[apparmor] [patch] fix aa-complain to work with quoted profile names

Christian Boltz apparmor at cboltz.de
Tue Jun 10 22:11:29 UTC 2014


the attached patch fixes a crash in aa-complain when a profile name is 
quoted. It also makes sure aa-complain actually adds the complain flag 
in such cases. (aa-enforce etc. will also benefit from this fix.)

Note: superfluous quotes will be removed when saving the profile (for 
example with aa-cleanprof), but they are kept if needed, like in
    profile "/bin/foo bar"
(tested with aa-complain and aa-cleanprof - and also with "rcapparmor 
reload", where the initscript bailed out because my profile filename 
contained a space...)

The patch also adds some TODO notes.

References: https://bugs.launchpad.net/apparmor/+bug/1296218

There are other regexes that handle quotes: 
They probably also need to be changed to work with quotes (can someone 
test them, please?), but that can be a separate patch.

I also noticed that aa-cleanprof (and therefore probably all python 
tools) adds additional quotes in file rules, so
  "/bin/foo bar" mrix,
  ""/bin/foo bar"" mrix,
and in the next run
  """/bin/foo bar""" mrix,

One more patch to write...


Christian Boltz
Christian Boltz
expensive DVD player
