mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 06:16:03 +00:00
Code Issues Releases Wiki Activity

parser: fix rejecting of unix rules with listen or bind permissions

Browse Source 
Only reject rules with explicit listen or bind permissions if a peer
conditional is specified.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
This commit is contained in:
John Johansen
2014-09-03 16:09:06 -07:00
committed by Steve Beattie
parent e119901e3a
commit 29c776e4fc
1 changed files with 2 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
parser/af_unix.cc
View File

@@ -115,12 +115,10 @@ unix_rule::unix_rule(int mode_p, struct cond_entry *conds,
mode = mode_p;
if (mode & ~AA_VALID_NET_PERMS)
yyerror("mode contains invalid permissions for unix socket rules\n");
else if ((mode & AA_NET_BIND) &&
((mode & AA_PEER_NET_PERMS) || has_peer_conds()))
else if ((mode & AA_NET_BIND) && has_peer_conds())
/* Do we want to loosen this? */
yyerror("unix socket 'bind' access cannot be used with message rule conditionals\n");
else if ((mode & AA_NET_LISTEN) &&
((mode & AA_PEER_NET_PERMS) || has_peer_conds()))
else if ((mode & AA_NET_LISTEN) && has_peer_conds())
/* Do we want to loosen this? */
yyerror("unix socket 'listen' access cannot be used with message rule conditionals\n");
} else {