here: > >> === modified file 'parser/network.h' >> --- parser/network.h 2014-08-26 05:51:50 +0000 >> +++ parser/network.h 2014-08-29 17:53:45 +0000 >> @@ -70,8 +70,9 @@ >> AA_NET_GETATTR | AA_NET_BIND | AA_NET_ACCEPT | \ >> AA_NET_LISTEN | AA_NET_SETOPT | AA_NET_GETOPT) >> #define AA_NET_OPT (AA_NET_SETOPT | AA_NET_GETOPT) >> -#define AA_LOCAL_NET_CMD (AA_NET_ACCEPT | AA_NET_LISTEN | AA_NET_OPT) >> -#define AA_PEER_NET_PERMS (AA_VALID_NET_PERMS & ~AA_LOCAL_NET_PERMS) >> +#define AA_LOCAL_NET_CMD (AA_NET_LISTEN | AA_NET_OPT) >> +#define AA_PEER_NET_PERMS (AA_VALID_NET_PERMS & (~AA_LOCAL_NET_PERMS | \ >> + AA_NET_ACCEPT)) >> > > AA_NET_ACCEPT was removed from AA_LOCAL_NET_CMD but the final line was > adjusted as if it were removed from AA_LOCAL_NET_PERMS. > > I can't tell if this has any actual influence on anything... > okay, yes my description of the accept perm change wasn't enough, though I did mean for it to cover this
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
