touch-packages team mailing list archive

Thread
Date

[Bug 670639] Re: apparmor_parser dfa dominance is incorrect

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Jamie Strandboge <jamie@xxxxxxxxxx>
Date: Wed, 08 Oct 2014 21:56:57 -0000
Reply-to: Bug 670639 <670639@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: apparmor (Ubuntu)
   Importance: Medium => Low

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/670639

Title:
  apparmor_parser dfa dominance is incorrect

Status in “apparmor” package in Ubuntu:
  Triaged

Bug description:
  Binary package hint: apparmor

  On up to date Maverick, the following will not parse:

  $ cat /tmp/bug_fails 
  #include <tunables/global>
  profile confined_user {
     #include <abstractions/base>
     #include <abstractions/bash>
     #include <abstractions/consoles>
     #include <abstractions/nameservice>

     deny capability sys_ptrace,

     owner /** rwkl,
     @{PROC}/** r,

     /bin/**  Pixmr,
     /usr/bin/** Pixmr,
     owner @{HOMEDIRS}/bin/** Pixmr,
  }

  $ apparmor_parser -S /tmp/bug_fails  >/dev/null
  failed user merge 0xa7f 0x201
  failed user merge 0xa7f 0x201
  ERROR processing regexs for profile confined_user, failed to load

  
  But this will:
  $ cat /tmp/bug_works 
  #include <tunables/global>
  profile confined_user {
     #include <abstractions/base>
     #include <abstractions/bash>
     #include <abstractions/consoles>
     #include <abstractions/nameservice>

     deny capability sys_ptrace,

     owner /** rwkl,
     @{PROC}/** r,

     /bin/**  Pixmr,
     /usr/bin/** Pixmr,
     owner @{HOMEDIRS}/bin/** ixmr,
  }
  $ apparmor_parser -S /tmp/bug_works  >/dev/null

  Attached are the profiles and output from apparmor_parser -p.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/670639/+subscriptions