mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

From: Jeff Mahoney <jeffm@suse.com>

Browse source 
Subject: perl-apparmor: Fix bare 'network' keyword handling
References: bnc#889650

The 'network' bare keyword was being printed as "audit network all" due to
two different bugs:

1) {audit}{all} was always being set to 1, regardless of whether the audit
   keyword was used
2) {rule} eq 'all' is the wrong test - it should be {rule}{all}

With these fixed, 'network' is properly handled.

Signed-off-by: Jeff Mahoney <jeffm@suse.com>

Acked-by: Steve Beattie <steve@nxnw.org>
This commit is contained in:
Christian Boltz 2014-08-02 12:47:39 +02:00
parent 47df23aca5
commit ff267dc1fc
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
utils/Immunix/AppArmor.pm
View file

@ -5353,7 +5353,7 @@ sub parse_profile_data($$$) {
$profile_data->{$profile}{$hat}{$allow}{netdomain}{audit}{$fam} = $audit;
} else {
$profile_data->{$profile}{$hat}{$allow}{netdomain}{rule}{all} = 1;
$profile_data->{$profile}{$hat}{$allow}{netdomain}{audit}{all} = 1;
$profile_data->{$profile}{$hat}{$allow}{netdomain}{audit}{all} = $audit;
}
} elsif (/^\s*(tcp_connect|tcp_accept|udp_send|udp_receive)/) {
# just ignore and drop old style network
@ -5708,7 +5708,7 @@ sub writenet_rules ($$$) {
# dump out the netdomain entries...
if (exists $profile_data->{$allow}{netdomain}) {
if ( $profile_data->{$allow}{netdomain}{rule} &&
$profile_data->{$allow}{netdomain}{rule} eq 'all') {
$profile_data->{$allow}{netdomain}{rule}{all}) {
$audit = "audit " if $profile_data->{$allow}{netdomain}{audit}{all};
push @data, "${pre}${audit}network,";
} else {