[apparmor] Using @{multiarch} in profile name
John Johansen
john.johansen at canonical.com
Mon Jun 8 01:45:22 UTC 2015
On 06/07/2015 05:25 PM, Cameron Norman wrote:
> Hello,
>
> I recently hit an issue where I wanted a profile that matched
>
> /usr/lib/@{multiarch}/bamf/bamfdaemon
>
> When I tried to use that as the profile name the parser spit this out:
>
> apparmor_parser: Regex grouping error: Invalid number of items between {}
> apparmor_parser: Unable to parse input line
> '/usr/lib/@{multiarch}/bamf/bamfdaemon'
> apparmor_parser: Invalid profile name
> '/usr/lib/@{multiarch}/bamf/bamfdaemon' - bad regular expression
> ERROR processing regexs for profile
> /usr/lib/@{multiarch}/bamf/bamfdaemon, failed to load
>
> Is this supposed to be supported? I do have tunables/global included
> before this profile definition, btw.
>
which version of the apparmor_parser do you have? Use apparmor_parser -V
I know initially variables in profile names where not supported but I
thought that had been fixed. That said I can replicate this locally. The
use of variables within profile names should be supported, but it does
appear to be broken atm.
I will see if I can't get a fix out asap
More information about the AppArmor
mailing list