mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-29 13:28:19 +00:00
Code Issues Releases Wiki Activity

Merge branch 'cboltz-inherit-mr' into 'master'

Browse Source 
handle_children(): automatically add m permissions on ix rules

See merge request apparmor/apparmor!22

Acked-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen 2017-12-12 22:45:53 +00:00
commit b2df42f55b
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
utils/apparmor/aa.py
View File

@ -1191,8 +1191,8 @@ def handle_children(profile, hat, root):
ans = 'INVALID' ans = 'INVALID'
if exec_mode and 'i' in exec_mode: if exec_mode and 'i' in exec_mode:
# For inherit we need r # For inherit we need mr
file_perm = 'r' file_perm = 'mr'
else: else:
if ans == 'CMD_DENY': if ans == 'CMD_DENY':
aa[profile][hat]['file'].add(FileRule(exec_target, None, 'x', FileRule.ALL, owner=False, log_event=True, deny=True)) aa[profile][hat]['file'].add(FileRule(exec_target, None, 'x', FileRule.ALL, owner=False, log_event=True, deny=True))