[apparmor] WTF changed in latest aa-enforce?!

Christian Boltz apparmor at cboltz.de
Thu Aug 14 07:51:20 UTC 2014


Hello,

Am Mittwoch, 13. August 2014 schrieb Seth Arnold:
> On Wed, Aug 13, 2014 at 01:54:30PM +0200, Christian Boltz wrote:
> > > apparmor.common.AppArmorException: "Syntax Error: Missing '}' .
> > > Reached end of file /etc/apparmor.d/usr.sbin.nginx  while inside
> > > profile /usr/sbin/nginx"
> > 
> > The error message is misleading - you have a syntax error in the
> > line
> > above the   }
> > 
> > > /usr/sbin/nginx {
> > 
> > [...]
> > 
> > >   /var/lib/nginx/fastcgi/{**,} mrw,
> > >   /var/log/nginx/{*,} w
> > > 
> > > }
> 
> Nice catch, proving once again that tools are nicer than eyes -- I
> looked for that exact type of error and still missed it.

Pasting the profile into vi (with apparmor.vim) often helps ;-)

> Anyway, here's a proposed patch to ensure that the {**,} and {,**}
> regexs are being properly parsed by the Python tools:
> 
> === modified file 'utils/test/regex_tests.ini'
> --- utils/test/regex_tests.ini	2014-07-28 18:16:04 +0000
> +++ utils/test/regex_tests.ini	2014-08-13 22:00:21 +0000
> @@ -64,3 +64,18 @@
>  	/*.jpg = False
>  	/foo/*.bar = False
> 
> +[/foo/{**,}]
> +	/foo/ = True
> +	/foo/bar = True
> +	/foo/bar/ = True
> +	/foo/bar/baz = True
> +	/foo/bar/baz/ = True
> +	/bar/ = False
> +
> +[/foo/{,**}]
> +	/foo/ = True
> +	/foo/bar = True
> +	/foo/bar/ = True
> +	/foo/bar/baz = True
> +	/foo/bar/baz/ = True
> +	/bar/ = False
> 
> Signed-off-by: Seth Arnold <seth.arnold at canonical.com>

Acked-by: Christian Boltz <apparmor at cboltz.de>


Regards,

Christian Boltz
-- 
...von den vier Mitgliedern der "Nimbus Monospaced(!)"-Familie ist
angeblich nur die Regular Monospaced - die anderen sind... nun ja...
proportional, nur eben alle gleich proportional. =%-)
[Ratti in fontlinge-devel nach Auslesen der "monospaced"-Infos]




More information about the AppArmor mailing list