From d359c62ce9bbbb687158f86f8cc18cc51aed38c9 Mon Sep 17 00:00:00 2001
From: Andy Lutomirski
Date: Fri, 24 Jan 2014 12:02:59 -0800
Subject: setpriv: Fix --apparmor-profile

There were two bugs.  First, trying to access /proc/self/attr/exec
with O_CREAT | O_EXCL has no chance of working.  Second, it turns
out that the correct command to send is "exec", not "changeprofile".
Of course, there was no way to know this until:

    commit 3eea57c26e49a5add4c053a031cc2a1977b7c48e
    Author: John Johansen <john.johansen@canonical.com>
    Date:   Wed Feb 27 03:44:40 2013 -0800

        apparmor: fix setprocattr arg processing for onexec

Signed-off-by: Andy Lutomirski <luto@amacapital.net>
---
 sys-utils/setpriv.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'sys-utils/setpriv.c')

diff --git a/sys-utils/setpriv.c b/sys-utils/setpriv.c
index a17f92509..7bea62649 100644
--- a/sys-utils/setpriv.c
+++ b/sys-utils/setpriv.c
@@ -538,12 +538,12 @@ static void do_apparmor_profile(const char *label)
 	if (access(_PATH_SYS_APPARMOR, F_OK) != 0)
 		errx(SETPRIV_EXIT_PRIVERR, _("AppArmor is not running"));
 
-	f = fopen(_PATH_PROC_ATTR_EXEC, "wx");
+	f = fopen(_PATH_PROC_ATTR_EXEC, "r+");
 	if (!f)
 		err(SETPRIV_EXIT_PRIVERR,
 		    _("cannot open %s"), _PATH_PROC_ATTR_EXEC);
 
-	fprintf(f, "changeprofile %s", label);
+	fprintf(f, "exec %s", label);
 
 	if (close_stream(f) != 0)
 		err(SETPRIV_EXIT_PRIVERR,
-- 
cgit v1.2.3-55-g7522