[apparmor] Combining Variables and Whitespace in AppArmor

[sepero111 at gmx.com]

Apologies for the late reply, John. Also, thanks for the tips. I must have made
a syntax error somewhere, because now it seems to be working fine as you
suggested, like so:

     owner "@{HOME}/my dir/" r,

Though, I don't know why the backslash version doesn't work:

     @{HOME}/my\ dir/

I will just use the quoted version for my use. I'm on Ubuntu 14.04.

     $ apparmor_parser -V
     AppArmor parser version 2.8.95
     Copyright (C) 1999-2008 Novell Inc.
     Copyright 2009-2012 Canonical Ltd.



On 06/25/2014 03:11 PM, John Johansen wrote:
> On 06/24/2014 07:14 AM, sepero111 at gmx.com wrote:
>> I can't seem to get apparmor to accept combinations of variables and whitespace. Examples
>>
> which version of the apparmor_parser?
>   apparmor_parser -V
>
>
>> owner "@{HOME}/my dir/" r,
> this should work, however there is a BIG caveat here with a bug in variable expansion.
> IF the expansion of the variable has a trailing / and the post to the variable starts with a
> / (the situation here), then it results in a // that doesn't seem to be properly eliminated
> in some parsers.
> ie. if
>    @{HOME}=/home/
> your rule would expand to
>    "/home//my dir" r,
> and the // is not getting eliminated, or at least that is the case with the parser I just
> tested. This should work, I'm looking into it
>
> The workaround would be to just use
>    "@{HOME}my dir/" r,
>
>> owner @{HOME}"/my dir/" r,
> this won't work
>
>> owner @{HOME}/my\ dir/ r,
> hrmm this should work as well, except it seems to be throwing an error for me. I'll have to
> dig into the bug
>
>
>> Is there a way to make it work, or must I use the primitive version? owner "/home/*/my dir/"
>>
>>