From 01fe7f42a04774675749d1e05d22dbbff07691fd Mon Sep 17 00:00:00 2001 From: Steve Beattie Date: Tue, 27 Mar 2012 17:21:22 -0700 Subject: [PATCH] Subject: call autodep when creating a child profile This patch calls autodep on the 'exec'ed binary when the user selects to place that execution in a child profile. Previously, logprof would create an entirely empty child profile in complain mode (this fix still leaves the child profile in complain mode). --- utils/Immunix/AppArmor.pm | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/utils/Immunix/AppArmor.pm b/utils/Immunix/AppArmor.pm index 4860f9b0a..9af2e619e 100755 --- a/utils/Immunix/AppArmor.pm +++ b/utils/Immunix/AppArmor.pm @@ -2391,8 +2391,18 @@ sub handlechildren($$$) { # put in enforce mode with genprof $sd{$profile}{$hat}{flags} = $sd{$profile}{$profile}{flags} if $profile ne $hat; + # autodep our new child + my $stub_profile = create_new_profile($hat); + $sd{$profile}{$hat}{flags} = 'complain'; $sd{$profile}{$hat}{allow}{path} = { }; + if (defined $stub_profile->{$hat}{$hat}{allow}{path}) { + $sd{$profile}{$hat}{allow}{path} = $stub_profile->{$hat}{$hat}{allow}{path}; + } + $sd{$profile}{$hat}{include} = { }; + if (defined $stub_profile->{$hat}{$hat}{include}) { + $sd{$profile}{$hat}{include} = $stub_profile->{$hat}{$hat}{include}; + } $sd{$profile}{$hat}{allow}{netdomain} = { }; my $file = $sd{$profile}{$profile}{filename}; $filelist{$file}{profiles}{$profile}{$hat} = 1;