setpriv: Fix --apparmor-profile

There were two bugs.  First, trying to access /proc/self/attr/exec
with O_CREAT | O_EXCL has no chance of working.  Second, it turns
out that the correct command to send is "exec", not "changeprofile".
Of course, there was no way to know this until:

    commit 3eea57c26e49a5add4c053a031cc2a1977b7c48e
    Author: John Johansen <john.johansen@canonical.com>
    Date:   Wed Feb 27 03:44:40 2013 -0800

        apparmor: fix setprocattr arg processing for onexec

Signed-off-by: Andy Lutomirski <luto@amacapital.net>

diff --git a/sys-utils/setpriv.c b/sys-utils/setpriv.c
index a17f925091c86230cc9960dd0a10297ba7266425..7bea6264953ae8d247bd77665b29357a8ee3668f 100644 (file)
--- a/sys-utils/setpriv.c
+++ b/sys-utils/setpriv.c
@@ -538,12 +538,12 @@ static void do_apparmor_profile(const char *label)
        if (access(_PATH_SYS_APPARMOR, F_OK) != 0)
                errx(SETPRIV_EXIT_PRIVERR, _("AppArmor is not running"));
 
-       f = fopen(_PATH_PROC_ATTR_EXEC, "wx");
+       f = fopen(_PATH_PROC_ATTR_EXEC, "r+");
        if (!f)
                err(SETPRIV_EXIT_PRIVERR,
                    _("cannot open %s"), _PATH_PROC_ATTR_EXEC);
 
-       fprintf(f, "changeprofile %s", label);
+       fprintf(f, "exec %s", label);
 
        if (close_stream(f) != 0)
                err(SETPRIV_EXIT_PRIVERR,