[apparmor] Combining Variables and Whitespace in AppArmor
John Johansen
john.johansen at canonical.com
Wed Jun 25 19:11:02 UTC 2014
On 06/24/2014 07:14 AM, sepero111 at gmx.com wrote:
> I can't seem to get apparmor to accept combinations of variables and whitespace. Examples
>
which version of the apparmor_parser?
apparmor_parser -V
> owner "@{HOME}/my dir/" r,
this should work, however there is a BIG caveat here with a bug in variable expansion.
IF the expansion of the variable has a trailing / and the post to the variable starts with a
/ (the situation here), then it results in a // that doesn't seem to be properly eliminated
in some parsers.
ie. if
@{HOME}=/home/
your rule would expand to
"/home//my dir" r,
and the // is not getting eliminated, or at least that is the case with the parser I just
tested. This should work, I'm looking into it
The workaround would be to just use
"@{HOME}my dir/" r,
> owner @{HOME}"/my dir/" r,
this won't work
> owner @{HOME}/my\ dir/ r,
hrmm this should work as well, except it seems to be throwing an error for me. I'll have to
dig into the bug
>
> Is there a way to make it work, or must I use the primitive version? owner "/home/*/my dir/"
>
>
More information about the AppArmor
mailing list