can only specify one 'type' with 'unix' rules
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
New
|
Undecided
|
Unassigned |
Bug Description
$ echo 'profile test { unix type={dgram,
...
AppArmor parser error, in stdin line 1: socket rule: invalid socket type '{dgram,stream}'
$ echo 'profile test { unix type=({
...
AppArmor parser error, in stdin line 1: unknown rule: conditional 'type' only supports a single value
$ echo 'profile test { unix type=(dgram,
...
AppArmor parser error, in stdin line 1: unknown rule: conditional 'type' only supports a single value
According to 'man unix', the type may be SOCK_DGRAM, SOCK_STREAM or SOCK_SEQPACKET. The apparmor.d man page has this to say about 'type' for unix rules:
UNIX RULE CONDS = ( TYPE COND | PROTO COND )
TYPE COND = 'type' '=' ( AARE | '(' ( '"' AARE '"' | AARE )+ ')' )
which says to me that my first and second test rules should work, but not the third.