From 5e349dbe694851501f6af0c3f043a9fb5a842b68 Mon Sep 17 00:00:00 2001 From: John Johansen Date: Sun, 7 Jul 2024 05:07:37 -0700 Subject: [PATCH] utils/aa-unconfined: Let aa-unconfined screen out prompt and mixed modes The prompt/user upcall mode shows up as a mode of (user). And for stacked policy with different modes (mixed) is used. Add these to the list of modes to screen. Signed-off-by: John Johansen --- utils/aa-unconfined | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/aa-unconfined b/utils/aa-unconfined index c834bcd20..48915b8ce 100755 --- a/utils/aa-unconfined +++ b/utils/aa-unconfined @@ -126,7 +126,7 @@ def read_proc_current(filename): with open_file_read(filename) as current: for line in current: line = line.strip() - if line.endswith(' (complain)', 1) or line.endswith(' (enforce)', 1) or line.endswith(' (kill)', 1): # enforce at least one char as profile name + if line.endswith(' (complain)', 1) or line.endswith(' (enforce)', 1) or line.endswith(' (kill)', 1) or line.endswith(' (user)', 1): # enforce at least one char as profile name # intentionally not checking for '(unconfined)', because $binary confined by $profile (unconfined) would look very confusing attr = line except OSError: