From 629d3d9238bcc7bafb04ec6a4327d4d352d33736 Mon Sep 17 00:00:00 2001
From: Simon McVittie <simon.mcvittie@collabora.co.uk>
Date: Wed, 20 Jul 2016 19:41:07 +0100
Subject: [PATCH] session-lockdown-no-deny: only ignore FileNotFoundError

If we fail to read the AppArmor profile or other required information
due to a time-of-check/time-of-use difference (the process exits)
then that's fine. Otherwise, it's a problem and we should fail,
although we might as well continue testing and get more complete
results.

Reviewed-by: Sjoerd Simons <sjoerd.simons@collabora.co.uk>
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Differential Revision: https://phabricator.apertis.org/D3770
---
 apparmor/session-lockdown/no-deny | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/apparmor/session-lockdown/no-deny b/apparmor/session-lockdown/no-deny
index ebc9fa7..358e039 100755
--- a/apparmor/session-lockdown/no-deny
+++ b/apparmor/session-lockdown/no-deny
@@ -103,8 +103,11 @@ def get_processes(profiles):
                     else:
                         not_ok('process {} {!r} context {!r} could not be '
                                'parsed'.format(filename, exe, p))
-            except:
+            except FileNotFoundError:
+                # probably the process exited after the listdir()
                 pass
+            except Exception as e:
+                not_ok(str(e))
 
     return processes
 
-- 
GitLab