mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Subject: call autodep when creating a child profile

Browse source 
This patch calls autodep on the 'exec'ed binary when the user selects
to place that execution in a child profile. Previously, logprof would
create an entirely empty child profile in complain mode (this fix
still leaves the child profile in complain mode).
This commit is contained in:
Steve Beattie 2012-03-27 17:21:22 -07:00
parent f37f59f47b
commit 01fe7f42a0
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
utils/Immunix/AppArmor.pm
View file

@ -2391,8 +2391,18 @@ sub handlechildren($$$) {
# put in enforce mode with genprof # put in enforce mode with genprof
$sd{$profile}{$hat}{flags} = $sd{$profile}{$profile}{flags} if $profile ne $hat; $sd{$profile}{$hat}{flags} = $sd{$profile}{$profile}{flags} if $profile ne $hat;
# autodep our new child
my $stub_profile = create_new_profile($hat);
$sd{$profile}{$hat}{flags} = 'complain'; $sd{$profile}{$hat}{flags} = 'complain';
$sd{$profile}{$hat}{allow}{path} = { }; $sd{$profile}{$hat}{allow}{path} = { };
if (defined $stub_profile->{$hat}{$hat}{allow}{path}) {
$sd{$profile}{$hat}{allow}{path} = $stub_profile->{$hat}{$hat}{allow}{path};
}
$sd{$profile}{$hat}{include} = { };
if (defined $stub_profile->{$hat}{$hat}{include}) {
$sd{$profile}{$hat}{include} = $stub_profile->{$hat}{$hat}{include};
}
$sd{$profile}{$hat}{allow}{netdomain} = { }; $sd{$profile}{$hat}{allow}{netdomain} = { };
my $file = $sd{$profile}{$profile}{filename}; my $file = $sd{$profile}{$profile}{filename};
$filelist{$file}{profiles}{$profile}{$hat} = 1; $filelist{$file}{profiles}{$profile}{$hat} = 1;