Hello, Am Sonntag, 21. Februar 2016, 23:53:40 CET schrieb Kshitij Gupta: > On Sun, Feb 21, 2016 at 9:48 PM, Christian Boltz wrote: > > according to a discussion with John on IRC, denied_mask="x" can only > > happen for 'exec' log events. This patch raises an exception if John > > is wrong ;-) > > > > > > [ 75-x-but-not-exec-exception.diff ] > > > > === modified file ./utils/apparmor/aa.py > > --- utils/apparmor/aa.py 2016-02-21 15:43:58.021985441 +0100 > > +++ utils/apparmor/aa.py 2016-02-21 16:06:41.744595751 +0100
> > + elif typ != 'exec':
> > + raise AppArmorBug('exec permissions
> > requested for %i(exec_target)s, but mode is %(mode)s instead of
> > exec. This
> Is that "%i(exec_target)s: above containing the "%i" what you were
> aiming for?
Nice catch - it should be %(...), not %i(...) ;-)
Updated patch:
[ 75-x-but-not-exec-exception.diff ]
=== modified file ./utils/apparmor/aa.py
--- utils/apparmor/aa.py 2016-02-21 15:43:58.021985441 +0100
+++ utils/apparmor/aa.py 2016-02-21 16:06:41.744595751 +0100
@@ -1210,6 +1210,8 @@
if mode & str_to_mode('x'):
if os.path.isdir(exec_target):
raise AppArmorBug('exec permissions requested for
directory %s. This should not happen - please open a bugreport!' % exec_target)
+ elif typ != 'exec':
+ raise AppArmorBug('exec permissions requested for
%(exec_target)s, but mode is %(mode)s instead of exec. This should not happen -
please open a bugreport!' % {'exec_target': exec_target, 'mode':mode})
else:
do_execute = True
Regards,
Christian Boltz
--
There is only so much everybody can do. We suffer from hour-shortage
on the day I guess :) [Dominique Leuenberger in opensuse-factory]
signature.asc
Description: This is a digitally signed message part.
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
