syntax errors when specifying px rules with exec transitions that have '.' in the name
Bug #1696552 reported by
Jamie Strandboge
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
New
|
Undecided
|
Unassigned |
Bug Description
$ echo 'profile test { /foo/** px -> snap.foo.bar//&baz }' | apparmor_parser -QTK
...
AppArmor parser error, in stdin line 1: Found unexpected character: '.'
$ echo 'profile test { /foo/** px -> baz//&snap.foo.bar }' | apparmor_parser -QTK
AppArmor parser error, in stdin line 1: syntax error, unexpected TOK_ID, expecting TOK_END_OF_RULE
To post a comment you must log in.
I found myself wanting to do this again and tried this:
@{OTHER_ PROFILE} ="snap. foo.other"
profile snap.foo.bar {
/some/path Px -> @{OTHER_PROFILE},
}
This indirection allows the profile to compile but unfortunately can't transition to it:
audit: type=1400 audit(151700029 4.082:10903) : apparmor="DENIED" operation="exec" info="profile transition not found" error=-13 profile= "snap.foo. bar" name="/some/path" pid=9534 comm="strace" requested_mask="x" denied_mask="x" fsuid=1000 ouid=1000