diff options
| author | Andy Lutomirski | 2014-01-24 21:02:59 +0100 |
|---|---|---|
| committer | Karel Zak | 2014-02-10 18:38:35 +0100 |
| commit | d359c62ce9bbbb687158f86f8cc18cc51aed38c9 (patch) | |
| tree | 50bacc54fb732c31391f24996fc036ec2427c201 /sys-utils/setpriv.c | |
| parent | last: make session gone determination more robust (diff) | |
| download | kernel-qcow2-util-linux-d359c62ce9bbbb687158f86f8cc18cc51aed38c9.tar.gz kernel-qcow2-util-linux-d359c62ce9bbbb687158f86f8cc18cc51aed38c9.tar.xz kernel-qcow2-util-linux-d359c62ce9bbbb687158f86f8cc18cc51aed38c9.zip | |
setpriv: Fix --apparmor-profile
There were two bugs. First, trying to access /proc/self/attr/exec
with O_CREAT | O_EXCL has no chance of working. Second, it turns
out that the correct command to send is "exec", not "changeprofile".
Of course, there was no way to know this until:
commit 3eea57c26e49a5add4c053a031cc2a1977b7c48e
Author: John Johansen <john.johansen@canonical.com>
Date: Wed Feb 27 03:44:40 2013 -0800
apparmor: fix setprocattr arg processing for onexec
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Diffstat (limited to 'sys-utils/setpriv.c')
| -rw-r--r-- | sys-utils/setpriv.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys-utils/setpriv.c b/sys-utils/setpriv.c index a17f92509..7bea62649 100644 --- a/sys-utils/setpriv.c +++ b/sys-utils/setpriv.c @@ -538,12 +538,12 @@ static void do_apparmor_profile(const char *label) if (access(_PATH_SYS_APPARMOR, F_OK) != 0) errx(SETPRIV_EXIT_PRIVERR, _("AppArmor is not running")); - f = fopen(_PATH_PROC_ATTR_EXEC, "wx"); + f = fopen(_PATH_PROC_ATTR_EXEC, "r+"); if (!f) err(SETPRIV_EXIT_PRIVERR, _("cannot open %s"), _PATH_PROC_ATTR_EXEC); - fprintf(f, "changeprofile %s", label); + fprintf(f, "exec %s", label); if (close_stream(f) != 0) err(SETPRIV_EXIT_PRIVERR, |