On Sun, Aug 31, 2014 at 10:20:29AM -0700, John Johansen wrote: > Fix: rejecting of unix rules with listen or bind permissions > > Only reject rules with explicit listen or bind permissions if a peer > conditional is specified.
With this change, do we want to put AA_NET_ACCEPT back in this check? > > Signed-off-by: John Johansen <[email protected]> Acked-by: Seth Arnold <[email protected]> Thanks > > --- > > === modified file 'parser/af_unix.cc' > --- parser/af_unix.cc 2014-08-31 02:13:35 +0000 > +++ parser/af_unix.cc 2014-08-31 17:15:54 +0000 > @@ -115,12 +115,10 @@ > mode = mode_p; > if (mode & ~AA_VALID_NET_PERMS) > yyerror("mode contains invalid permissions for unix > socket rules\n"); > - else if ((mode & AA_NET_BIND) && > - ((mode & AA_PEER_NET_PERMS) || has_peer_conds())) > + else if ((mode & AA_NET_BIND) && has_peer_conds()) > /* Do we want to loosen this? */ > yyerror("unix socket 'bind' access cannot be used with > message rule conditionals\n"); > - else if ((mode & AA_NET_LISTEN) && > - ((mode & AA_PEER_NET_PERMS) || has_peer_conds())) > + else if ((mode & AA_NET_LISTEN) && has_peer_conds()) > /* Do we want to loosen this? */ > yyerror("unix socket 'listen' access cannot be used > with message rule conditionals\n"); > } else { > > > > -- > AppArmor mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor >
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
