apparmor does not expand variables within dbus rules

Bug #1218099 reported by Jamie Strandboge on 2013-08-28
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
High
Jamie Strandboge
Saucy
High
Jamie Strandboge
apparmor-easyprof-ubuntu (Ubuntu)
High
Jamie Strandboge
Saucy
High
Jamie Strandboge

Bug Description

$ cat /tmp/test_var_in_dbus_rule
@{APP_ID_DBUS}="com_2eubuntu_2edropping_2dletters_5fdropping_2dletters_5f0_2e1_2e2_2e2"
profile test_var_in_dbus_rule {
  dbus (send)
       bus=session
       path="/com/canonical/hud/applications/@{APP_ID_DBUS}",
}

$ apparmor_parser -p /tmp/test_var_in_dbus_rule
@{APP_ID_DBUS}="com_2eubuntu_2edropping_2dletters_5fdropping_2dletters_5f0_2e1_2e2_2e2"
profile test_var_in_dbus_rule {
  dbus (send)
       bus=session
       path="/com/canonical/hud/applications/@{APP_ID_DBUS}",
}

$ sudo apparmor_parser -r /tmp/test_var_in_dbus_rule
apparmor_parser: Regex grouping error: Invalid number of items between {}
apparmor_parser: Unable to parse input line '/com/canonical/hud/applications/@{APP_ID_DBUS}'
ERROR processing policydb rules for profile test_var_in_dbus_rule, failed to load
[1]

Changed in apparmor (Ubuntu Saucy):
status: New → Triaged
Changed in apparmor-easyprof-ubuntu (Ubuntu Saucy):
status: New → Triaged
Changed in apparmor (Ubuntu Saucy):
importance: Undecided → High
Changed in apparmor-easyprof-ubuntu (Ubuntu Saucy):
importance: Undecided → High
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in apparmor (Ubuntu Saucy):
status: Triaged → New
Tyler Hicks (tyhicks) on 2013-08-28
Changed in apparmor (Ubuntu Saucy):
assignee: nobody → Tyler Hicks (tyhicks)
milestone: none → ubuntu-13.09
status: New → Triaged
tags: added: application-confinement appstore
Jamie Strandboge (jdstrand) wrote :

Steve committed r2161 for this to trunk. I'll prepare the upload for 13.10.

Changed in apparmor (Ubuntu Saucy):
assignee: Tyler Hicks (tyhicks) → Jamie Strandboge (jdstrand)
status: Triaged → In Progress
Jamie Strandboge (jdstrand) wrote :

I didn't reference it in the changelog, but apparmor-easyprof-ubuntu now uses dbus rules with APP_ID_DBUS in 1.0.24.

Changed in apparmor-easyprof-ubuntu (Ubuntu Saucy):
status: Triaged → Fix Released
Changed in apparmor (Ubuntu Saucy):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.8.0-0ubuntu26

---------------
apparmor (2.8.0-0ubuntu26) saucy; urgency=low

  * debian/patches/0064-lp1218099.patch: add support for variable expansion in
    dbus rules (LP: #1218099)
 -- Jamie Strandboge <email address hidden> Thu, 29 Aug 2013 16:28:36 -0500

Changed in apparmor (Ubuntu Saucy):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers