Hello, this patch adds the missing "pux" to PROFILE_MODE_RE and PROFILE_MODE_NT_RE.
Also move those regexes and PROFILE_MODE_DENY_RE directly above validate_profile_mode() which is the only user. I propose this patch for trunk and 2.9. [ 63-move-file-mode-regexes-and-add-pux.diff ] === modified file utils/apparmor/aa.py --- utils/apparmor/aa.py 2015-07-05 14:27:58.668222676 +0200 +++ utils/apparmor/aa.py 2015-07-05 15:12:26.704040136 +0200 @@ -1503,10 +1503,6 @@ return None -PROFILE_MODE_RE = re.compile('r|w|l|m|k|a|ix|ux|px|cx|pix|cix|Ux|Px|PUx|Cx|Pix|Cix') -PROFILE_MODE_NT_RE = re.compile('r|w|l|m|k|a|x|ix|ux|px|cx|pix|cix|Ux|Px|PUx|Cx|Pix|Cix') -PROFILE_MODE_DENY_RE = re.compile('r|w|l|m|k|a|x') - ##### Repo related functions def UI_SelectUpdatedRepoProfile(profile, p): @@ -2426,6 +2422,9 @@ if not is_known_rule(aa[profile][hat], 'network', NetworkRule(family, sock_type)): log_dict[aamode][profile][hat]['netdomain'][family][sock_type] = True +PROFILE_MODE_RE = re.compile('r|w|l|m|k|a|ix|ux|px|pux|cx|pix|cix|Ux|Px|PUx|Cx|Pix|Cix') +PROFILE_MODE_NT_RE = re.compile('r|w|l|m|k|a|x|ix|ux|px|pux|cx|pix|cix|Ux|Px|PUx|Cx|Pix|Cix') +PROFILE_MODE_DENY_RE = re.compile('r|w|l|m|k|a|x') def validate_profile_mode(mode, allow, nt_name=None): if allow == 'deny': Regards, Christian Boltz -- Linux ist ein tolles Dings..... Es zeigt mir jeden Tag wieder völlig unaufdringlich meine Grenzen, und zeigt mir was ich alles noch nicht weiß.... [Axel Birndt in suse-linux] -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor