mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 14:25:52 +00:00
Code Issues Releases Wiki Activity

Subject: call autodep when creating a child profile

Browse Source 
This patch calls autodep on the 'exec'ed binary when the user selects
to place that execution in a child profile. Previously, logprof would
create an entirely empty child profile in complain mode (this fix
still leaves the child profile in complain mode).
This commit is contained in:
Steve Beattie
2012-03-27 17:21:22 -07:00
parent f37f59f47b
commit 01fe7f42a0
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
utils/Immunix/AppArmor.pm
View File

@@ -2391,8 +2391,18 @@ sub handlechildren($$$) {
# put in enforce mode with genprof
$sd{$profile}{$hat}{flags} = $sd{$profile}{$profile}{flags} if $profile ne $hat;
# autodep our new child
my $stub_profile = create_new_profile($hat);
$sd{$profile}{$hat}{flags} = 'complain';
$sd{$profile}{$hat}{allow}{path} = { };
if (defined $stub_profile->{$hat}{$hat}{allow}{path}) {
$sd{$profile}{$hat}{allow}{path} = $stub_profile->{$hat}{$hat}{allow}{path};
}
$sd{$profile}{$hat}{include} = { };
if (defined $stub_profile->{$hat}{$hat}{include}) {
$sd{$profile}{$hat}{include} = $stub_profile->{$hat}{$hat}{include};
}
$sd{$profile}{$hat}{allow}{netdomain} = { };
my $file = $sd{$profile}{$profile}{filename};
$filelist{$file}{profiles}{$profile}{$hat} = 1;