touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #91660
[Bug 1446794] Re: parser error with 'deny change_profile'
AppArmor 2.10 has fixed the parsing issue; however, the policy generated
does not actually deny the change_profile.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1446794
Title:
parser error with 'deny change_profile'
Status in apparmor package in Ubuntu:
Triaged
Bug description:
$ echo 'profile foo { deny change_profile -> unconfined, }' | apparmor_parser -p
Warning from stdin (line 1): apparmor_parser: cannot use or update cache, disable, or force-complain via stdin
AppArmor parser error, in stdin line 1: syntax error, unexpected TOK_CHANGE_PROFILE, expecting TOK_ID or TOK_MODE or TOK_SET_VAR
profile foo { deny change_profile[1]
$ echo 'profile foo { deny change_profile -> /**, }' | apparmor_parser -p
Warning from stdin (line 1): apparmor_parser: cannot use or update cache, disable, or force-complain via stdin
AppArmor parser error, in stdin line 1: syntax error, unexpected TOK_CHANGE_PROFILE, expecting TOK_ID or TOK_MODE or TOK_SET_VAR
profile foo { deny change_profile[1]
$ echo 'profile foo { deny change_profile -> {unconfined,/**}, }' | apparmor_parser -p
Warning from stdin (line 1): apparmor_parser: cannot use or update cache, disable, or force-complain via stdin
AppArmor parser error, in stdin line 1: syntax error, unexpected TOK_CHANGE_PROFILE, expecting TOK_ID or TOK_MODE or TOK_SET_VAR
profile foo { deny change_profile[1]
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1446794/+subscriptions
References