mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-01 14:55:10 +00:00
Code Issues Releases Wiki Activity

have changehat return ECHILD error code when a profile doesn't contain any

Browse Source 
hats
This commit is contained in:
John Johansen
2007-01-04 08:30:37 +00:00
parent c60fb0e392
commit 7ef76882c1
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
module/main.c
View File

@@ -336,7 +336,6 @@ static unsigned int sd_file_perm(struct subdomain *sd, const char *name,
* Currently we only allow access if opened O_WRONLY * Currently we only allow access if opened O_WRONLY
*/ */
if (mask == MAY_WRITE && strncmp(PROCPFX, name, PROCLEN) == 0 && if (mask == MAY_WRITE && strncmp(PROCPFX, name, PROCLEN) == 0 &&
(!list_empty(&sd->profile->sub) || SUBDOMAIN_COMPLAIN(sd)) &&
sd_taskattr_access(name + PROCLEN)) sd_taskattr_access(name + PROCLEN))
goto done; goto done;
@@ -1609,6 +1608,12 @@ int sd_change_hat(const char *hat_name, __u32 hat_magic)
goto out; goto out;
} }
/* check to see if the confined process has any hats. */
if (list_empty(&sd->profile->sub) && !SUBDOMAIN_COMPLAIN(sd)) {
error = -ECHILD;
goto out;
}
/* Check whether current domain is parent /* Check whether current domain is parent
* or one of the sibling children * or one of the sibling children
*/ */