Mount rule parsing silently accepts unknown mount rule options

Bug #1401621 reported by Tyler Hicks on 2014-12-11
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
AppArmor
Medium
Tyler Hicks

Bug Description

The parser accepts mount rule options that it doesn't know about. It sticks the string representation into the resulting DFA. I don't think this is the intended parser behavior and has resulted in confusion for profile authors (see bug #1350947).

$ echo "/t { mount options=(XXX) -> **, }" | apparmor_parser -qQD dfa-states
{1} <== (allow/deny/audit/quiet)
{2} (0x 4/0/0/0)
{3} (0x 4/0/0/0)
{9} (0x 40/0/40/0)
{13} (0x 2/0/0/0)

{1} -> {2}: 0x2
{1} -> {2}: 0x4
{1} -> {3}: 0x7
{1} -> {2}: 0x9
{1} -> {2}: 0xa
{1} -> {2}: 0x20 \
{1} -> {4}: 0x34 4
{3} (0x 4/0/0/0) -> {6}: 0x0
{3} (0x 4/0/0/0) -> {5}: []
{4} -> {7}: 0x0
{5} -> {6}: 0x0
{5} -> {5}: []
{6} -> {8}: 0x0
{6} -> {6}: []
{7} -> {2}: 0x31 1
{8} -> {9}: 0x0
{8} -> {8}: []
{9} (0x 40/0/40/0) -> {10}: 0x0
{9} (0x 40/0/40/0) -> {9}: []
{10} -> {11}: 0x58 X
{11} -> {12}: 0x58 X
{12} -> {13}: 0x58 X

I think the above apparmor_parser command should fail and return an error.

Tyler Hicks (tyhicks) wrote :
Changed in apparmor:
assignee: nobody → Tyler Hicks (tyhicks)
status: Triaged → In Progress
Tyler Hicks (tyhicks) wrote :

Released upstream as part of apparmor-2.9.1

Changed in apparmor:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers