Parser incorrectly treats "deny file," rules as invalid

Bug #1215637 reported by Tyler Hicks on 2013-08-22
This bug affects 1 person
Affects Status Importance Assigned to Milestone

Bug Description

Empty file rules work with all rule modifiers except for deny:

$ echo '/t { file, }' | apparmor_parser -Qq
$ echo '/t { audit file, }' | apparmor_parser -Qq
$ echo '/t { owner file, }' | apparmor_parser -Qq
$ echo '/t { deny file, }' | apparmor_parser -Qq
AppArmor parser error, in stdin line 1: Invalid mode, in deny rules 'x' must not be preceded by exec qualifier 'i', 'p', or 'u'

tags: added: aa-parser
Jamie Strandboge (jdstrand) wrote :

This is still an issue with 2.9.

Changed in apparmor:
status: Confirmed → Triaged
Christian Boltz (cboltz) wrote :

This bug still exists in 2.10.

When fixing this, please also add a test profile with "deny file,".

Tyler Hicks (tyhicks) wrote :

A test now exists. The =TODO bit should be removed when this issue is fixed.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers