mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

utils/aa-unconfined: avoid using cat(1) to read /proc/PID/cmdline

Browse source 
This patch adjusts aa-unconfined to avoid using cat(1) to read
/proc/PID/cmdline entries, and instead opens them for reading directly.

Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: John Johansen <john.johansen@caanonical.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
This commit is contained in:
Steve Beattie 2016-12-30 12:18:14 -08:00
parent 4da5adbce4
commit e4f22f5e27
1 changed files with 6 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
utils/aa-unconfined
View file

@ -113,14 +113,17 @@ for pid in sorted(map(int, pids)):
continue
attr = None
if os.path.exists("/proc/%s/attr/current"%pid):
with aa.open_file_read("/proc/%s/attr/current"%pid) as current:
with apparmor.common.open_file_read("/proc/%s/attr/current"%pid) as current:
for line in current:
line = line.strip()
if line.endswith(' (complain)', 1) or line.endswith(' (enforce)', 1): # enforce at least one char as profile name
attr = line
cmdline = apparmor.common.cmd(["cat", "/proc/%s/cmdline"%pid])[1]
pname = cmdline.split("\0")[0]
pname = None
cmdline = None
with apparmor.common.open_file_read("/proc/%s/cmdline" % pid) as cmd:
cmdline = cmd.readlines()[0]
pname = cmdline.split("\0")[0]
if '/' in pname and pname != prog:
pname = "(%s)"% pname
else: