[apparmor] WTF changed in latest aa-enforce?!
Seth Arnold
seth.arnold at canonical.com
Wed Aug 13 22:02:06 UTC 2014
On Wed, Aug 13, 2014 at 01:54:30PM +0200, Christian Boltz wrote:
> > apparmor.common.AppArmorException: "Syntax Error: Missing '}' .
> > Reached end of file /etc/apparmor.d/usr.sbin.nginx while inside
> > profile /usr/sbin/nginx"
>
> The error message is misleading - you have a syntax error in the line
> above the }
>
> > /usr/sbin/nginx {
> [...]
> > /var/lib/nginx/fastcgi/{**,} mrw,
> > /var/log/nginx/{*,} w
> > }
Nice catch, proving once again that tools are nicer than eyes -- I looked
for that exact type of error and still missed it.
Anyway, here's a proposed patch to ensure that the {**,} and {,**} regexs
are being properly parsed by the Python tools:
=== modified file 'utils/test/regex_tests.ini'
--- utils/test/regex_tests.ini 2014-07-28 18:16:04 +0000
+++ utils/test/regex_tests.ini 2014-08-13 22:00:21 +0000
@@ -64,3 +64,18 @@
/*.jpg = False
/foo/*.bar = False
+[/foo/{**,}]
+ /foo/ = True
+ /foo/bar = True
+ /foo/bar/ = True
+ /foo/bar/baz = True
+ /foo/bar/baz/ = True
+ /bar/ = False
+
+[/foo/{,**}]
+ /foo/ = True
+ /foo/bar = True
+ /foo/bar/ = True
+ /foo/bar/baz = True
+ /foo/bar/baz/ = True
+ /bar/ = False
Signed-off-by: Seth Arnold <seth.arnold at canonical.com>
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140813/5e6ed4cc/attachment.pgp>
More information about the AppArmor
mailing list