aa-remove-unknown: fix readability check [upstreaming]
I am upstreaming this patch that is part of the nix package of apparmor for close to a year now. This fixes the issue at https://github.com/NixOS/nixpkgs/issues/273164 for more distros than just NixOS. The original merge Request on the nix side patching this was https://github.com/NixOS/nixpkgs/pull/285915. However, people had issues with gitlab, so this never hit apparmor upstream until now. This does however also mean this patch has seen production and seems to work quite well.
Original reasoning/message of the patch author:
This check is intended for ensuring that the profiles file can actually be opened. The actual check is performed by the shell, not the read utility, which won't even be executed if the input redirection (and hence the test) fails.
If the test succeeds, though, using read
here might actually
jeopardize the test result if there are no profiles loaded and the file
is empty.
This commit fixes that case by simply using true
instead of read
.