mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge utils: Ignore/skip disabled profiles

Browse source 
This is needed to avoid a "Conflicting profiles" error if there are two
profiles for an application, with one of them disabled.

This is not a theoretical usecase - for example, apparmor.d ships some
profiles that replace our "userns+unconfined" profiles. These profiles
use a different filename, and apparmor.d also creates a disable symlink
for the "userns+unconfined" profile it replaces.

I propose this patch for 4.0 and master.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1264
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>
(cherry picked from commit 834c28b5fe)
Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen 2024-07-17 08:24:09 +00:00 committed by John Johansen
parent 24a0ebb5ef
commit a07a8e69e0
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
utils/apparmor/aa.py
View file

@ -1800,6 +1800,9 @@ def read_profiles(ui_msg=False, skip_profiles=()):
if os.path.isfile(full_file):
if is_skippable_file(file):
continue
elif os.path.exists(f'{profile_dir}/disable/{file}'):
aaui.UI_Info("skipping disabled profile %s" % file)
continue
elif file in skip_profiles:
aaui.UI_Info("skipping profile %s" % full_file)
continue