mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-02 15:25:27 +00:00
Code Issues Releases Wiki Activity

Merge from trunk revs 1676 and 1677: Override AF_MAX for kernels that

Browse Source 
don't support proper masking. Older versions of the apparmor kernel
patches didn't handle receiving network tables of a larger size than
expected.  Allow the parser to detect the kernel version and override
the AF_MAX value for those kernels.  This also replaces the hack
using a hardcoded limit of 36 for kernels missing the features flag.

Also, ensure that the buffer read from /proc/sys/kernel/osrelease is
null terminated.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
This commit is contained in:
Steve Beattie
2011-03-07 07:05:37 -08:00
parent 0c52d5219a
commit 03b8aee481
3 changed files with 88 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
parser/parser_main.c
View File

@@ -87,6 +87,7 @@ char *flags_string = NULL;
int regex_type = AARE_DFA;
int perms_create = 0; /* perms contain create flag */
int kernel_supports_network = 1; /* kernel supports network rules */
int net_af_max_override = -1; /* use kernel to determine af_max */
char *profile_namespace = NULL;
int flag_changehat_version = FLAG_CHANGEHAT_1_5;