mirror of
https://gitlab.com/apparmor/apparmor
synced 2025-08-30 05:47:59 +00:00
Carry over all autodep-generated rules in handle_children()
When creating a new child profile, handle_children() did only copy over include and path rules. While this was correct in the past, path rules got changed to FileRule in the meantime and were therefore lost. (In practise, this means the "$binary mr," rule wasn't added to the new child profile, causing a "superfluous" question in aa-logprof.) This patch changes handle_children() to carry over the complete new child profile instead of only cherry-picking include and path rules. Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.11. Older versions (with path as hasher) are not affected.
This commit is contained in:
parent
5e535b246a
commit
1d0790c0c6
@ -1266,24 +1266,16 @@ def handle_children(profile, hat, root):
|
||||
if ynans == 'y':
|
||||
hat = exec_target
|
||||
if not aa[profile].get(hat, False):
|
||||
aa[profile][hat] = ProfileStorage(profile, hat, 'handle_children()')
|
||||
stub_profile = create_new_profile(hat, True)
|
||||
aa[profile][hat] = stub_profile[hat][hat]
|
||||
|
||||
aa[profile][hat]['profile'] = True
|
||||
|
||||
if profile != hat:
|
||||
aa[profile][hat]['flags'] = aa[profile][profile]['flags']
|
||||
|
||||
stub_profile = create_new_profile(hat, True)
|
||||
|
||||
aa[profile][hat]['flags'] = 'complain'
|
||||
|
||||
aa[profile][hat]['allow']['path'] = hasher()
|
||||
if stub_profile[hat][hat]['allow'].get('path', False):
|
||||
aa[profile][hat]['allow']['path'] = stub_profile[hat][hat]['allow']['path']
|
||||
|
||||
aa[profile][hat]['include'] = hasher()
|
||||
if stub_profile[hat][hat].get('include', False):
|
||||
aa[profile][hat]['include'] = stub_profile[hat][hat]['include']
|
||||
|
||||
file_name = aa[profile][profile]['filename']
|
||||
filelist[file_name]['profiles'][profile][hat] = True
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user