[apparmor] [patch 19/26] fix: the what conditional names can be a condlistid
Seth Arnold
seth.arnold at canonical.com
Fri Apr 18 23:57:08 UTC 2014
On Tue, Apr 15, 2014 at 10:22:26AM -0700, john.johansen at canonical.com wrote:
> The match
> {VARIABLE_NAME}/{WS}*={WS}*\(
>
> is too broad causing mount and dbus rules to fail for sets of values eg.
>
> mount options=(ro bind)
>
> Instead of doing a broad match, for now lets lock it down to just
> peer=(...) being the only cond that can cause entry into CONDLISTID
>
> Signed-off-by: John Johansen <john.johansen at canonical.com>
Acked-by: Seth Arnold <seth.arnold at canonical.com>
Thanks
> ---
> parser/parser_lex.l | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> --- 2.9-test.orig/parser/parser_lex.l
> +++ 2.9-test/parser/parser_lex.l
> @@ -295,7 +295,7 @@
> }
>
> <INITIAL,MOUNT_MODE,DBUS_MODE,SIGNAL_MODE>{
> - {VARIABLE_NAME}/{WS}*={WS}*\( {
> + peer/{WS}*={WS}*\( {
> /* we match to the = in the lexer so that we can switch scanner
> * state. By the time the parser see the = it may be too late
> * as bison may have requested the next token from the scanner
>
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140418/1cd21996/attachment-0001.pgp>
More information about the AppArmor
mailing list