mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-28 12:58:07 +00:00
Code Issues Releases Wiki Activity

aa-unconfined: Improve fallback handling to attr/current

Browse Source 
If /proc/*/attr/apparmor/current exists, only read that - instead of
falling back to /proc/*/attr/current if a process is for example
unconfined so that read_proc_current returns None.

Fixes: https://gitlab.com/apparmor/apparmor/-/issues/199
This commit is contained in:
Christian Boltz 2021-09-18 19:02:56 +02:00
parent 3b6257edea
commit f39d5c7c09
No known key found for this signature in database
GPG Key ID: C6A682EA63C82F1C
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
utils/aa-unconfined
View File

@ -129,8 +129,10 @@ for pid in sorted(map(int, pids)):
except OSError: except OSError:
continue continue
if os.path.exists("/proc/%s/attr/apparmor/current" % pid):
attr = read_proc_current("/proc/%s/attr/apparmor/current" % pid) attr = read_proc_current("/proc/%s/attr/apparmor/current" % pid)
if not attr: else:
# fallback to shared attr/current if attr/apparmor/current doesn't exist
attr = read_proc_current("/proc/%s/attr/current" % pid) attr = read_proc_current("/proc/%s/attr/current" % pid)
pname = None pname = None