touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #27734
[Bug 1262938] Re: Mount and D-Bus rules aren't being optimized correctly
** Changed in: apparmor
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1262938
Title:
Mount and D-Bus rules aren't being optimized correctly
Status in AppArmor Linux application security framework:
Fix Released
Status in “apparmor” package in Ubuntu:
Fix Released
Bug description:
I noticed that mount and dbus rules weren't being optimized correctly
when a more permissive rule follows. For example, 'mount fstype=foo,
mount' should result in the 'mount fstype=foo,' rule being optimized
away. That rule is currently not optimized away and, oddly enough, the
last 'o' in foo is truncated.
Here's a more clear example with ext2 and ext3 fstypes:
$ echo "/t { mount fstype=ext2, mount, }" | apparmor_parser -qQD dfa-states 2>ext2
$ echo "/t { mount fstype=ext3, mount, }" | apparmor_parser -qQD dfa-states 2>ext3
$ md5sum ext2 ext3
e5d4e0b335b1bb530fbff8e0cdfa7337 ext2
e5d4e0b335b1bb530fbff8e0cdfa7337 ext3
$ cat ext2
{1} <== (allow/deny/audit/quiet)
{6} (0x 2/0/0/0)
{1} -> {2}: 0x7
{2} -> {3}: 0x0
{2} -> {2}: []
{3} -> {4}: 0x0
{3} -> {3}: []
{4} -> {6}: 0x0
{4} -> {7}: 0x65 e
{4} -> {5}: []
{5} -> {6}: 0x0
{5} -> {5}: []
{6} (0x 2/0/0/0) -> {6}: [^\0x0]
{7} -> {6}: 0x0
{7} -> {8}: 0x78 x
{7} -> {5}: []
{8} -> {6}: 0x0
{8} -> {5}: 0x74 t
{8} -> {5}: []
While the md5sum of the ext2 and ext3 files should be equal, they
should not contain any remnants of the fstype=ext2 or fstype=ext3
conditional.
Off the top of his head, JJ thinks that it has to do with the DFA
minimization in parser/libapparmor_re/hfa.cc.
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1262938/+subscriptions
