[apparmor] fun when building without awk

John Johansen john.johansen at canonical.com
Thu Jun 21 08:06:35 UTC 2012


On 06/20/2012 06:14 PM, John Johansen wrote:
> On 06/17/2012 02:35 PM, Christian Boltz wrote:
>> Hello,
>>
>> because of some breakage in update-alternatives in the openSUSE build
>> system, a build of AppArmor started with gawk installed, but without the
>> /bin/awk symlink.
>>
>> The result is quite funny[tm] - for example, the generated apparmor.vim
>> contains things like:
>>
>> syn keyword  sdCapKey          /bin/sh: awk: command not found
>> /bin/sh: awk: command not found
>> /bin/sh: awk: command not found
>> /bin/sh: awk: command not found
>> /bin/sh: awk: command not found
>> /bin/sh: awk: command not found
>> /bin/sh: awk: command not found
>> /bin/sh: awk: command not found
>> [...]
>> syn match  sdCap
>> /\v^\s*(audit\s+)?(deny\s+)?capability\s+(/bin/sh:|awk:|command|not|found
>> /bin/sh:|awk:|command|not|found
>> /bin/sh:|awk:|command|not|found
>> /bin/sh:|awk:|command|not|found
>> /bin/sh:|awk:|command|not|found
>> /bin/sh:|awk:|command|not|found
>> [...]
>> syn match  sdNetwork        
>> /\v^\s*(audit\s+)?(deny\s+)?network(\s+(/bin/sh:|ax25|ipx|appletalk|netrom|bridge|atmpvc|x25|inet6|rose|netbeui|security|key|packet|ash|econet|atms»vc|rds|sna|irda|pppox|wanpipe|llc|can|tipc|bluetooth|iucv|rxrpc|isdn|phonet|ieee802154|caif|alg|nfc))?(\s+(stream|dgram|seqpacket|rdm|packet))?(\s+tcp|\s+udp|\s+icmp)?\s*,(\s*»$|(\s*#.*$)\@=)/
>> contains=sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
>> " network rules containing 'raw'
>> syn match  sdNetworkDanger        
>> /\v^\s*(audit\s+)?(deny\s+)?network(\s+(/bin/sh:|ax25|ipx|appletalk|netrom|bridge|atmpvc|x25|inet6|rose|netbeui|security|key|packet|ash|econe»t|atmsvc|rds|sna|irda|pppox|wanpipe|llc|can|tipc|bluetooth|iucv|rxrpc|isdn|phonet|ieee802154|caif|alg|nfc))?(\s+(raw))(\s+tcp|\s+udp|\s+icmp)?\s*,(\s*$|(\s*#.*$)\@=)/
>> contains»=sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
>>
>> (notice the "/bin/sh:" in the sdNetwork and sdNetworkDanger line)
>>
>> Can someone please add a check in the build process that errors out if
>> /bin/awk is not available?
>>
>> I'm attaching the build log for reference so that you can check the details.
>>
> 
> Alright the following patch seems to work for me
> 
I forgot to mention I am nominating this for 2.8



More information about the AppArmor mailing list