From: Andy Lutomirski <luto@amacapital.net>
Date: Fri, 24 Jan 2014 20:02:59 +0000 (-0800)
Subject: setpriv: Fix --apparmor-profile
X-Git-Tag: v2.25-rc1~612
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d359c62ce9bbbb687158f86f8cc18cc51aed38c9;p=thirdparty%2Futil-linux.git

setpriv: Fix --apparmor-profile

There were two bugs.  First, trying to access /proc/self/attr/exec
with O_CREAT | O_EXCL has no chance of working.  Second, it turns
out that the correct command to send is "exec", not "changeprofile".
Of course, there was no way to know this until:

    commit 3eea57c26e49a5add4c053a031cc2a1977b7c48e
    Author: John Johansen <john.johansen@canonical.com>
    Date:   Wed Feb 27 03:44:40 2013 -0800

        apparmor: fix setprocattr arg processing for onexec

Signed-off-by: Andy Lutomirski <luto@amacapital.net>
---

diff --git a/sys-utils/setpriv.c b/sys-utils/setpriv.c
index a17f925091..7bea626495 100644
--- a/sys-utils/setpriv.c
+++ b/sys-utils/setpriv.c
@@ -538,12 +538,12 @@ static void do_apparmor_profile(const char *label)
 	if (access(_PATH_SYS_APPARMOR, F_OK) != 0)
 		errx(SETPRIV_EXIT_PRIVERR, _("AppArmor is not running"));
 
-	f = fopen(_PATH_PROC_ATTR_EXEC, "wx");
+	f = fopen(_PATH_PROC_ATTR_EXEC, "r+");
 	if (!f)
 		err(SETPRIV_EXIT_PRIVERR,
 		    _("cannot open %s"), _PATH_PROC_ATTR_EXEC);
 
-	fprintf(f, "changeprofile %s", label);
+	fprintf(f, "exec %s", label);
 
 	if (close_stream(f) != 0)
 		err(SETPRIV_EXIT_PRIVERR,