From 3ccbc2e65d95434bb143c2a41b13326641d6826c Mon Sep 17 00:00:00 2001
From: Christian Boltz <apparmor@cboltz.de>
Date: Sat, 6 Jun 2015 14:25:41 +0200
Subject: [PATCH] Allow aa-complain etc. to change profiles for non-existing
 binaries

aa-complain, aa-enforce, aa-disable and aa-audit refused to change
profiles for non-existing binaries. This patch also allows paths
starting with /. This also makes it possible to use
    aa-complain '/{usr/,}bin/ping'
and
    aa-complain /etc/apparmor.d/bin.ping


This patch fixes https://bugs.launchpad.net/apparmor/+bug/1416346

Well, mostly - we still need to decide how we handle wildcards in
profile names:
    aa-complain ping
    aa-complain /usr/bin/ping
will still error out with "Profile not found" because it isn't an exact
match (and matching the wildcard would change more than the user wants).


Oh, and this patch also fixes the last failure in minitools_test.py.



Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.9
---
 utils/apparmor/tools.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utils/apparmor/tools.py b/utils/apparmor/tools.py
index 6e1e3c6aa..b77ff58f0 100644
--- a/utils/apparmor/tools.py
+++ b/utils/apparmor/tools.py
@@ -57,7 +57,7 @@ class aa_tools:
 
             program = None
             profile = None
-            if os.path.exists(p):
+            if os.path.exists(p) or p.startswith('/'):
                 fq_path = apparmor.get_full_path(p).strip()
                 if os.path.commonprefix([apparmor.profile_dir, fq_path]) == apparmor.profile_dir:
                     program = None