syntax errors when specifying px rules with exec transitions that have '.' in the name

Bug #1696552 reported by Jamie Strandboge
This bug affects 1 person
Affects Status Importance Assigned to Milestone

Bug Description

$ echo 'profile test { /foo/** px -> }' | apparmor_parser -QTK
AppArmor parser error, in stdin line 1: Found unexpected character: '.'

$ echo 'profile test { /foo/** px -> baz//& }' | apparmor_parser -QTK
AppArmor parser error, in stdin line 1: syntax error, unexpected TOK_ID, expecting TOK_END_OF_RULE

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

I found myself wanting to do this again and tried this:

profile {
  /some/path Px -> @{OTHER_PROFILE},

This indirection allows the profile to compile but unfortunately can't transition to it:

audit: type=1400 audit(1517000294.082:10903): apparmor="DENIED" operation="exec" info="profile transition not found" error=-13 profile="" name="/some/path" pid=9534 comm="strace" requested_mask="x" denied_mask="x" fsuid=1000 ouid=1000

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers