mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
fix a nasty little bug that can surface in apparmor 2.8 when
Hats/children profiles are used. the matchflags in the dfa backend are not getting properly reset, which results in a previously processed profiles match flags being used. This is not a problem for most permissions but can result in x conflict errors. Note: this should not result in profiles with the wrong x transitions loaded as it causes compilation to file with an x conflict. This is a minimal patch targeted at the 2.8 release. As such I have just updated the delete_ruleset routine to clear the flags as it is already being properly called for every rule set. Apparmor 2.9/3.0 will have a different approach where it is not possible to reuse the flags. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <sbeattie@ubuntu.com>
This commit is contained in:
John Johansen
parent
b5c6e11aca
commit
e0c94c9039
1 changed files with 2 additions and 0 deletions
|
|
@ -57,6 +57,8 @@ extern "C" void aare_delete_ruleset(aare_ruleset_t *rules)
|
|||
if (rules->root)
|
||||
rules->root->release();
|
||||
free(rules);
|
||||
|
||||
aare_reset_matchflags();
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue