Fix aa-logprof "add hat" endless loop

This turned out to be a simple case of misinterpreting the promptUser() result - it returns the answer and the selected option, and "surprisingly" something like ('CMD_ADDHAT', 0) never matched 'CMD_ADDHAT' ;-) I also noticed that the changed profile doesn't get marked as changed. This is also fixed by this patch. References: https://bugs.launchpad.net/apparmor/+bug/1538306 Note: the 2.10 and trunk version of this patch also initializes the new hat as profile_storage(), but this function doesn't exist in 2.9 (and isn't needed because in 2.9 everything is a big, self-initializing hasher) Acked-by: Steve Beattie <steve@nxnw.org> for trunk, 2.10 and 2.9
2025-03-04 16:35:02 +01:00 · 2016-08-15 22:10:37 +02:00 · 2016-08-15 22:10:37 +02:00 · cb9c8a41ea
commit cb9c8a41ea
parent bbcb2727a6
1 changed files with 2 additions and 1 deletions
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@ -1022,7 +1022,7 @@ def handle_children(profile, hat, root):

                    seen_events += 1

-                    ans = q.promptUser()
+                    ans = q.promptUser()[0]

                    if ans == 'CMD_FINISHED':
                        save_profiles()
@ -1033,6 +1033,7 @@ def handle_children(profile, hat, root):
                if ans == 'CMD_ADDHAT':
                    hat = uhat
                    aa[profile][hat]['flags'] = aa[profile][profile]['flags']
+                    changed[profile] = True
                elif ans == 'CMD_USEDEFAULT':
                    hat = default_hat
                elif ans == 'CMD_DENY':