Remove the old unused ptrace code that snuck in years ago.

It was never used, never supported, and we are doing it differently now. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2025-08-31 06:16:03 +00:00 · 2014-03-12 05:02:32 -07:00
parent 61fb0e9cea
commit fa1a5f8a61
5 changed files with 6 additions and 53 deletions
--- a/parser/parser_regex.c
+++ b/parser/parser_regex.c
@@ -493,8 +493,6 @@ static int process_dfa_entry(aare_ruleset_t *dfarules, struct cod_entry *entry)
 	if ((entry->mode >> AA_USER_SHIFT) & AA_EXEC_INHERIT)
 		entry->mode |= AA_EXEC_MMAP << AA_USER_SHIFT;

-	/* relying on ptrace and change_profile not getting merged earlier */
-
 	/* the link bit on the first pair entry should not get masked
 	 * out by a deny rule, as both pieces of the link pair must
 	 * match.  audit info for the link is carried on the second
@@ -556,19 +554,6 @@ static int process_dfa_entry(aare_ruleset_t *dfarules, struct cod_entry *entry)
 		if (!aare_add_rule_vec(dfarules, 0, AA_ONEXEC, 0, index, vec, dfaflags))
 			return FALSE;
 	}
-	if (entry->mode & (AA_USER_PTRACE | AA_OTHER_PTRACE)) {
-		int mode = entry->mode & (AA_USER_PTRACE | AA_OTHER_PTRACE);
-		if (entry->ns) {
-			const char *vec[2];
-			vec[0] = entry->ns;
-			vec[1] = entry->name;
-			if (!aare_add_rule_vec(dfarules, 0, mode, 0, 2, vec, dfaflags))
-			    return FALSE;
-		} else {
-		  if (!aare_add_rule(dfarules, entry->name, 0, mode, 0, dfaflags))
-				return FALSE;
-		}
-	}
 	return TRUE;
 }