Ubuntu
apparmor package

  1. Trusty (14.04)
  2. Bug #1733700
  3. Comment #3

Comment 3 for bug 1733700

Revision history for this message
Tyler Hicks (tyhicks) wrote : Re: apparmor python tools do not understand 'include' rules

I took a quick look at this bug to attempt to locate the problem. I originally thought it was due to the Python utils' parser not supporting include rules that are missing a leading '#' but that's not the case since the regex in utils/apparmor/regex.py supports such an include rule:

  RE_INCLUDE = re.compile('^\s*#?include\s*<(?P<magicpath>.*)>' + RE_EOL)

The problem here is due to the regex only supporting include paths that are surrounded by <>. The apparmor_parser allows for absolute include paths to be surrounded by "" or by nothing at all and that is what the Python utils do not currently support.

Also note that there are existing, but commented out, tests for this style of include rules in utils/test/test-regex_matches.py:

class Test_re_match_include(AATest):
    tests = [
...
        # ('include foo', 'foo' ), # XXX not supported in tools yet
        # ('include /foo/bar', '/foo/bar' ), # XXX not supported in tools yet
        # ('include "foo"', 'foo' ), # XXX not supported in tools yet
        # ('include "/foo/bar"', '/foo/bar' ), # XXX not supported in tools yet

...
    ]