2016-08-04 16:28:56 |
Jamie Strandboge |
bug |
|
|
added bug |
2016-08-04 17:10:54 |
Jamie Strandboge |
description |
If a profile has '.' in the name, then the parser fails to compile the policy:
$ sudo apparmor_parser -r /tmp/profile && aa-exec -p test /tmp/test.sh
AppArmor parser error for /tmp/profile in /tmp/profile at line 14: Found unexpected character: '.'
If put a profile with '.' in the name in a variable, the parser compiles the policy but the exec transition fails:
$ sudo apparmor_parser -r /tmp/profile && aa-exec -p test /tmp/test.sh
/tmp/with.dots: 3: /tmp/with.dots: cat: Permission denied
denial is:
apparmor="DENIED" operation="exec" info="profile transition not found" error=-13 profile="test" name="/bin/cat" pid=18219 comm="with.dots" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
$ cat /tmp/test.sh
#!/bin/sh
cat /proc/version
$ cat /tmp/profile
#include <tunables/global>
@{TARGET_PROFILE}="with.dots"
profile test {
#include <abstractions/base>
#include <abstractions/bash>
/tmp/test.sh r,
# parser error:
# AppArmor parser error for /tmp/profile in /tmp/profile at line 14: Found
# unexpected character: '.'
/{,usr/}bin/cat cx -> with.dots,
# fail to transition:
# apparmor="DENIED" operation="exec" info="profile transition not found"
# error=-13 profile="test" name="/bin/cat" pid=18105 comm="with.dots"
# requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
#/{,usr/}bin/cat cx -> @{TARGET_PROFILE},
# ok
#/{,usr/}bin/cat cx -> no_dots,
profile with.dots {
#include <abstractions/base>
@{PROC}/version r,
/{,usr/}bin/cat r,
}
profile no_dots {
#include <abstractions/base>
@{PROC}/version r,
/{,usr/}bin/cat r,
}
}
$ sudo apparmor_parser -r /tmp/profile && aa-exec -p test /tmp/test.sh
AppArmor parser error for /tmp/profile in /tmp/profile at line 14: Found unexpected character: '.' |
If a profile has '.' in the name, then the parser fails to compile the policy:
$ sudo apparmor_parser -r /tmp/profile && aa-exec -p test /tmp/test.sh
AppArmor parser error for /tmp/profile in /tmp/profile at line 14: Found unexpected character: '.'
If put a profile with '.' in the name in a variable, the parser compiles the policy but the exec transition fails:
$ sudo apparmor_parser -r /tmp/profile && aa-exec -p test /tmp/test.sh
/tmp/with.dots: 3: /tmp/with.dots: cat: Permission denied
denial is:
apparmor="DENIED" operation="exec" info="profile transition not found" error=-13 profile="test" name="/bin/cat" pid=18219 comm="with.dots" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
$ cat /tmp/test.sh
#!/bin/sh
cat /proc/version
$ cat /tmp/profile
#include <tunables/global>
@{TARGET_PROFILE}="with.dots"
profile test {
#include <abstractions/base>
#include <abstractions/bash>
/tmp/test.sh r,
# parser error:
# AppArmor parser error for /tmp/profile in /tmp/profile at line 14: Found
# unexpected character: '.'
/{,usr/}bin/cat cx -> with.dots,
# fail to transition:
# apparmor="DENIED" operation="exec" info="profile transition not found"
# error=-13 profile="test" name="/bin/cat" pid=18105 comm="with.dots"
# requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
#/{,usr/}bin/cat cx -> @{TARGET_PROFILE},
# ok
#/{,usr/}bin/cat cx -> no_dots,
profile with.dots {
#include <abstractions/base>
@{PROC}/version r,
/{,usr/}bin/cat r,
}
profile no_dots {
#include <abstractions/base>
@{PROC}/version r,
/{,usr/}bin/cat r,
}
} |
|
2016-08-04 18:47:55 |
Jamie Strandboge |
description |
If a profile has '.' in the name, then the parser fails to compile the policy:
$ sudo apparmor_parser -r /tmp/profile && aa-exec -p test /tmp/test.sh
AppArmor parser error for /tmp/profile in /tmp/profile at line 14: Found unexpected character: '.'
If put a profile with '.' in the name in a variable, the parser compiles the policy but the exec transition fails:
$ sudo apparmor_parser -r /tmp/profile && aa-exec -p test /tmp/test.sh
/tmp/with.dots: 3: /tmp/with.dots: cat: Permission denied
denial is:
apparmor="DENIED" operation="exec" info="profile transition not found" error=-13 profile="test" name="/bin/cat" pid=18219 comm="with.dots" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
$ cat /tmp/test.sh
#!/bin/sh
cat /proc/version
$ cat /tmp/profile
#include <tunables/global>
@{TARGET_PROFILE}="with.dots"
profile test {
#include <abstractions/base>
#include <abstractions/bash>
/tmp/test.sh r,
# parser error:
# AppArmor parser error for /tmp/profile in /tmp/profile at line 14: Found
# unexpected character: '.'
/{,usr/}bin/cat cx -> with.dots,
# fail to transition:
# apparmor="DENIED" operation="exec" info="profile transition not found"
# error=-13 profile="test" name="/bin/cat" pid=18105 comm="with.dots"
# requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
#/{,usr/}bin/cat cx -> @{TARGET_PROFILE},
# ok
#/{,usr/}bin/cat cx -> no_dots,
profile with.dots {
#include <abstractions/base>
@{PROC}/version r,
/{,usr/}bin/cat r,
}
profile no_dots {
#include <abstractions/base>
@{PROC}/version r,
/{,usr/}bin/cat r,
}
} |
If a child profile has '.' in the name, then the parser fails to compile the policy:
$ sudo apparmor_parser -r /tmp/profile && aa-exec -p test /tmp/test.sh
AppArmor parser error for /tmp/profile in /tmp/profile at line 14: Found unexpected character: '.'
If put a profile with '.' in the name in a variable, the parser compiles the policy but the exec transition fails:
$ sudo apparmor_parser -r /tmp/profile && aa-exec -p test /tmp/test.sh
/tmp/with.dots: 3: /tmp/with.dots: cat: Permission denied
denial is:
apparmor="DENIED" operation="exec" info="profile transition not found" error=-13 profile="test" name="/bin/cat" pid=18219 comm="with.dots" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
$ cat /tmp/test.sh
#!/bin/sh
cat /proc/version
$ cat /tmp/profile
#include <tunables/global>
@{TARGET_PROFILE}="with.dots"
profile test {
#include <abstractions/base>
#include <abstractions/bash>
/tmp/test.sh r,
# parser error:
# AppArmor parser error for /tmp/profile in /tmp/profile at line 14: Found
# unexpected character: '.'
/{,usr/}bin/cat cx -> with.dots,
# fail to transition:
# apparmor="DENIED" operation="exec" info="profile transition not found"
# error=-13 profile="test" name="/bin/cat" pid=18105 comm="with.dots"
# requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
#/{,usr/}bin/cat cx -> @{TARGET_PROFILE},
# ok
#/{,usr/}bin/cat cx -> no_dots,
profile with.dots {
#include <abstractions/base>
@{PROC}/version r,
/{,usr/}bin/cat r,
}
profile no_dots {
#include <abstractions/base>
@{PROC}/version r,
/{,usr/}bin/cat r,
}
} |
|
2016-08-04 18:48:11 |
Jamie Strandboge |
description |
If a child profile has '.' in the name, then the parser fails to compile the policy:
$ sudo apparmor_parser -r /tmp/profile && aa-exec -p test /tmp/test.sh
AppArmor parser error for /tmp/profile in /tmp/profile at line 14: Found unexpected character: '.'
If put a profile with '.' in the name in a variable, the parser compiles the policy but the exec transition fails:
$ sudo apparmor_parser -r /tmp/profile && aa-exec -p test /tmp/test.sh
/tmp/with.dots: 3: /tmp/with.dots: cat: Permission denied
denial is:
apparmor="DENIED" operation="exec" info="profile transition not found" error=-13 profile="test" name="/bin/cat" pid=18219 comm="with.dots" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
$ cat /tmp/test.sh
#!/bin/sh
cat /proc/version
$ cat /tmp/profile
#include <tunables/global>
@{TARGET_PROFILE}="with.dots"
profile test {
#include <abstractions/base>
#include <abstractions/bash>
/tmp/test.sh r,
# parser error:
# AppArmor parser error for /tmp/profile in /tmp/profile at line 14: Found
# unexpected character: '.'
/{,usr/}bin/cat cx -> with.dots,
# fail to transition:
# apparmor="DENIED" operation="exec" info="profile transition not found"
# error=-13 profile="test" name="/bin/cat" pid=18105 comm="with.dots"
# requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
#/{,usr/}bin/cat cx -> @{TARGET_PROFILE},
# ok
#/{,usr/}bin/cat cx -> no_dots,
profile with.dots {
#include <abstractions/base>
@{PROC}/version r,
/{,usr/}bin/cat r,
}
profile no_dots {
#include <abstractions/base>
@{PROC}/version r,
/{,usr/}bin/cat r,
}
} |
If a child profile has '.' in the name, then the parser fails to compile the policy:
$ sudo apparmor_parser -r /tmp/profile && aa-exec -p test /tmp/test.sh
AppArmor parser error for /tmp/profile in /tmp/profile at line 14: Found unexpected character: '.'
If put a child profile with '.' in the name in a variable, the parser compiles the policy but the exec transition fails:
$ sudo apparmor_parser -r /tmp/profile && aa-exec -p test /tmp/test.sh
/tmp/with.dots: 3: /tmp/with.dots: cat: Permission denied
denial is:
apparmor="DENIED" operation="exec" info="profile transition not found" error=-13 profile="test" name="/bin/cat" pid=18219 comm="with.dots" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
$ cat /tmp/test.sh
#!/bin/sh
cat /proc/version
$ cat /tmp/profile
#include <tunables/global>
@{TARGET_PROFILE}="with.dots"
profile test {
#include <abstractions/base>
#include <abstractions/bash>
/tmp/test.sh r,
# parser error:
# AppArmor parser error for /tmp/profile in /tmp/profile at line 14: Found
# unexpected character: '.'
/{,usr/}bin/cat cx -> with.dots,
# fail to transition:
# apparmor="DENIED" operation="exec" info="profile transition not found"
# error=-13 profile="test" name="/bin/cat" pid=18105 comm="with.dots"
# requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
#/{,usr/}bin/cat cx -> @{TARGET_PROFILE},
# ok
#/{,usr/}bin/cat cx -> no_dots,
profile with.dots {
#include <abstractions/base>
@{PROC}/version r,
/{,usr/}bin/cat r,
}
profile no_dots {
#include <abstractions/base>
@{PROC}/version r,
/{,usr/}bin/cat r,
}
} |
|
2016-08-23 18:20:34 |
John Johansen |
bug task added |
|
linux (Ubuntu) |
|
2016-08-23 18:20:49 |
John Johansen |
nominated for series |
|
Ubuntu Yakkety |
|
2016-08-23 18:20:49 |
John Johansen |
bug task added |
|
linux (Ubuntu Yakkety) |
|
2016-08-23 18:20:49 |
John Johansen |
nominated for series |
|
Ubuntu Xenial |
|
2016-08-23 18:20:49 |
John Johansen |
bug task added |
|
linux (Ubuntu Xenial) |
|
2016-08-23 18:21:01 |
John Johansen |
linux (Ubuntu Xenial): status |
New |
Fix Committed |
|
2016-08-23 18:30:11 |
Brad Figg |
linux (Ubuntu): status |
New |
Incomplete |
|
2016-10-13 20:16:21 |
Christian Boltz |
tags |
|
aa-parser |
|
2017-07-26 15:56:46 |
Andy Whitcroft |
linux (Ubuntu Yakkety): status |
Incomplete |
Won't Fix |
|