Description: use -QTK instead of -p in verify_policy(). '-p' only runs the

preprocessor and is not as thorough as -QTK (--skip-kernel-load, --skip-read-cache, --skip-cache). Like with '-p', '-QTK' can be run without privilege but it will catch things like conflictings 'x' modifiers. Acked-By: Jamie Strandboge <jamie@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2025-08-31 14:25:52 +00:00 · 2014-06-09 13:38:35 -05:00
parent f6f4ef7ee9
commit f8ed2e1d0d
1 changed files with 1 additions and 1 deletions
--- a/utils/apparmor/easyprof.py
+++ b/utils/apparmor/easyprof.py
@@ -279,7 +279,7 @@ def verify_policy(policy):
        os.write(f, policy)
        os.close(f)

-    rc, out = cmd([exe, '-p', fn])
+    rc, out = cmd([exe, '-QTK', fn])
    os.unlink(fn)
    if rc == 0:
        return True