mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Make sure aa-cleanprof de-duplicates capability rules

Browse source 
CleanProf.remove_duplicate_rules() didn't call
  $profile['capability'].delete_duplicates()
because aa-cleanprof sets same_file=True.

Fix this by calling delete_duplicates(None) so that it
only checks the profile against itsself.

Note: this is only needed if the to-be-cleaned profile doesn't
contain any include rules - with includes present, the
"for inc in includes:" block already called delete_duplicates()


Acked-by: Kshitij Gupta <kgupta8592@gmail.com>
This commit is contained in:
Christian Boltz 2015-04-26 21:49:04 +02:00
parent 764e3b1fc0
commit b83f457c1e
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
utils/apparmor/cleanprofile.py
View file

@ -67,6 +67,8 @@ class CleanProf(object):
#Clean the duplicates of caps in other profile
if not self.same_file:
deleted += self.other.aa[program][hat]['capability'].delete_duplicates(self.profile.aa[program][hat]['capability'])
else:
deleted += self.other.aa[program][hat]['capability'].delete_duplicates(None)
#Clean the duplicates of path in other profile
deleted += delete_path_duplicates(self.profile.aa[program][hat], self.other.aa[program][hat], 'allow', self.same_file)