libapparmor: fix handling of failed symlink traversal

Ideally we would have a flag or something so the caller could choose to handle symlinks, or traverse them. But since all callers currently don't handle symlinks just handle them in the iterator. Beyond fixing the early termination due to a failed symlink this also fixes another case of failure in one job cause dir based loads to terminate early. Which can result in partial loads. Fixes: https://gitlab.com/apparmor/apparmor/-/issues/215 MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/850 Signed-off-by: John Johansen <john.johansen@canonical.com> Approved-by: Georgia Garcia <georgia.garcia@canonical.com>
2025-08-31 06:16:03 +00:00 · 2022-02-16 12:59:24 -08:00
parent 6f18326232
commit acc6ba1cb7
6 changed files with 42 additions and 8 deletions
--- a/parser/parser_main.c
+++ b/parser/parser_main.c
@@ -1450,6 +1450,8 @@ static int profile_dir_cb(int dirfd unused, const char *name, struct stat *st,
 {
 	int rc = 0;

+	/* Handle symlink here. See _aa_dirat_for_each in private.c */
+
 	if (!S_ISDIR(st->st_mode) && !is_blacklisted(name, NULL)) {
 		struct dir_cb_data *cb_data = (struct dir_cb_data *)data;
 		autofree char *path = NULL;
@@ -1472,6 +1474,8 @@ static int binary_dir_cb(int dirfd unused, const char *name, struct stat *st,
 {
 	int rc = 0;

+	/* Handle symlink here. See _aa_dirat_for_each in private.c */
+
 	if (!S_ISDIR(st->st_mode) && !is_blacklisted(name, NULL)) {
 		struct dir_cb_data *cb_data = (struct dir_cb_data *)data;
 		autofree char *path = NULL;
@@ -1664,7 +1668,7 @@ int main(int argc, char *argv[])
 			if ((retval = dirat_for_each(AT_FDCWD, profilename,
 						     &cb_data, cb))) {
 				last_error = errno;
-				PDEBUG("Failed loading profiles from %s\n",
+				PERROR("There was an error while loading profiles from %s\n",
 				       profilename);
 				if (abort_on_error)
 					break;