This patch adjusts aa-unconfined to avoid using cat(1) to read /proc/PID/cmdline entries, and instead opens them for reading directly.
Signed-off-by: Steve Beattie <[email protected]> --- utils/aa-unconfined | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) Index: b/utils/aa-unconfined =================================================================== --- a/utils/aa-unconfined +++ b/utils/aa-unconfined @@ -113,14 +113,17 @@ for pid in sorted(map(int, pids)): continue attr = None if os.path.exists("/proc/%s/attr/current"%pid): - with aa.open_file_read("/proc/%s/attr/current"%pid) as current: + with apparmor.common.open_file_read("/proc/%s/attr/current"%pid) as current: for line in current: line = line.strip() if line.endswith(' (complain)', 1) or line.endswith(' (enforce)', 1): # enforce at least one char as profile name attr = line - cmdline = apparmor.common.cmd(["cat", "/proc/%s/cmdline"%pid])[1] - pname = cmdline.split("\0")[0] + pname = None + cmdline = None + with apparmor.common.open_file_read("/proc/%s/cmdline" % pid) as cmd: + cmdline = cmd.readlines()[0] + pname = cmdline.split("\0")[0] if '/' in pname and pname != prog: pname = "(%s)"% pname else: -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
