AppArmor

"merged rule with conflicting x modifiers" with alias that has a glob on right-hand side

Bug #1462622 reported by intrigeri on 2015-06-06

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	AppArmor	New	Undecided	Unassigned

Bug Description

Current Debian unstable, apparmor 2.9.2-3, linux-image-4.0.0-1-amd64 4.0.2-1.

This profile loads just fine:

alias / -> /lib/live/mount/rootfs/bla.squashfs/,
profile whatever {
/usr/{,local/}lib*/{,**/}* Pixr,
/usr/lib/chromium-browser/chrome-sandbox PUxr,
}

But trying to load this one (with apparmor_parser -K -r):

alias / -> /lib/live/mount/rootfs/*.squashfs/,
profile whatever {
/usr/{,local/}lib*/{,**/}* Pixr,
/usr/lib/chromium-browser/chrome-sandbox PUxr,
}

... results in:

profile has merged rule with conflicting x modifiers
ERROR processing regexs for profile whatever, failed to load

Note that both profiles load fine with AppArmor 2.8 + jjohansen experimental aliases improvements patch.

Tags:

Christian Boltz (cboltz) on 2015-06-06

tags:

added: aa-parser

Revision history for this message

intrigeri (intrigeri) wrote on 2015-08-24:

FTR: this is still the case with Debian experimental's apparmor 2.10-1 and linux-image-4.1.0-2-amd64 4.1.5-1. Should I provide additional info to ease triaging, or can you folks reproduce it as-is?

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.