mirror of
https://gitlab.com/apparmor/apparmor
synced 2025-08-22 10:07:12 +00:00
5053a01d84
If apparmor_parser -N (in profiles_names_list()) fails, aa-remove-unknown possibly gets an incomplete list of profiles in /etc/apparmor.d/ and therefore might remove more profiles than it should. Replace the profiles_names_list() call with a direct apparmor_parser call, and abort aa-remove-unknown if it exits with $? != 0 Before: ``` aa-remove-unknown -n AppArmor parser error for /etc/apparmor.d/broken in profile /etc/apparmor.d/broken at line 1: syntax error, unexpected TOK_ID, expecting TOK_OPEN Would remove 'delete_me' ``` After: ``` ./aa-remove-unknown -n AppArmor parser error for /etc/apparmor.d in profile /etc/apparmor.d/zbroken at line 1: syntax error, unexpected TOK_ID, expecting TOK_OPEN apparmor_parser exited with failure, aborting. ``` And of course, after fixing the broken profile: ``` ./aa-remove-unknown -n Would remove 'delete_me' ```
Known Bugs: Will allow multiple letters in the () due to translation/unicode issues with regexing the key. User input will probably bug out in a different locale.