mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/utils/Immunix
History
Steve Beattie a39d6e36e8 From: Jeff Mahoney <jeffm@suse.com> 
Subject: apparmor-utils: Inherit flags in sub-profiles when generating profiles
References: bnc#496204

 When creating profiles with cx subprofiles, genprof will set the
 sub-profile in enforce mode. When genprof cycles multiple times, it
 prohibits the sub-profile from working correctly.

 e.g.

 # Last Modified: Mon Jan 24 13:52:26 2011
 #include <tunables/global>

 /home/jeffm/mycat flags=(complain) {
   #include <abstractions/base>
   #include <abstractions/bash>
   #include <abstractions/consoles>

   /bin/bash ix,
   /bin/cat cx,
   /home/jeffm/mycat r,

 profile /bin/cat {
     #include <abstractions/base>

     /bin/cat r,
     /home/jeffm/mycat r,

   }
 }

 This patch allows sub-profiles to inherit the flags from the parent
 profile, which allows it to be created in complain mode (if appropriate).
 The temporary complain flags are cleaned up at genprof completion as
 expected.

 This issue was reported at: https://bugzilla.novell.com/show_bug.cgi?id=496204

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>

Bug: https://launchpad.net/bugs/707092
2011-02-15 16:26:05 -08:00
..
AppArmor.pm From: Jeff Mahoney <jeffm@suse.com> 2011-02-15 16:26:05 -08:00
Config.pm Here's an update to rename another chunk of things that still used 2011-01-13 13:58:26 -08:00
Reports.pm From: Jeff Mahoney <jeffm@suse.com> 2011-02-08 16:29:59 -08:00
Repository.pm Here's an update to rename another chunk of things that still used 2011-01-13 13:58:26 -08:00
Severity.pm Here's an update to rename another chunk of things that still used 2011-01-13 13:58:26 -08:00