Hello, Am Sonntag, 7. Juni 2015 schrieb Kshitij Gupta: > As discovered by cboltz there was a strange random behaviour of > crashing by aa-cleanprof. After a fun bughunt we traced it to 4 extra > white spaces before the return statement. The patch also adds a > sorted call on the key set to make things more deterministic (for > when we have to bughunt next time).
bughunt? bugs? we have bugs? really? ;-) > Note: This patch just fixes the randomness, the cause of crash is > fixed by "Add profile_storage()" patch which initialises thing as > necessary. Right. Let me add that with with the "Add profile_storage()" patch applied, the randomness moves from crashing to the number of deleted superfluous rules ;-) > The following patch: > - Brings the return to the correct indentation > - Adds a sorted call over the set keys of hat in the profile > > === modified file 'utils/apparmor/cleanprofile.py' > --- utils/apparmor/cleanprofile.py 2015-04-26 19:54:38 +0000 > +++ utils/apparmor/cleanprofile.py 2015-06-07 16:48:49 +0000 > @@ -48,7 +48,7 @@ > #Process every hat in the profile individually > file_includes = > list(self.profile.filelist[self.profile.filename]['include'].keys()) > deleted = 0 > - for hat in self.profile.aa[program].keys(): > + for hat in sorted(self.profile.aa[program].keys()): > #The combined list of includes from profile and the file > includes = > list(self.profile.aa[program][hat]['include'].keys()) + file_includes > > @@ -76,7 +76,7 @@ > deleted += > delete_path_duplicates(self.profile.aa[program][hat], > self.other.aa[program][hat], 'allow', self.same_file) > deleted += > delete_path_duplicates(self.profile.aa[program][hat], > self.other.aa[program][hat], 'deny', self.same_file) > > - return deleted > + return deleted Acked-by: Christian Boltz <appar...@cboltz.de> for trunk and 2.9. For the records: In the 2.9 branch this issue didn't cause crashes. 2.9 doesn't have the rule classes and therefore can't crash because of a not-initialized rule class ;-) Nevertheless, this patch makes sure that superfluous rules in all hats (instead of just one hat) get removed. Regards, Christian Boltz -- > oder das absolut berauschende ;-)) > [ -d "/test/" ] || echo mkd Danke, zum Glück muß ich heute nicht mehr mit dem Auto fahren :-) [> Thomas Preissler und Al Bogner in suse-linux] -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor