aa-unconfined: Improve fallback handling to attr/current

If /proc/*/attr/apparmor/current exists, only read that - instead of falling back to /proc/*/attr/current if a process is for example unconfined so that read_proc_current returns None. Fixes: https://gitlab.com/apparmor/apparmor/-/issues/199
2025-03-04 08:24:42 +01:00 · 2021-09-18 19:02:56 +02:00 · 2021-09-18 19:02:56 +02:00 · f39d5c7c09
commit f39d5c7c09
parent 3b6257edea
1 changed files with 4 additions and 2 deletions
--- a/utils/aa-unconfined
+++ b/utils/aa-unconfined
@ -129,8 +129,10 @@ for pid in sorted(map(int, pids)):
    except OSError:
        continue

-    attr = read_proc_current("/proc/%s/attr/apparmor/current" % pid)
-    if not attr:
+    if os.path.exists("/proc/%s/attr/apparmor/current" % pid):
+        attr = read_proc_current("/proc/%s/attr/apparmor/current" % pid)
+    else:
+        # fallback to shared attr/current if attr/apparmor/current doesn't exist
        attr = read_proc_current("/proc/%s/attr/current" % pid)

    pname = None