mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-02 15:25:27 +00:00
Code Issues Releases Wiki Activity

Description: use -QTK instead of -p in verify_policy(). '-p' only runs the

Browse Source 
preprocessor and is not as thorough as -QTK (--skip-kernel-load,
 --skip-read-cache, --skip-cache). Like with '-p', '-QTK' can be run without
 privilege but it will catch things like conflictings 'x' modifiers.

Acked-By: Jamie Strandboge <jamie@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
This commit is contained in:
Jamie Strandboge
2014-06-09 13:38:35 -05:00
parent f6f4ef7ee9
commit f8ed2e1d0d
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
utils/apparmor/easyprof.py
View File

@@ -279,7 +279,7 @@ def verify_policy(policy):
os.write(f, policy) os.write(f, policy)
os.close(f) os.close(f)
rc, out = cmd([exe, '-p', fn]) rc, out = cmd([exe, '-QTK', fn])
os.unlink(fn) os.unlink(fn)
if rc == 0: if rc == 0:
return True return True