mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

ask_exec: ignore events for missing profiles

Browse source 
... and not only for events in missing hats.

This fixes a crash if the log contains exec events for a hat where not
even the parent profile exists.
This commit is contained in:
Christian Boltz 2024-06-30 21:41:45 +02:00
parent 24d424fd3c
commit 7928c41685
Failed to generate hash of commit
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
utils/apparmor/aa.py
View file

@ -774,9 +774,12 @@ def ask_exec(hashlog):
raise AppArmorBug(
'exec permissions requested for directory %s (profile %s). This should not happen - please open a bugreport!' % (exec_target, full_profile))
if not aa[profile].get(hat):
if not aa.get(profile):
continue # ignore log entries for non-existing profiles
if not aa[profile].get(hat):
continue # ignore log entries for non-existing hats
exec_event = FileRule(exec_target, None, FileRule.ANY_EXEC, FileRule.ALL, owner=False, log_event=True)
if is_known_rule(aa[profile][hat], 'file', exec_event):
continue