On Fri, Oct 23, 2015 at 8:51 PM, Christian Boltz <[email protected]> wrote:
> Hello, > > besides 'signal', also 'change_profile' and 'rlimit' cleanup was missing > for the main profile. > > In aa.py delete_duplicates() (used to check includes), only 'signal' was > missing. > > > > [ 10-cleanprof-more-rule-types.diff ] > > === modified file ./utils/apparmor/aa.py > --- utils/apparmor/aa.py 2015-10-23 15:15:05.562818747 +0200 > +++ utils/apparmor/aa.py 2015-10-23 17:08:32.594881219 +0200 > @@ -2113,7 +2113,7 @@ > # Allow rules covered by denied rules shouldn't be deleted > # only a subset allow rules may actually be denied > > - ruletypes = ['capability', 'change_profile', 'network', 'rlimit'] > + ruletypes = ['capability', 'change_profile', 'network', 'rlimit', > 'signal'] > > if include.get(incname, False): > for rule_type in ruletypes: > === modified file ./utils/apparmor/cleanprofile.py > --- utils/apparmor/cleanprofile.py 2015-06-18 23:50:22.428586163 +0200 > +++ utils/apparmor/cleanprofile.py 2015-10-23 17:03:58.344857512 +0200 > @@ -64,12 +64,11 @@ > deleted += > apparmor.delete_duplicates(self.other.aa[program][hat], inc) > > #Clean duplicate rules in other profile > - if not self.same_file: > - deleted += > self.other.aa[program][hat]['capability'].delete_duplicates(self.profile.aa[program][hat]['capability']) > - deleted += > self.other.aa[program][hat]['network'].delete_duplicates(self.profile.aa[program][hat]['network']) > - else: > - deleted += > self.other.aa[program][hat]['capability'].delete_duplicates(None) > - deleted += > self.other.aa[program][hat]['network'].delete_duplicates(None) > + for ruletype in ['capability', 'change_profile', 'network', > 'rlimit', 'signal']: > Maybe move this as a list somewhere up: KNOWN_RULE_TYPES = ['capability', 'change_profile', 'network', 'rlimit', 'signal'] + if not self.same_file: > + deleted += > self.other.aa[program][hat][ruletype].delete_duplicates(self.profile.aa[program][hat][ruletype]) > + else: > + deleted += > self.other.aa[program][hat][ruletype].delete_duplicates(None) > > #Clean the duplicates of path in other profile > deleted += > delete_path_duplicates(self.profile.aa[program][hat], > self.other.aa[program][hat], 'allow', self.same_file) > > > Thanks for the patch. Acked-by: Kshitij Gupta <[email protected]> > > Regards, > > Christian Boltz > -- > :O h:, ich schmeiß mich weg. Wenn es das mit dem Quiz nicht ist, ist es > dann so ein Pyramidenschema? Bekommt man eine Prämie, wenn man einen > weiteren Newbie in sein Unglück lockt? [Thorsten Haude in suse-linux] > > > -- > AppArmor mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor > -- Regards, Kshitij Gupta
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
