mirror of
https://gitlab.com/apparmor/apparmor
synced 2025-08-31 06:16:03 +00:00
parser: Check for kernel support prior to processing dbus entries
When a parser that is aware of dbus rules is running under a kernel that is unaware of dbus rules, the parser should ignore the dbus rules instead of attempting to load them into the kernel. Otherwise, the kernel will reject the entire profile, leaving the application unconfined. Similar to what is done for mount rules, the features listed in apparmorfs should be checked to see if dbus is supported under the current kernel. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
Tyler Hicks
@@ -224,6 +224,7 @@ extern int net_af_max_override;
|
||||
extern int kernel_load;
|
||||
extern int kernel_supports_network;
|
||||
extern int kernel_supports_mount;
|
||||
extern int kernel_supports_dbus;
|
||||
extern int conf_verbose;
|
||||
extern int conf_quiet;
|
||||
extern int names_only;
|
||||
|
||||
Reference in New Issue
Block a user