Commit 29c776e4 authored by John Johansen's avatar John Johansen Committed by Steve Beattie

parser: fix rejecting of unix rules with listen or bind permissions

Only reject rules with explicit listen or bind permissions if a peer
conditional is specified.
Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
Acked-by: default avatarSeth Arnold <seth.arnold@canonical.com>
parent e119901e
......@@ -115,12 +115,10 @@ unix_rule::unix_rule(int mode_p, struct cond_entry *conds,
mode = mode_p;
if (mode & ~AA_VALID_NET_PERMS)
yyerror("mode contains invalid permissions for unix socket rules\n");
else if ((mode & AA_NET_BIND) &&
((mode & AA_PEER_NET_PERMS) || has_peer_conds()))
else if ((mode & AA_NET_BIND) && has_peer_conds())
/* Do we want to loosen this? */
yyerror("unix socket 'bind' access cannot be used with message rule conditionals\n");
else if ((mode & AA_NET_LISTEN) &&
((mode & AA_PEER_NET_PERMS) || has_peer_conds()))
else if ((mode & AA_NET_LISTEN) && has_peer_conds())
/* Do we want to loosen this? */
yyerror("unix socket 'listen' access cannot be used with message rule conditionals\n");
} else {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment