Hello, this patch fixes the 2.9 aa-mergeprof capability handling.
Thanks to a broken optimization (which missed a "not" in the if condition), aa-mergeprof never asked to merge capability rules. Also fix a syntax / parameter error uncovered after fixing the condition. This patch is only meant for the 2.9 branch. [ mergeprof-2.9-fix-capability.diff ] === modified file 'utils/aa-mergeprof' --- utils/aa-mergeprof 2014-10-16 21:35:06 +0000 +++ utils/aa-mergeprof 2015-05-13 23:19:42 +0000 @@ -309,7 +309,7 @@ #Add the capabilities for allow in ['allow', 'deny']: - if other.aa[profile][hat].get(allow, False): + if not other.aa[profile][hat].get(allow, False): continue for capability in sorted(other.aa[profile][hat][allow]['capability'].keys()): severity = sev_db.rank('CAP_%s' % capability) @@ -366,7 +366,7 @@ apparmor.aa.changed[profile] = True - aaui.UI_Info(_('Adding capability %s to profile.'), capability) + aaui.UI_Info(_('Adding capability %s to profile.') % capability) done = True elif ans == 'CMD_DENY': Regards, Christian Boltz -- [Loadbalancer vor Mailservern] Ausbauen, bei Ebay verhökern und die frei gewordene Zeit zusammen mit dem Ebay-Erlös in eine große Betriebsparty mit Cocktails anlegen. [Peer Heinlein in postfixbuch-users] -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor