[apparmor] Using @{multiarch} in profile name
John Johansen
john.johansen at canonical.com
Mon Jun 8 01:55:39 UTC 2015
On 06/07/2015 06:45 PM, John Johansen wrote:
> On 06/07/2015 05:25 PM, Cameron Norman wrote:
>> Hello,
>>
>> I recently hit an issue where I wanted a profile that matched
>>
>> /usr/lib/@{multiarch}/bamf/bamfdaemon
>>
>> When I tried to use that as the profile name the parser spit this out:
>>
>> apparmor_parser: Regex grouping error: Invalid number of items between {}
>> apparmor_parser: Unable to parse input line
>> '/usr/lib/@{multiarch}/bamf/bamfdaemon'
>> apparmor_parser: Invalid profile name
>> '/usr/lib/@{multiarch}/bamf/bamfdaemon' - bad regular expression
>> ERROR processing regexs for profile
>> /usr/lib/@{multiarch}/bamf/bamfdaemon, failed to load
>>
>> Is this supposed to be supported? I do have tunables/global included
>> before this profile definition, btw.
>>
>
> which version of the apparmor_parser do you have? Use apparmor_parser -V
>
> I know initially variables in profile names where not supported but I
> thought that had been fixed. That said I can replicate this locally. The
> use of variables within profile names should be supported, but it does
> appear to be broken atm.
>
> I will see if I can't get a fix out asap
>
>
So it appears this was never added :(
I am working on a patch but I have a question around how we want the
profile name to appear.
If we have
@{B}=C
/A@{B}
should this show up in profile listings as
/AC
or
/A@{B}
my inclination is towards /AC but I would like other peoples input
More information about the AppArmor
mailing list