[apparmor] [patch 19/26] fix: the what conditional names can be a condlistid
john.johansen at canonical.com
john.johansen at canonical.com
Tue Apr 15 17:22:26 UTC 2014
The match
{VARIABLE_NAME}/{WS}*={WS}*\(
is too broad causing mount and dbus rules to fail for sets of values eg.
mount options=(ro bind)
Instead of doing a broad match, for now lets lock it down to just
peer=(...) being the only cond that can cause entry into CONDLISTID
Signed-off-by: John Johansen <john.johansen at canonical.com>
---
parser/parser_lex.l | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- 2.9-test.orig/parser/parser_lex.l
+++ 2.9-test/parser/parser_lex.l
@@ -295,7 +295,7 @@
}
<INITIAL,MOUNT_MODE,DBUS_MODE,SIGNAL_MODE>{
- {VARIABLE_NAME}/{WS}*={WS}*\( {
+ peer/{WS}*={WS}*\( {
/* we match to the = in the lexer so that we can switch scanner
* state. By the time the parser see the = it may be too late
* as bison may have requested the next token from the scanner
More information about the AppArmor
mailing list