[apparmor] variables in link rules
Simon Deziel
simon.deziel at gmail.com
Mon Sep 15 15:35:07 UTC 2014
On 09/12/2014 09:13 PM, John Johansen wrote:
> On 09/12/2014 05:22 PM, Simon Deziel wrote:
>> Hi everyone,
>>
>> I'm playing with a profile and noticed the parser doesn't seem to like
>> variables on the right hand side of link rules.
>>
>> Here's an extract of the profile in question:
>>
>>> @{GITOLITE_HOME}=/home/git
>>> /home/git/gitolite/src/gitolite-shell {
>>> ...
>>> # works:
>>> link /home/git/repositories/** -> /home/git/repositories/**,
>>> link @{GITOLITE_HOME}/repositories/** -> /home/git/repositories/**,
>>> # doesn't work:
>>> link @{GITOLITE_HOME}/repositories/** -> @{GITOLITE_HOME}/repositories/**,
>>> link /home/git/repositories/** -> @{GITOLITE_HOME}/repositories/**,
>>> ...
>>> }
>>
>>
>> When the variable is on the right hand side, I get this error:
>>
>> # apparmor_parser -r -T -W /etc/apparmor.d/gitolite-shell && tail -f
>> /var/log/syslog
>> apparmor_parser: Regex grouping error: Invalid number of items between {}
>> apparmor_parser: Unable to parse input line
>> '@{GITOLITE_HOME}/repositories/**'
>> ERROR processing regexs for profile
>> /home/git/gitolite/src/gitolite-shell, failed to load
>> *** Error in `apparmor_parser': free(): invalid pointer:
>> 0x00000000006d0720 ***
>> Aborted
>>
>> Replacing the "->" by "to" doesn't help:
>>
>> AppArmor parser error for gitolite-shell in gitolite-shell at line 25:
>> syntax error, unexpected TOK_ID, expecting TOK_ARROW
>>
>>
>> Am I missing something to please the parser?
>>
> no I can replicate, so it looks like a bug. I'll poke at it tonight
Thanks John. Let me know if you'd like me to open a LP bug for this.
Regards,
Simon
More information about the AppArmor
mailing list