[apparmor] [patch] Make sure aa-cleanprof de-duplicates capability rules

Christian Boltz Sat, 11 Apr 2015 18:33:02 -0700

Hello,

CleanProf.remove_duplicate_rules() didn't call
  $profile['capability'].delete_duplicates()
because aa-cleanprof sets same_file=True.


Fix this by calling delete_duplicates(None) so that it
only checks the profile against itsself.



[ 43-cleanprof-do-in-profile-run.diff ]

=== modified file 'utils/apparmor/cleanprofile.py'
--- utils/apparmor/cleanprofile.py      2014-12-16 22:13:25 +0000
+++ utils/apparmor/cleanprofile.py      2015-04-11 22:35:00 +0000
@@ -67,6 +67,8 @@
             #Clean the duplicates of caps in other profile
             if not self.same_file:
                 deleted += 
self.other.aa[program][hat]['capability'].delete_duplicates(self.profile.aa[program][hat]['capability'])
+            else:
+                deleted += 
self.other.aa[program][hat]['capability'].delete_duplicates(None)
 
             #Clean the duplicates of path in other profile
             deleted += delete_path_duplicates(self.profile.aa[program][hat], 
self.other.aa[program][hat], 'allow', self.same_file)



Regards,

Christian Boltz
-- 
sigmonster ist gassi...


-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

[apparmor] [patch] Make sure aa-cleanprof de-duplicates capability rules

Reply via email to