On Sat, Jul 06, 2013 at 12:37:20PM -0500, Jamie Strandboge wrote:
There's a race condition here; well, maybe not -race-, but
self.template is updated before the sanity checks are performed. If
either of those exceptions gets ignored in callers, the template is
set to unsafe values.
On 07/09/2013 07:56 PM, Seth Arnold wrote:
On Sun, Jul 07, 2013 at 08:46:31PM -0500, Jamie Strandboge wrote:
Attached is a patch to address Seth's comments, and a few more fixes. After
submitting the last patch, we discussed the JSON structure[1] a bit more, and
realized that it needed a
On 07/05/2013 07:17 PM, Seth Arnold wrote:
On Mon, Jul 01, 2013 at 05:15:07PM -0500, Jamie Strandboge wrote:
@@ -428,6 +546,7 @@
s = %s# No read paths specified % prefix
if len(read_path) 0:
s = %s# Specified read permissions % (prefix)
+
On Mon, Jul 01, 2013 at 05:15:07PM -0500, Jamie Strandboge wrote:
+def set_template(self, template, allow_abs_path=True):
'''Set current template'''
self.template = template
+if ../ in template:
+raise AppArmorException('template %s contains ../
On Mon, Jul 01, 2013 at 05:15:07PM -0500, Jamie Strandboge wrote:
@@ -428,6 +546,7 @@
s = %s# No read paths specified % prefix
if len(read_path) 0:
s = %s# Specified read permissions % (prefix)
+read_path.sort()
for i in read_path:
On Fri, Jul 05, 2013 at 05:17:48PM -0700, Seth Arnold wrote:
On Mon, Jul 01, 2013 at 05:15:07PM -0500, Jamie Strandboge wrote:
@@ -428,6 +546,7 @@
s = %s# No read paths specified % prefix
if len(read_path) 0:
s = %s# Specified read permissions % (prefix)