Hello, $subject.
This turned out to be a simple case of misinterpreting the promptUser()
result - it returns the answer and the selected option, and
"surprisingly" something like
('CMD_ADDHAT', 0)
never matched
'CMD_ADDHAT'
;-)
I also noticed that the new hat doesn't get initialized as
profile_storage(), and that the changed profile doesn't get marked as
changed. This is also fixed by this patch.
References: https://bugs.launchpad.net/apparmor/+bug/1538306
I propose this patch for trunk, 2.10 and 2.9.
Note that 2.9 doesn't have profile_storage(), therefore I won't add
that line there.
[ fix-add-hat.diff ]
--- utils/apparmor/aa.py 2016-08-14 21:23:21.817325798 +0200
+++ utils/apparmor/aa.py 2016-08-14 21:48:51.009903328 +0200
@@ -1094,7 +1094,7 @@
seen_events += 1
- ans = q.promptUser()
+ ans = q.promptUser()[0]
if ans == 'CMD_FINISHED':
save_profiles()
@@ -1104,7 +1104,9 @@
if ans == 'CMD_ADDHAT':
hat = uhat
+ aa[profile][hat] = profile_storage(profile, hat,
'handle_children addhat')
aa[profile][hat]['flags'] = aa[profile][profile]['flags']
+ changed[profile] = True
elif ans == 'CMD_USEDEFAULT':
hat = default_hat
elif ans == 'CMD_DENY':
Regards,
Christian Boltz
--
[Linux-Performance] Man kann echt an allem in der Kiste sparen -
aber bittebitte nicht an RAM, für den Gegenwert von einmal falsch
parken kann man schon gut was rausholen. [Ratti in suse-linux]
signature.asc
Description: This is a digitally signed message part.
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
