mirror of
https://gitlab.com/apparmor/apparmor
synced 2025-09-01 06:45:38 +00:00
Fix crash in serialize_profile_from_old_profiles()
Assume you have a profile like
/bin/foo {
/etc/ r,
network,
/usr/ r,
}
(important: there must be be a non-path rule between the two path blocks)
Then run aa-logprof and add another path event. When choosing (V)iew changes,
it will crash with a misleading
File ".../utils/apparmor/aamode.py", line 205, in split_mode
other = mode - user
TypeError: unsupported operand type(s) for -: 'collections.defaultdict' and 'set'
The reason for this is our beloved hasher, which is playing funny games
another time.
The patch wraps the hasher usage with a check for the parent element to
avoid auto-creation of empty childs, which then lead to the above crash.
BTW: This is another issue uncovered by the LibreOffice profile ;-)
Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.9.
This commit is contained in:
Christian Boltz
@@ -4129,14 +4129,17 @@ def serialize_profile_from_old_profile(profile_data, name, options):
|
||||
else:
|
||||
tmpmode = str_to_mode(mode)
|
||||
|
||||
if not write_prof_data[hat][allow]['path'][path].get('mode', set()) & tmpmode:
|
||||
if not write_prof_data[hat][allow]['path'].get(path):
|
||||
correct = False
|
||||
else:
|
||||
if not write_prof_data[hat][allow]['path'][path].get('mode', set()) & tmpmode:
|
||||
correct = False
|
||||
|
||||
if nt_name and not write_prof_data[hat][allow]['path'][path].get('to', False) == nt_name:
|
||||
correct = False
|
||||
if nt_name and not write_prof_data[hat][allow]['path'][path].get('to', False) == nt_name:
|
||||
correct = False
|
||||
|
||||
if audit and not write_prof_data[hat][allow]['path'][path].get('audit', set()) & tmpmode:
|
||||
correct = False
|
||||
if audit and not write_prof_data[hat][allow]['path'][path].get('audit', set()) & tmpmode:
|
||||
correct = False
|
||||
|
||||
if correct:
|
||||
if not segments['path'] and True in segments.values():
|
||||
|
||||
Reference in New Issue
Block a user