aa-cleanprof / delete_duplicates() doesn't check indirect includes
Bug #1399012 reported by
Christian Boltz
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| AppArmor |
New
|
Undecided
|
Unassigned | ||
Bug Description
aa-cleanprof / delete_duplicates() checks only files directly included in a profile, but it doesn't check indirect includes.
Shortened example:
usr.sbin.dovecot {
# include <abstractions/
capability net_bind_service,
}
abstractions/
#include <abstractions/nis>
abstractions/nis contains:
capability net_bind_service,
Expected result: aa-cleanprof should remove net_bind_service from the dovecot profile.
-> delete_duplicates() in aa.py needs to recursively(!) check the includes
To post a comment you must log in.
