mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 06:16:03 +00:00
Code Issues Releases Wiki Activity

Fix: the default pattern for missing change_onexec id

Browse Source 
The default change_onexec id is slightly wrong, it allows matching
'/' as an executable but it really should be anything under /

This results in the equality tests for change_profile failing as it
is different than what specifying /** in a rule does.

We could define rules need to be {/,}** to be equivalent but since
/ can not be an executable change the default value to match what
/** is converted in to.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
This commit is contained in:
John Johansen
2015-06-12 15:25:10 -07:00
parent 3fab352dc4
commit 7aae13f3df
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
parser/parser_regex.c
View File

@@ -583,7 +583,7 @@ static int process_dfa_entry(aare_rules *dfarules, struct cod_entry *entry)
vec[0] = xbuf.c_str();
} else
/* allow change_profile for all execs */
vec[0] = "/[^\\x00]*";
vec[0] = "/[^/\\x00][^\\x00]*";
if (entry->ns) {
int pos;