[apparmor] WTF changed in latest aa-enforce?!
Christian Boltz
apparmor at cboltz.de
Thu Aug 14 07:51:20 UTC 2014
Hello,
Am Mittwoch, 13. August 2014 schrieb Seth Arnold:
> On Wed, Aug 13, 2014 at 01:54:30PM +0200, Christian Boltz wrote:
> > > apparmor.common.AppArmorException: "Syntax Error: Missing '}' .
> > > Reached end of file /etc/apparmor.d/usr.sbin.nginx while inside
> > > profile /usr/sbin/nginx"
> >
> > The error message is misleading - you have a syntax error in the
> > line
> > above the }
> >
> > > /usr/sbin/nginx {
> >
> > [...]
> >
> > > /var/lib/nginx/fastcgi/{**,} mrw,
> > > /var/log/nginx/{*,} w
> > >
> > > }
>
> Nice catch, proving once again that tools are nicer than eyes -- I
> looked for that exact type of error and still missed it.
Pasting the profile into vi (with apparmor.vim) often helps ;-)
> Anyway, here's a proposed patch to ensure that the {**,} and {,**}
> regexs are being properly parsed by the Python tools:
>
> === modified file 'utils/test/regex_tests.ini'
> --- utils/test/regex_tests.ini 2014-07-28 18:16:04 +0000
> +++ utils/test/regex_tests.ini 2014-08-13 22:00:21 +0000
> @@ -64,3 +64,18 @@
> /*.jpg = False
> /foo/*.bar = False
>
> +[/foo/{**,}]
> + /foo/ = True
> + /foo/bar = True
> + /foo/bar/ = True
> + /foo/bar/baz = True
> + /foo/bar/baz/ = True
> + /bar/ = False
> +
> +[/foo/{,**}]
> + /foo/ = True
> + /foo/bar = True
> + /foo/bar/ = True
> + /foo/bar/baz = True
> + /foo/bar/baz/ = True
> + /bar/ = False
>
> Signed-off-by: Seth Arnold <seth.arnold at canonical.com>
Acked-by: Christian Boltz <apparmor at cboltz.de>
Regards,
Christian Boltz
--
...von den vier Mitgliedern der "Nimbus Monospaced(!)"-Familie ist
angeblich nur die Regular Monospaced - die anderen sind... nun ja...
proportional, nur eben alle gleich proportional. =%-)
[Ratti in fontlinge-devel nach Auslesen der "monospaced"-Infos]
More information about the AppArmor
mailing list