mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/utils
History
Tyler Hicks b786c64b17 utils: Don't use access() to determine readability of profiles file 
LSMs, such as AppArmor, aren't consulted when a program calls access(2).
This can result in access(2) returning 0 but a subsequent open(2)
failing.

The aa-status utility was doing the access() -> open() sequence and we
became aware of a large number of tracebacks due to open() failing for
lack of permissions. This patch catches any IOError exceptions thrown by
open(). It continues to print the same error message as before when
access() failed but also prints that error message when AppArmor blocks
the open of the apparmorfs profiles file.

https://launchpad.net/bugs/1466768

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
2015-06-22 10:14:14 -05:00
..
apparmor Change aa.py delete_duplicates() to loop over rule classes 2015-06-19 23:27:06 +02:00
easyprof Add aa-easyprof and easyprof.py and related pieces from the Ubuntu 2014-02-13 17:53:40 -08:00
po Merge from launchpad translations project. Changes include: 2015-05-16 10:05:48 -07:00
test Move re_match_include() to regex.py and improve it 2015-06-19 21:41:41 +02:00
vim rename _clean to pod_clean in Makefiles 2015-01-30 22:15:53 +01:00
aa-audit Add --no-reload parameter to minitools 2015-06-06 14:21:21 +02:00
aa-audit.pod Merge in Kshitij Gupta <kgupta8592@gmail.com>'s rewrite of the 2014-02-12 15:54:00 -08:00
aa-autodep utils: split out aa-genprof command 2014-03-06 11:54:38 -08:00
aa-autodep.pod Merge in Kshitij Gupta <kgupta8592@gmail.com>'s rewrite of the 2014-02-12 15:54:00 -08:00
aa-cleanprof Add --no-reload parameter to minitools 2015-06-06 14:21:21 +02:00
aa-cleanprof.pod manpages: incorporate podchecker; fix errors and (most) warnings 2014-09-15 11:30:47 -07:00
aa-complain Add --no-reload parameter to minitools 2015-06-06 14:21:21 +02:00
aa-complain.pod manpages: incorporate podchecker; fix errors and (most) warnings 2014-09-15 11:30:47 -07:00
aa-decode speed up aa-decode by using a bash regex matching instead of calling egrep for each line. 2013-01-01 20:15:04 +01:00
aa-decode.pod manpages: incorporate podchecker; fix errors and (most) warnings 2014-09-15 11:30:47 -07:00
aa-disable Add --no-reload parameter to minitools 2015-06-06 14:21:21 +02:00
aa-disable.pod utils: remove aa-enforce '--remove' option 2014-03-03 14:59:47 -08:00
aa-easyprof incorporate feedback from Seth Arnold: 2015-03-28 07:16:22 -05:00
aa-easyprof.pod utils/aa-easyprof.pod: corrections for --show-templates and 2015-03-27 16:33:35 -05:00
aa-enforce Add --no-reload parameter to minitools 2015-06-06 14:21:21 +02:00
aa-enforce.pod manpages: incorporate podchecker; fix errors and (most) warnings 2014-09-15 11:30:47 -07:00
aa-exec remove unneeded perl requires on Time::Local and File::Basename 2013-06-27 12:11:09 -05:00
aa-exec.pod fix broken URLs in various utils/*.pod files. 2013-09-19 21:17:39 +02:00
aa-genprof require logfile only for aa-logprof and aa-genprof 2015-02-20 21:36:55 +01:00
aa-genprof.pod manpages: incorporate podchecker; fix errors and (most) warnings 2014-09-15 11:30:47 -07:00
aa-logprof require logfile only for aa-logprof and aa-genprof 2015-02-20 21:36:55 +01:00
aa-logprof.pod manpages: incorporate podchecker; fix errors and (most) warnings 2014-09-15 11:30:47 -07:00
aa-mergeprof Move re_match_include() to regex.py and improve it 2015-06-19 21:41:41 +02:00
aa-mergeprof.pod update the aa-mergeprof manpage to match the new commandline syntax 2014-10-16 20:26:45 +02:00
aa-notify aa-notify: also display notifications for complain mode events 2015-04-29 01:03:17 +02:00
aa-notify.pod add missing --display to aa-notify.pod 2014-09-08 20:40:33 +02:00
aa-sandbox utils: remove unneeded imports from aa-easyprof and aa-sandbox 2014-01-17 00:09:23 -08:00
aa-sandbox.pod manpages: incorporate podchecker; fix errors and (most) warnings 2014-09-15 11:30:47 -07:00
aa-status utils: Don't use access() to determine readability of profiles file 2015-06-22 10:14:14 -05:00
aa-status.pod fix broken URLs in various utils/*.pod files. 2013-09-19 21:17:39 +02:00
aa-unconfined Fix aa-unconfined to work with profile names that don't start with / or null 2015-02-02 20:52:07 +01:00
aa-unconfined.pod Merge in Kshitij Gupta <kgupta8592@gmail.com>'s rewrite of the 2014-02-12 15:54:00 -08:00
check_po.pl utitlity to look for problems in the po files. 2007-08-15 19:24:49 +00:00
logprof.conf Update perl abstraction, logprof.conf, severity.db and tests for Debian/Ubuntu 2014-08-20 19:14:24 -05:00
logprof.conf.pod manpages: incorporate podchecker; fix errors and (most) warnings 2014-09-15 11:30:47 -07:00
Makefile Delete apparmor/rule/ python cache files in "make clean" 2015-05-11 21:57:55 +02:00
notify.conf Here is a patch to standardize on all utils using the "aa-" prefix instead 2010-11-03 17:03:52 -07:00
python-tools-setup.py utils: fix python install for rule/ subdirectory 2015-01-13 13:03:11 -08:00
README.md Merge in Kshitij Gupta <kgupta8592@gmail.com>'s rewrite of the 2014-02-12 15:54:00 -08:00
severity.db Update perl abstraction, logprof.conf, severity.db and tests for Debian/Ubuntu 2014-08-20 19:14:24 -05:00

README.md

Known Bugs: Will allow multiple letters in the () due to translation/unicode issues with regexing the key. User input will probably bug out in a different locale.