mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 00:14:44 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge rule_ents from conditional block are dropped

Browse source 
In the following policy, "ptrace" would be dropped during merging:
```
$FOO=true
/bin/true {
  if $FOO {
      ptrace,
  }
}
```

Current behavior:
```
----- Debugging built structures -----
Name:		/bin/true
Local To:	<NULL>
Mode: 
```

With patch:
```
----- Debugging built structures -----
Name:		/bin/true
Local To:	<NULL>
Mode: 
ptrace,
```

I am quite new to the AA code base, so please let me know if I'm missing something obvious and this is intended behavior :)

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1551
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>
This commit is contained in:
John Johansen 2025-02-18 22:33:32 +00:00
commit 46335d58cf
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
parser/parser_policy.c
View file

@ -178,6 +178,8 @@ Profile *merge_policy(Profile *a, Profile *b)
}
}
a->rule_ents.splice(a->rule_ents.end(), b->rule_ents);
merge_hats(a, b->hat_table);
delete b;
out: