On Mon, Feb 02, 2015 at 07:58:58PM +0100, Christian Boltz wrote: > Some IRC discussion brought up that it's probably better to check for > ' (complain)' and ' (enforce)', so here's the patch: > > > Fix aa-unconfined to work with profile names that don't start with / or null > > I propose this patch for 2.9 and trunk.
I know you already committed this patch, and I think it's an okay
solution for 2.9 (i.e. keeping to a minimal change to reduce the
possibilities of regressions), but for trunk, I'd really rather see
both aa-unconfined and aa-status unify on a helper function, so that
they use the same definition of confinement.
> === modified file 'utils/aa-unconfined'
> --- utils/aa-unconfined 2014-09-14 18:17:00 +0000
> +++ utils/aa-unconfined 2015-02-02 18:50:07 +0000
> @@ -63,8 +63,9 @@
> if os.path.exists("/proc/%s/attr/current"%pid):
> with aa.open_file_read("/proc/%s/attr/current"%pid) as current:
> for line in current:
> - if line.startswith("/") or line.startswith("null"):
> - attr = line.strip()
> + line = line.strip()
> + if line.endswith(' (complain)', 1) or line.endswith('
> (enforce)', 1): # enforce at least one char as profile name
> + attr = line
>
> cmdline = apparmor.common.cmd(["cat", "/proc/%s/cmdline"%pid])[1]
> pname = cmdline.split("\0")[0]
--
Steve Beattie
<[email protected]>
http://NxNW.org/~steve/
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
