Hello,
this patch fixes the 2.9 aa-mergeprof capability handling.
Thanks to a broken optimization (which missed a not in the if
condition), aa-mergeprof never asked to merge capability rules.
Also fix a syntax / parameter error uncovered after fixing the
condition.
This patch is only meant for the 2.9 branch.
[ mergeprof-2.9-fix-capability.diff ]
=== modified file 'utils/aa-mergeprof'
--- utils/aa-mergeprof 2014-10-16 21:35:06 +
+++ utils/aa-mergeprof 2015-05-13 23:19:42 +
@@ -309,7 +309,7 @@
#Add the capabilities
for allow in ['allow', 'deny']:
-if other.aa[profile][hat].get(allow, False):
+if not other.aa[profile][hat].get(allow, False):
continue
for capability in
sorted(other.aa[profile][hat][allow]['capability'].keys()):
severity = sev_db.rank('CAP_%s' % capability)
@@ -366,7 +366,7 @@
apparmor.aa.changed[profile] = True
-aaui.UI_Info(_('Adding capability %s to
profile.'), capability)
+aaui.UI_Info(_('Adding capability %s to profile.')
% capability)
done = True
elif ans == 'CMD_DENY':
Regards,
Christian Boltz
--
[Loadbalancer vor Mailservern]
Ausbauen, bei Ebay verhökern und die frei gewordene Zeit zusammen mit
dem Ebay-Erlös in eine große Betriebsparty mit Cocktails anlegen.
[Peer Heinlein in postfixbuch-users]
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor