Commit 4a616e35 authored by John Johansen's avatar John Johansen Committed by Steve Beattie

parser: allow specifying the unix perm with peer perms

Fix to allow specifying the unix perm with peer perms. This is allowed
now and even supported, since for unix sockets the peer accept is
mediated in the unix_stream_connect hook (something that is not
possible in the lsm accept hook).
Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
Acked-by: default avatarSeth Arnold <seth.arnold@canonical.com>
parent 4f80b4d5
......@@ -123,10 +123,6 @@ unix_rule::unix_rule(int mode_p, struct cond_entry *conds,
((mode & AA_PEER_NET_PERMS) || has_peer_conds()))
/* Do we want to loosen this? */
yyerror("unix socket 'listen' access cannot be used with message rule conditionals\n");
else if ((mode & AA_NET_ACCEPT) &&
((mode & AA_PEER_NET_PERMS) || has_peer_conds()))
/* Do we want to loosen this? */
yyerror("unix socket 'accept' access cannot be used with message rule conditionals\n");
} else {
mode = AA_VALID_NET_PERMS;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment