mirror of
https://gitlab.com/apparmor/apparmor
synced 2025-08-22 10:07:12 +00:00
1881577065
If a user specifies a non-existing file to merge into the profiles (`aa-mergeprof /file/not/found`), this results in a backtrace showing an AppArmorBug because that file unsurprisingly doesn't end up in the active_profiles filelist. Handle this more gracefully by adding a read_error_fatal parameter to read_profile() that, if set, forwards the exception. With that, aa-mergeprof doesn't try to list the profiles in this non-existing file. Note that all other callers of read_profile() continue to ignore read errors, because aborting just because a single file in /etc/apparmor.d/ (for example a broken symlink) isn't readable would be a bad idea. This bug was introduced in 4e09f315c3bcb0d0ae0300e6c3be5de93221026a, therefore I propose this patch for 3.0..master MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1403 Approved-by: John Johansen <john@jjmx.net> Merged-by: John Johansen <john@jjmx.net> (cherry picked from commit 5ebbe788ea4e8bfff6f091654ec3e851e55a5cf8) Signed-off-by: John Johansen <john.johansen@canonical.com>