touch-packages team mailing list archive

[Jamie Strandboge <jamie@xxxxxxxxxx>]

** Tags added: aa-parser

** Also affects: apparmor
   Importance: Undecided
       Status: New

** Changed in: apparmor
       Status: New => Triaged

** Changed in: apparmor
   Importance: Undecided => Low

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/670639

Title:
  apparmor_parser dfa dominance is incorrect

Status in AppArmor Linux application security framework:
  Triaged
Status in “apparmor” package in Ubuntu:
  Triaged

Bug description:
  Binary package hint: apparmor

  On up to date Maverick, the following will not parse:

  $ cat /tmp/bug_fails 
  #include <tunables/global>
  profile confined_user {
     #include <abstractions/base>
     #include <abstractions/bash>
     #include <abstractions/consoles>
     #include <abstractions/nameservice>

     deny capability sys_ptrace,

     owner /** rwkl,
     @{PROC}/** r,

     /bin/**  Pixmr,
     /usr/bin/** Pixmr,
     owner @{HOMEDIRS}/bin/** Pixmr,
  }

  $ apparmor_parser -S /tmp/bug_fails  >/dev/null
  failed user merge 0xa7f 0x201
  failed user merge 0xa7f 0x201
  ERROR processing regexs for profile confined_user, failed to load

  
  But this will:
  $ cat /tmp/bug_works 
  #include <tunables/global>
  profile confined_user {
     #include <abstractions/base>
     #include <abstractions/bash>
     #include <abstractions/consoles>
     #include <abstractions/nameservice>

     deny capability sys_ptrace,

     owner /** rwkl,
     @{PROC}/** r,

     /bin/**  Pixmr,
     /usr/bin/** Pixmr,
     owner @{HOMEDIRS}/bin/** ixmr,
  }
  $ apparmor_parser -S /tmp/bug_works  >/dev/null

  Attached are the profiles and output from apparmor_parser -p.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/670639/+subscriptions