Overview

File perl-apparmor-fix-bare-network-keyword-handling.diff of Package apparmor.2939

From: Jeff Mahoney <jeffm@suse.com>
Subject: perl-apparmor: Fix bare 'network' keyword handling
References: bnc#889650

The 'network' bare keyword was being printed as "audit network all" due to
two different bugs:

1) {audit}{all} was always being set to 1, regardless of whether the audit
   keyword was used
2) {rule} eq 'all' is the wrong test - it should be {rule}{all}

With these fixed, 'network' is properly handled.

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
--- a/utils/Immunix/AppArmor.pm
+++ b/utils/Immunix/AppArmor.pm
@@ -5353,7 +5368,7 @@
 		$profile_data->{$profile}{$hat}{$allow}{netdomain}{audit}{$fam} = $audit;
             } else {
                 $profile_data->{$profile}{$hat}{$allow}{netdomain}{rule}{all} = 1;
-                $profile_data->{$profile}{$hat}{$allow}{netdomain}{audit}{all} = 1;
+                $profile_data->{$profile}{$hat}{$allow}{netdomain}{audit}{all} = $audit;
             }
         } elsif (/^\s*(tcp_connect|tcp_accept|udp_send|udp_receive)/) {
 # just ignore and drop old style network
@@ -5708,7 +5729,7 @@
     # dump out the netdomain entries...
     if (exists $profile_data->{$allow}{netdomain}) {
         if ( $profile_data->{$allow}{netdomain}{rule} &&
-             $profile_data->{$allow}{netdomain}{rule} eq 'all') {
+             $profile_data->{$allow}{netdomain}{rule}{all}) {
 	    $audit = "audit " if $profile_data->{$allow}{netdomain}{audit}{all};
             push @data, "${pre}${audit}network,";
         } else {
openSUSE Build Service is sponsored by
Places