mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
The AppArmor user space development project.
01b7969eee
Subject: apparmor-utils: Inherit flags in sub-profiles when generating profiles
References: bnc#496204
When creating profiles with cx subprofiles, genprof will set the
sub-profile in enforce mode. When genprof cycles multiple times, it
prohibits the sub-profile from working correctly.
e.g.
# Last Modified: Mon Jan 24 13:52:26 2011
#include <tunables/global>
/home/jeffm/mycat flags=(complain) {
#include <abstractions/base>
#include <abstractions/bash>
#include <abstractions/consoles>
/bin/bash ix,
/bin/cat cx,
/home/jeffm/mycat r,
profile /bin/cat {
#include <abstractions/base>
/bin/cat r,
/home/jeffm/mycat r,
}
}
This patch allows sub-profiles to inherit the flags from the parent
profile, which allows it to be created in complain mode (if appropriate).
The temporary complain flags are cleaned up at genprof completion as
expected.
This issue was reported at: https://bugzilla.novell.com/show_bug.cgi?id=496204
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
Bug: https://launchpad.net/bugs/707092
|
||
|---|---|---|
| changehat | ||
| common | ||
| deprecated/management | ||
| kernel-patches | ||
| libraries/libapparmor | ||
| parser | ||
| profiles | ||
| tests | ||
| utils | ||
| .bzrignore | ||
| LICENSE | ||
| Makefile | ||