Hello, when creating a new child profile, handle_children() did only copy over include and path rules. While this was correct in the past, path rules got changed to FileRule in the meantime and were therefore lost. (In practise, this means the "$binary mr," rule wasn't added to the new child profile, causing a "superfluous" question in aa-logprof.)
This patch changes handle_children() to carry over the complete new child profile instead of only cherry-picking include and path rules. I propose this patch for trunk and 2.11. Older versions (with path as hasher) are not affected. [ 01-handle_children-use-new-profile.diff ] --- utils/apparmor/aa.py 2017-07-16 21:28:03.462623472 +0200 +++ utils/apparmor/aa.py 2017-07-16 21:34:08.093205307 +0200 @@ -1266,24 +1270,16 @@ if ynans == 'y': hat = exec_target if not aa[profile].get(hat, False): - aa[profile][hat] = ProfileStorage(profile, hat, 'handle_children()') + stub_profile = create_new_profile(hat, True) + aa[profile][hat] = stub_profile[hat][hat] + aa[profile][hat]['profile'] = True if profile != hat: aa[profile][hat]['flags'] = aa[profile][profile]['flags'] - stub_profile = create_new_profile(hat, True) - aa[profile][hat]['flags'] = 'complain' - aa[profile][hat]['allow']['path'] = hasher() - if stub_profile[hat][hat]['allow'].get('path', False): - aa[profile][hat]['allow']['path'] = stub_profile[hat][hat]['allow']['path'] - - aa[profile][hat]['include'] = hasher() - if stub_profile[hat][hat].get('include', False): - aa[profile][hat]['include'] = stub_profile[hat][hat]['include'] - file_name = aa[profile][profile]['filename'] filelist[file_name]['profiles'][profile][hat] = True Regards, Christian Boltz -- Sadly, the relationship between CSS and HTML is the same relationship that links the instructions for building your IKEA bed, and the unassembled, spiteful wooden planks that purportedly contain latent bed structures. [https://scholar.harvard.edu/files/mickens/files/towashitallaway.pdf]
signature.asc
Description: This is a digitally signed message part.
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor