Fix: rejecting of unix rules with listen or bind permissions Only reject rules with explicit listen or bind permissions if a peer conditional is specified.
Signed-off-by: John Johansen <[email protected]> --- === modified file 'parser/af_unix.cc' --- parser/af_unix.cc 2014-08-31 02:13:35 +0000 +++ parser/af_unix.cc 2014-08-31 17:15:54 +0000 @@ -115,12 +115,10 @@ mode = mode_p; if (mode & ~AA_VALID_NET_PERMS) yyerror("mode contains invalid permissions for unix socket rules\n"); - else if ((mode & AA_NET_BIND) && - ((mode & AA_PEER_NET_PERMS) || has_peer_conds())) + else if ((mode & AA_NET_BIND) && has_peer_conds()) /* Do we want to loosen this? */ yyerror("unix socket 'bind' access cannot be used with message rule conditionals\n"); - else if ((mode & AA_NET_LISTEN) && - ((mode & AA_PEER_NET_PERMS) || has_peer_conds())) + else if ((mode & AA_NET_LISTEN) && has_peer_conds()) /* Do we want to loosen this? */ yyerror("unix socket 'listen' access cannot be used with message rule conditionals\n"); } else { -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
