From c61a75c91a67354d9358d56e11d8f1d49f93731d Mon Sep 17 00:00:00 2001
From: Christian Boltz <apparmor@cboltz.de>
Date: Wed, 10 Feb 2016 19:13:51 +0100
Subject: [PATCH] Error out if the log contains an exec event for a directory

According to the discussion with John on IRC, exec log events for
directories should never happen, therefore let handle_children()
raise an exception.


Acked-by: Kshitij Gupta <kgupta8592@gmail.com>
---
 utils/apparmor/aa.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py
index 7de1db10c..8ba3b55f4 100644
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@@ -1179,8 +1179,7 @@ def handle_children(profile, hat, root):
 
                 if mode & str_to_mode('x'):
                     if os.path.isdir(exec_target):
-                        mode = mode - apparmor.aamode.ALL_AA_EXEC_TYPE
-                        mode = mode | str_to_mode('ix')
+                        raise AppArmorBug('exec permissions requested for directory %s. This should not happen - please open a bugreport!' % exec_target)
                     else:
                         do_execute = True