[apparmor] [patch] Fix writing network rules

Christian Boltz Wed, 08 Apr 2015 13:38:56 -0700

Hello,

sometimes fixing a bug is easy ;-)


write_net_rules() creates invalid rules for network rules with one
parameter (for example "network bluetooth").
Add a trailing comma to create valid rules.

This is another bug uncovered by playing with the LibreOffice profile
("why does the profile have invalid syntax after an aa-logprof run?!")

I propose this patch for trunk and 2.9


[ 34-fix-writing-network-rules.diff ]

=== modified file utils/apparmor/aa.py
--- utils/apparmor/aa.py        2015-04-08 00:09:02.931423160 +0200
+++ utils/apparmor/aa.py        2015-04-08 22:24:23.556993393 +0200
@@ -3401,7 +3402,7 @@
                 if prof_data[allow]['netdomain']['rule'][fam] is True:
                     if prof_data[allow]['netdomain']['audit'][fam]:
                         audit = 'audit'
-                    data.append('%s%s%snetwork %s' % (pre, audit, allowstr, 
fam))
+                    data.append('%s%s%snetwork %s,' % (pre, audit, allowstr, 
fam))
                 else:
                     for typ in 
sorted(prof_data[allow]['netdomain']['rule'][fam].keys()):
                         if 
prof_data[allow]['netdomain']['audit'][fam].get(typ, False):




Regards,

Christian Boltz
-- 
für die Bewertung des Risikos gilt Martins Hypothese:
Das Risiko ist proportional zur Größe der Schlagzeile in der 
BILD-Zeitung.  [Martin zu 
http://blog.koehntopp.de/archives/3211-Wieso-wir-uns-veroeffentlichen.html]


-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

[apparmor] [patch] Fix writing network rules

Reply via email to