From 45cb3d7ec34a72f790b4bed5d5ec4c8e89871f1b Mon Sep 17 00:00:00 2001
From: Christian Boltz <apparmor@cboltz.de>
Date: Sat, 11 Jul 2015 22:57:36 +0200
Subject: [PATCH] Add cux and CUx to PROFILE_MODE_RE

cux and CUx are valid exec permissions, so they should be accepted
by validate_profile_mode() ;-)


Acked-by: John Johansen <john.johansen@canonical.com> for trunk and 2.9
---
 utils/apparmor/aa.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py
index f19a8849b..246634aff 100644
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@@ -2422,7 +2422,7 @@ def collapse_log():
                         if not is_known_rule(aa[profile][hat], 'network', NetworkRule(family, sock_type)):
                             log_dict[aamode][profile][hat]['netdomain'][family][sock_type] = True
 
-PROFILE_MODE_RE      = re.compile('^(r|w|l|m|k|a|ix|ux|px|pux|cx|pix|cix|Ux|Px|PUx|Cx|Pix|Cix)+$')
+PROFILE_MODE_RE      = re.compile('^(r|w|l|m|k|a|ix|ux|px|pux|cx|pix|cix|cux|Ux|Px|PUx|Cx|Pix|Cix|CUx)+$')
 PROFILE_MODE_DENY_RE = re.compile('^(r|w|l|m|k|a|x)+$')
 
 def validate_profile_mode(mode, allow, nt_name=None):