mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 14:25:52 +00:00
Code Issues Releases Wiki Activity

parser: don't set xbits when using permstable32_v1

Browse Source 
The use of xbits can not pass verification so we need to leave them
off this makes the profile a leaf profile.

Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen
2023-04-23 21:14:18 -07:00
parent 5bd2271189
commit 89673d0c5e
6 changed files with 43 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
parser/parser_regex.c
View File

@@ -785,7 +785,7 @@ int process_profile_regex(Profile *prof)
prof->dfa.dfa = prof->dfa.rules->create_dfablob(&prof->dfa.size,
&xmatch_len, prof->dfa.perms_table,
parseopts, true,
prof->uses_prompt_rules && kernel_supports_permstable32,
prof->uses_prompt_rules && (prompt_compat_mode == PROMPT_COMPAT_PERMSV2),
prof->uses_prompt_rules);
delete prof->dfa.rules;
prof->dfa.rules = NULL;
@@ -1167,7 +1167,7 @@ int process_profile_policydb(Profile *prof)
&xmatch_len,
prof->policy.perms_table,
parseopts, false,
prof->uses_prompt_rules && kernel_supports_permstable32,
prof->uses_prompt_rules && (prompt_compat_mode == PROMPT_COMPAT_PERMSV2),
prof->uses_prompt_rules);
delete prof->policy.rules;