mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-01 14:55:10 +00:00
Code Issues Releases Wiki Activity

aa-unconfined: also read /proc/$pid/attr/apparmor/current

Browse Source 
This means moving the code that reads the 'current' file into a new
function read_proc_current()Then call that function for both
/proc/$pid/attr/apparmor/current (preferred) and /proc/$pid/attr/current
(fallback).
This commit is contained in:
Christian Boltz
2020-09-18 13:31:05 +02:00
parent a680c949af
commit 5a31e94394
1 changed files with 17 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
utils/aa-unconfined
View File

@@ -99,6 +99,19 @@ def get_pids_netstat(netstat='netstat'):
return pids return pids
def read_proc_current(filename):
attr = None
if os.path.exists(filename):
with apparmor.common.open_file_read(filename) as current:
for line in current:
line = line.strip()
if line.endswith(' (complain)', 1) or line.endswith(' (enforce)', 1): # enforce at least one char as profile name
attr = line
return attr
pids = set() pids = set()
if paranoid: if paranoid:
pids = get_all_pids() pids = get_all_pids()
@@ -112,13 +125,10 @@ for pid in sorted(map(int, pids)):
prog = os.readlink("/proc/%s/exe" % pid) prog = os.readlink("/proc/%s/exe" % pid)
except OSError: except OSError:
continue continue
attr = None
if os.path.exists("/proc/%s/attr/current" % pid): attr = read_proc_current("/proc/%s/attr/apparmor/current" % pid)
with apparmor.common.open_file_read("/proc/%s/attr/current" % pid) as current: if not attr:
for line in current: attr = read_proc_current("/proc/%s/attr/current" % pid)
line = line.strip()
if line.endswith(' (complain)', 1) or line.endswith(' (enforce)', 1): # enforce at least one char as profile name
attr = line
pname = None pname = None
cmdline = None cmdline = None