[apparmor] [patch] Fix serialize_profile_from_old_profiles() to not crash on "@{var} +="
Christian Boltz
apparmor at cboltz.de
Sun Apr 19 22:51:16 UTC 2015
Hello,
Am Mittwoch, 15. April 2015 schrieb Steve Beattie:
> FYI, even with this patch and patch 33 applied, the tools will still
> crash when parsing a profile that extends an existing variable that's
> defined in an include file (like something under tunables/) like so:
>
> # Last Modified: Wed Apr 15 10:06:49 2015
> #include <tunables/global>
>
> @{MY_BINS}=/bin/false
> @{MY_BINS}+=/bin/true
> @{HOMEDIRS}+=/data/home
>
> /home/ubuntu/tmp/hello_world.sh {
> ...
> apparmor.common.AppArmorException: u'Values added to a non-existing
> variable @{HOMEDIRS}: /data/home in
> /etc/apparmor.d/home.ubuntu.tmp.hello_world.sh'
Sounds like https://bugs.launchpad.net/apparmor/+bug/1331856 - which has
a patch attached, but I have to admit that I didn't test it yet.
Also, I'm not sure if it is the way to go - I tend to prefer to store
variables as var_set (=) and var_add (+=) so that we don't need to re-
parse the includes for each profile. Nevertheless the patch is probably
a good starting point.
Regards,
Christian Boltz
--
> This will be the Chinese year of the Snake so the next release should
> be called Anaconda. Period. No discussion, no arguments.
Using a name of South America species because there is a Year of Snake
in China? This is what people called "globalization", isn't it ;-)
[> Basil Chupin and Michal Vyskocil in opensuse-factory]
More information about the AppArmor
mailing list