Merge branch 'cboltz-inherit-mr' into 'master'

handle_children(): automatically add m permissions on ix rules See merge request apparmor/apparmor!22 Acked-by: John Johansen <john.johansen@canonical.com>
2025-08-29 13:28:19 +00:00 · 2017-12-12 22:45:53 +00:00 · 2017-12-12 22:45:53 +00:00 · b2df42f55b
commit b2df42f55b
parent 6483c627d2 7a49f37c24
1 changed files with 2 additions and 2 deletions
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@ -1191,8 +1191,8 @@ def handle_children(profile, hat, root):
                                    ans = 'INVALID'

                        if exec_mode and 'i' in exec_mode:
-                            # For inherit we need r
-                            file_perm = 'r'
+                            # For inherit we need mr
+                            file_perm = 'mr'
                        else:
                            if ans == 'CMD_DENY':
                                aa[profile][hat]['file'].add(FileRule(exec_target, None, 'x', FileRule.ALL, owner=False, log_event=True, deny=True))