mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 14:25:52 +00:00
Code Issues Releases Wiki Activity

fix: the what names can treated as a condlistid

Browse Source 
The match
  {VARIABLE_NAME}/{WS}*={WS}*\(

is too broad causing mount and dbus rules to fail for sets of values eg.

  mount options=(ro bind)

Instead of doing a broad match, for now lets lock it down to just
peer=(...) being the only cond that can cause entry into CONDLISTID

Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen
2014-04-23 11:36:26 -07:00
parent b222731c4f
commit f19c9f9511
7 changed files with 54 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
parser/signal.h
View File

@@ -43,7 +43,7 @@ public:
int audit;
int deny;
signal_rule(int mode, struct cond_entry *conds, char *peer);
signal_rule(int mode, struct cond_entry *conds);
virtual ~signal_rule() {
signals.clear();
free(peer_label);