On Fri, Aug 29, 2014 at 10:45:59PM -0700, John Johansen wrote: > On 08/29/2014 12:40 PM, John Johansen wrote: > > This changes/fixes the encoding for unix socket rules. > > > > the changes look larger than they are because it refactors the code, instead > > of duplicating. > > > > The major changes are: > > - it changes where the accept perm is stored > > - it moves anyone_match_pattern to default_match_pattern > > - it fixes the layout of the local addr only being written when local perms > > are present > > Fix to allow specifying the unix perm with peer perms. This is allowed now > and even supported, since for unix sockets the peer accept is mediated in > the unix_stream_connect hook (something that is not possible in the > lsm accept hook).
Acked-by: Seth Arnold <[email protected]> Heh, "yes", "yes we do want to loosen this" :) Thanks > > --- > > === modified file 'parser/af_unix.cc' > --- parser/af_unix.cc 2014-08-30 05:32:14 +0000 > +++ parser/af_unix.cc 2014-08-30 05:34:21 +0000 > @@ -123,10 +123,6 @@ > ((mode & AA_PEER_NET_PERMS) || has_peer_conds())) > /* Do we want to loosen this? */ > yyerror("unix socket 'listen' access cannot be used > with message rule conditionals\n"); > - else if ((mode & AA_NET_ACCEPT) && > - ((mode & AA_PEER_NET_PERMS) || has_peer_conds())) > - /* Do we want to loosen this? */ > - yyerror("unix socket 'accept' access cannot be used > with message rule conditionals\n"); > } else { > mode = AA_VALID_NET_PERMS; > } > > > -- > AppArmor mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor >
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
