← Back to team overview

touch-packages team mailing list archive

  1. touch-packages team
  2. Mailing list archive
  3. Message #91661

[Bug 1446794] Re: parser error with 'deny change_profile'

  Thread PreviousDate PreviousThread Next 
The following is a patch against the parser's policy equality and
inequality test script that demonstrates that 'deny change_profile'
policy is not being generated correctly:

Index: b/parser/tst/equality.sh
===================================================================
--- a/parser/tst/equality.sh
+++ b/parser/tst/equality.sh
@@ -285,7 +285,8 @@ for rule in "capability" "capability mac
 	"file /f r" "file /f w" "file /f rwmlk" \
 	"link /a -> /b" "link subset /a -> /b" \
 	"l /a -> /b" "l subset /a -> /b" \
-	"file l /a -> /b" "l subset /a -> /b"
+	"file l /a -> /b" "l subset /a -> /b" \
+	"change_profile -> unconfined" "change_profile -> /**"
 do
 	verify_binary_equality "allow modifier for \"${rule}\"" \
 		"/t { ${rule}, }" \

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1446794

Title:
  parser error with 'deny change_profile'

Status in apparmor package in Ubuntu:
  Triaged

Bug description:
  $ echo 'profile foo { deny change_profile -> unconfined, }' | apparmor_parser -p
  Warning from stdin (line 1): apparmor_parser: cannot use or update cache, disable, or force-complain via stdin
  AppArmor parser error, in stdin line 1: syntax error, unexpected TOK_CHANGE_PROFILE, expecting TOK_ID or TOK_MODE or TOK_SET_VAR
  profile foo { deny change_profile[1]

  $ echo 'profile foo { deny change_profile -> /**, }' | apparmor_parser -p
  Warning from stdin (line 1): apparmor_parser: cannot use or update cache, disable, or force-complain via stdin
  AppArmor parser error, in stdin line 1: syntax error, unexpected TOK_CHANGE_PROFILE, expecting TOK_ID or TOK_MODE or TOK_SET_VAR
  profile foo { deny change_profile[1]

  $ echo 'profile foo { deny change_profile -> {unconfined,/**}, }' | apparmor_parser -p
  Warning from stdin (line 1): apparmor_parser: cannot use or update cache, disable, or force-complain via stdin
  AppArmor parser error, in stdin line 1: syntax error, unexpected TOK_CHANGE_PROFILE, expecting TOK_ID or TOK_MODE or TOK_SET_VAR
  profile foo { deny change_profile[1]

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1446794/+subscriptions

References

  Thread PreviousDate PreviousThread Next