parser: don't abort profile compile if the kernel is missing caps/mask

3.0 added the ability to extract and use the kernels cap mask to augment its internal capability list as a stop gap measure to support new capabilities. Unfortunately not all kernel export the cap/mask and this is causing the policy compile to fail. If the kernel doesn't export a cp/mask just use the internal list. Fixes: https://gitlab.com/apparmor/apparmor/-/issues/140 MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/691 Signed-off-by: John Johansen <john.johansen@canonical.com>
2025-08-30 22:05:27 +00:00 · 2020-12-11 03:56:48 -08:00
parent c2d105f81b
commit c43bdf2e8b
1 changed files with 2 additions and 1 deletions
--- a/parser/parser_misc.c
+++ b/parser/parser_misc.c
@@ -326,7 +326,8 @@ bool add_cap_feature_mask(struct aa_features *features, capability_flags flags)

 	value = aa_features_value(features, "caps/mask", &valuelen);
 	if (!value)
-		return false;
+		/* nothing to add, just use existing set */
+		return true;

 	n = 0;
 	for (capstr = strn_token(value, len);