Hello, _is_covered_list() has a sanity check that raises an exception if both other_value and other_all evaluate to False. This breaks when using _is_covered_list() for FileRule.perms which can be empty if exec_perms are specified.
This patch adds an optional parameter that allows to skip the sanity
check.
[ 05-is_covered_list-make-sanity-check-optional.diff ]
--- utils/apparmor/rule/__init__.py 2016-01-18 18:59:53.451076435 +0100
+++ utils/apparmor/rule/__init__.py 2016-01-18 18:56:44.740261951 +0100
@@ -167,10 +167,10 @@
# still here? -> then it is covered
return True
- def _is_covered_list(self, self_value, self_all, other_value, other_all,
cond_name):
+ def _is_covered_list(self, self_value, self_all, other_value, other_all,
cond_name, sanity_check=True):
'''check if other_* is covered by self_* - for lists'''
- if not other_value and not other_all:
+ if sanity_check and not other_value and not other_all:
raise AppArmorBug('No %(cond_name)s specified in other
%(rule_name)s rule' % {'cond_name': cond_name, 'rule_name': self.rule_name})
if not self_all:
Regards,
Christian Boltz
--
depressing, infuriating, sickening and
Acked-by: John Johansen <[email protected]>
[John Johansen in apparmor]
signature.asc
Description: This is a digitally signed message part.
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
