mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

aa-unconfined: add support for 'kill' profile mode

Browse source 
... when reading /proc/$pid/attr/{apparmor/,}current

Also add a comment about _not_ adding support for the 'unconfined'
profile mode, because that would give a quite confusing output.
This commit is contained in:
Christian Boltz 2020-09-18 13:34:37 +02:00
parent 5a31e94394
commit f0c27b57b0
Failed to generate hash of commit
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
utils/aa-unconfined
View file

@ -106,7 +106,8 @@ def read_proc_current(filename):
with apparmor.common.open_file_read(filename) as current:
for line in current:
line = line.strip()
if line.endswith(' (complain)', 1) or line.endswith(' (enforce)', 1): # enforce at least one char as profile name
if line.endswith(' (complain)', 1) or line.endswith(' (enforce)', 1) or line.endswith(' (kill)', 1): # enforce at least one char as profile name
# intentionally not checking for '(unconfined)', because $binary confined by $profile (unconfined) would look very confusing
attr = line
return attr