From d68db9f2cee975aad5e07b44485615f3d842ab45 Mon Sep 17 00:00:00 2001 From: Darik Horn Date: Fri, 11 Jul 2014 16:17:18 -0400 Subject: [PATCH] Change GetExeDir to GetStateDir in Cedar and Mayaqua. Resolve this AppArmor error by ensuring that certificate files files are written into /var/lib/softether instead of the current working directory: Profile: /usr/sbin/softetherd Operation: mkdir Name: /usr/sbin/chain_certs Denied: c Logfile: /var/log/kern.log type=1400 audit: apparmor="DENIED" operation="mkdir" profile="/usr/sbin/softetherd" name="/usr/sbin/chain_certs/" pid=36448 comm="softetherd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0 --- src/Cedar/Protocol.c | 12 ++++++------ src/Mayaqua/Network.c | 6 +++--- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/Cedar/Protocol.c b/src/Cedar/Protocol.c index 9ad1906e..3996d6f1 100644 --- a/src/Cedar/Protocol.c +++ b/src/Cedar/Protocol.c @@ -161,10 +161,10 @@ bool TryGetRootCertChain(LIST *o, X *x, bool auto_save, X **found_root_x) UINT i; DIRLIST *dir; wchar_t dirname[MAX_SIZE]; - wchar_t exedir[MAX_SIZE]; + wchar_t statedir[MAX_SIZE]; - GetExeDirW(exedir, sizeof(exedir)); - CombinePathW(dirname, sizeof(dirname), exedir, L"chain_certs"); + GetStateDirW(statedir, sizeof(statedir)); + CombinePathW(dirname, sizeof(dirname), statedir, L"chain_certs"); MakeDirExW(dirname); if (auto_save) @@ -461,7 +461,7 @@ void AddXToCertList(LIST *o, X *x) void AddAllChainCertsToCertList(LIST *o) { wchar_t dirname[MAX_SIZE]; - wchar_t exedir[MAX_SIZE]; + wchar_t statedir[MAX_SIZE]; DIRLIST *dir; // Validate arguments if (o == NULL) @@ -469,9 +469,9 @@ void AddAllChainCertsToCertList(LIST *o) return; } - GetExeDirW(exedir, sizeof(exedir)); + GetStateDirW(statedir, sizeof(statedir)); - CombinePathW(dirname, sizeof(dirname), exedir, L"chain_certs"); + CombinePathW(dirname, sizeof(dirname), statedir, L"chain_certs"); MakeDirExW(dirname); diff --git a/src/Mayaqua/Network.c b/src/Mayaqua/Network.c index b09c6ee1..a4b732c8 100644 --- a/src/Mayaqua/Network.c +++ b/src/Mayaqua/Network.c @@ -12594,7 +12594,7 @@ void SetWantToUseCipher(SOCK *sock, char *name) void AddChainSslCertOnDirectory(struct ssl_ctx_st *ctx) { wchar_t dirname[MAX_SIZE]; - wchar_t exedir[MAX_SIZE]; + wchar_t statedir[MAX_SIZE]; wchar_t txtname[MAX_SIZE]; DIRLIST *dir; LIST *o; @@ -12608,9 +12608,9 @@ void AddChainSslCertOnDirectory(struct ssl_ctx_st *ctx) o = NewListFast(NULL); - GetExeDirW(exedir, sizeof(exedir)); + GetStateDirW(statedir, sizeof(statedir)); - CombinePathW(dirname, sizeof(dirname), exedir, L"chain_certs"); + CombinePathW(dirname, sizeof(dirname), statedir, L"chain_certs"); MakeDirExW(dirname);