[apparmor] variables in link rules
John Johansen
john.johansen at canonical.com
Sat Sep 13 01:13:42 UTC 2014
On 09/12/2014 05:22 PM, Simon Deziel wrote:
> Hi everyone,
>
> I'm playing with a profile and noticed the parser doesn't seem to like
> variables on the right hand side of link rules.
>
> Here's an extract of the profile in question:
>
>> @{GITOLITE_HOME}=/home/git
>> /home/git/gitolite/src/gitolite-shell {
>> ...
>> # works:
>> link /home/git/repositories/** -> /home/git/repositories/**,
>> link @{GITOLITE_HOME}/repositories/** -> /home/git/repositories/**,
>> # doesn't work:
>> link @{GITOLITE_HOME}/repositories/** -> @{GITOLITE_HOME}/repositories/**,
>> link /home/git/repositories/** -> @{GITOLITE_HOME}/repositories/**,
>> ...
>> }
>
>
> When the variable is on the right hand side, I get this error:
>
> # apparmor_parser -r -T -W /etc/apparmor.d/gitolite-shell && tail -f
> /var/log/syslog
> apparmor_parser: Regex grouping error: Invalid number of items between {}
> apparmor_parser: Unable to parse input line
> '@{GITOLITE_HOME}/repositories/**'
> ERROR processing regexs for profile
> /home/git/gitolite/src/gitolite-shell, failed to load
> *** Error in `apparmor_parser': free(): invalid pointer:
> 0x00000000006d0720 ***
> Aborted
>
> Replacing the "->" by "to" doesn't help:
>
> AppArmor parser error for gitolite-shell in gitolite-shell at line 25:
> syntax error, unexpected TOK_ID, expecting TOK_ARROW
>
>
> Am I missing something to please the parser?
>
no I can replicate, so it looks like a bug. I'll poke at it tonight
More information about the AppArmor
mailing list