'profile has merged rule with conflicting x modifiers' with change_profile /**
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| AppArmor |
In Progress
|
Undecided
|
Unassigned | ||
Bug Description
The parser is inconsistently applying the conflicting x modifier check when using 'change_profile /**':
$ cat ./apparmor.profile
#include <tunables/global>
profile test {
#change_profile unsafe /** -> *, # conflicts
change_profile /** -> *, # conflicts
change_profile -> *, # does not conflict
@{HOME}/[^s.]** ix, # conflicts
@{HOME}/** ix, # does not conflict
}
$ apparmor_parser -QTK ./apparmor.profile
profile has merged rule with conflicting x modifiers
ERROR processing regexs for profile test, failed to load
[1]
I would expect either both of the @{HOME} rules to conflict or both to not conflict (though it seems like they should not conflict since the ix rule is a more specific match, but that is a different issue).
| tags: | added: aa-parser |
| Changed in apparmor: | |
| status: | New → In Progress |
