mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-30 22:05:27 +00:00
Code Issues Releases Wiki Activity

Error out if the log contains an exec event for a directory

Browse Source 
According to the discussion with John on IRC, exec log events for
directories should never happen, therefore let handle_children()
raise an exception.


Acked-by: Kshitij Gupta <kgupta8592@gmail.com>
This commit is contained in:
Christian Boltz
2016-02-10 19:13:51 +01:00
parent 322c5f04f8
commit c61a75c91a
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
utils/apparmor/aa.py
View File

@@ -1179,8 +1179,7 @@ def handle_children(profile, hat, root):
if mode & str_to_mode('x'): if mode & str_to_mode('x'):
if os.path.isdir(exec_target): if os.path.isdir(exec_target):
mode = mode - apparmor.aamode.ALL_AA_EXEC_TYPE raise AppArmorBug('exec permissions requested for directory %s. This should not happen - please open a bugreport!' % exec_target)
mode = mode | str_to_mode('ix')
else: else:
do_execute = True do_execute = True