mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 18:17:09 +00:00
Code Issues Releases Wiki Activity

rule_ents from conditional block are dropped

Browse Source 
In the following policy, "ptrace" would be dropped during merging:

$FOO=true
/bin/true {
  if $FOO {
      ptrace,
  }
}

Current behavior:
----- Debugging built structures -----
Name:		/bin/true
Local To:	<NULL>
Mode: 

With patch:
----- Debugging built structures -----
Name:		/bin/true
Local To:	<NULL>
Mode: 
ptrace,
This commit is contained in:
doublez13 2025-02-18 16:47:36 +00:00
parent 8711c7754b
commit dad66f663b
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
parser/parser_policy.c
View File

@ -178,6 +178,8 @@ Profile *merge_policy(Profile *a, Profile *b)
} }
} }
a->rule_ents.splice(a->rule_ents.end(), b->rule_ents);
merge_hats(a, b->hat_table); merge_hats(a, b->hat_table);
delete b; delete b;
out: out: