From f8ed2e1d0d2dc7b5f2d9e81de06acffa0a458da7 Mon Sep 17 00:00:00 2001
From: Jamie Strandboge <jamie@ubuntu.com>
Date: Mon, 9 Jun 2014 13:38:35 -0500
Subject: [PATCH] Description: use -QTK instead of -p in verify_policy(). '-p'
 only runs the  preprocessor and is not as thorough as -QTK
 (--skip-kernel-load,  --skip-read-cache, --skip-cache). Like with '-p',
 '-QTK' can be run without  privilege but it will catch things like
 conflictings 'x' modifiers.

Acked-By: Jamie Strandboge <jamie@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
---
 utils/apparmor/easyprof.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utils/apparmor/easyprof.py b/utils/apparmor/easyprof.py
index 699c7d74c..0ad627d63 100644
--- a/utils/apparmor/easyprof.py
+++ b/utils/apparmor/easyprof.py
@@ -279,7 +279,7 @@ def verify_policy(policy):
         os.write(f, policy)
         os.close(f)
 
-    rc, out = cmd([exe, '-p', fn])
+    rc, out = cmd([exe, '-QTK', fn])
     os.unlink(fn)
     if rc == 0:
         return True