[apparmor] [PATCH 1/3] Add support for variable expansion in profile names, and attachments

John Johansen john.johansen at canonical.com
Wed Jun 17 11:21:11 UTC 2015


allow
  @{FOO}=bar
  /foo@{FOO} { }

to be expanded into
  /foobar { }

and
  @{FOO}=bar baz
  /foo@{FOO} { }

to be expanded into
  /foo{bar,baz} { }
which is used as a regular expression for attachment purposes

Further allow variable expansion in attachment specifications
  profile foo /foo@{FOO} { }

profile name (if begun with profile keyword) and attachments to begin
with a variable
  profile @{FOO} { }
  profile /foo @{FOO} { }
  profile @{FOO} @{BAR} {}

hats
  ^@{FOO}
  hat @{FOO}

and for subprofiles as well

Signed-off-by: John Johansen <john.johansen at canonical.com>
---
 parser/parser_variable.c                              | 19 ++++++++++++++++++-
 parser/parser_yacc.y                                  | 13 +++++++------
 parser/tst/simple_tests/vars/vars_profile_name_01.sd  |  8 ++++++++
 parser/tst/simple_tests/vars/vars_profile_name_02.sd  |  8 ++++++++
 parser/tst/simple_tests/vars/vars_profile_name_03.sd  |  8 ++++++++
 parser/tst/simple_tests/vars/vars_profile_name_04.sd  |  8 ++++++++
 parser/tst/simple_tests/vars/vars_profile_name_05.sd  |  8 ++++++++
 parser/tst/simple_tests/vars/vars_profile_name_06.sd  |  8 ++++++++
 parser/tst/simple_tests/vars/vars_profile_name_07.sd  | 10 ++++++++++
 parser/tst/simple_tests/vars/vars_profile_name_08.sd  | 10 ++++++++++
 parser/tst/simple_tests/vars/vars_profile_name_09.sd  |  9 +++++++++
 parser/tst/simple_tests/vars/vars_profile_name_10.sd  |  9 +++++++++
 parser/tst/simple_tests/vars/vars_profile_name_11.sd  |  9 +++++++++
 parser/tst/simple_tests/vars/vars_profile_name_12.sd  | 11 +++++++++++
 parser/tst/simple_tests/vars/vars_profile_name_13.sd  | 11 +++++++++++
 parser/tst/simple_tests/vars/vars_profile_name_14.sd  | 11 +++++++++++
 parser/tst/simple_tests/vars/vars_profile_name_15.sd  | 11 +++++++++++
 parser/tst/simple_tests/vars/vars_profile_name_16.sd  |  8 ++++++++
 parser/tst/simple_tests/vars/vars_profile_name_17.sd  |  8 ++++++++
 parser/tst/simple_tests/vars/vars_profile_name_18.sd  |  8 ++++++++
 parser/tst/simple_tests/vars/vars_profile_name_19.sd  |  8 ++++++++
 parser/tst/simple_tests/vars/vars_profile_name_20.sd  |  8 ++++++++
 parser/tst/simple_tests/vars/vars_profile_name_21.sd  |  8 ++++++++
 parser/tst/simple_tests/vars/vars_profile_name_22.sd  | 10 ++++++++++
 parser/tst/simple_tests/vars/vars_profile_name_23.sd  |  7 +++++++
 parser/tst/simple_tests/vars/vars_profile_name_24.sd  |  8 ++++++++
 parser/tst/simple_tests/vars/vars_profile_name_25.sd  | 10 ++++++++++
 parser/tst/simple_tests/vars/vars_profile_name_26.sd  | 10 ++++++++++
 .../tst/simple_tests/vars/vars_profile_name_bad_1.sd  |  8 ++++++++
 .../tst/simple_tests/vars/vars_profile_name_bad_2.sd  |  6 ++++++
 30 files changed, 271 insertions(+), 7 deletions(-)
 create mode 100644 parser/tst/simple_tests/vars/vars_profile_name_01.sd
 create mode 100644 parser/tst/simple_tests/vars/vars_profile_name_02.sd
 create mode 100644 parser/tst/simple_tests/vars/vars_profile_name_03.sd
 create mode 100644 parser/tst/simple_tests/vars/vars_profile_name_04.sd
 create mode 100644 parser/tst/simple_tests/vars/vars_profile_name_05.sd
 create mode 100644 parser/tst/simple_tests/vars/vars_profile_name_06.sd
 create mode 100644 parser/tst/simple_tests/vars/vars_profile_name_07.sd
 create mode 100644 parser/tst/simple_tests/vars/vars_profile_name_08.sd
 create mode 100644 parser/tst/simple_tests/vars/vars_profile_name_09.sd
 create mode 100644 parser/tst/simple_tests/vars/vars_profile_name_10.sd
 create mode 100644 parser/tst/simple_tests/vars/vars_profile_name_11.sd
 create mode 100644 parser/tst/simple_tests/vars/vars_profile_name_12.sd
 create mode 100644 parser/tst/simple_tests/vars/vars_profile_name_13.sd
 create mode 100644 parser/tst/simple_tests/vars/vars_profile_name_14.sd
 create mode 100644 parser/tst/simple_tests/vars/vars_profile_name_15.sd
 create mode 100644 parser/tst/simple_tests/vars/vars_profile_name_16.sd
 create mode 100644 parser/tst/simple_tests/vars/vars_profile_name_17.sd
 create mode 100644 parser/tst/simple_tests/vars/vars_profile_name_18.sd
 create mode 100644 parser/tst/simple_tests/vars/vars_profile_name_19.sd
 create mode 100644 parser/tst/simple_tests/vars/vars_profile_name_20.sd
 create mode 100644 parser/tst/simple_tests/vars/vars_profile_name_21.sd
 create mode 100644 parser/tst/simple_tests/vars/vars_profile_name_22.sd
 create mode 100644 parser/tst/simple_tests/vars/vars_profile_name_23.sd
 create mode 100644 parser/tst/simple_tests/vars/vars_profile_name_24.sd
 create mode 100644 parser/tst/simple_tests/vars/vars_profile_name_25.sd
 create mode 100644 parser/tst/simple_tests/vars/vars_profile_name_26.sd
 create mode 100644 parser/tst/simple_tests/vars/vars_profile_name_bad_1.sd
 create mode 100644 parser/tst/simple_tests/vars/vars_profile_name_bad_2.sd

diff --git a/parser/parser_variable.c b/parser/parser_variable.c
index ac334dc..7250c0b 100644
--- a/parser/parser_variable.c
+++ b/parser/parser_variable.c
@@ -275,12 +275,29 @@ static int process_variables_in_rules(Profile &prof)
 	return 0;
 }
 
+static int process_variables_in_name(Profile &prof)
+{
+	/* this needs to be done before alias expansion, ie. altnames are
+	 * setup
+	 */
+	int error = expand_entry_variables(&prof.name);
+	if (!error && prof.attachment)
+		error = expand_entry_variables(&prof.attachment);
+
+	return error;
+}
 
 int process_profile_variables(Profile *prof)
 {
 	int error = 0, rc;
 
-	error = new_set_var(PROFILE_NAME_VARIABLE, prof->get_name(true).c_str());
+	/* needs to be before PROFILE_NAME_VARIABLE so that variable will
+	 * have the correct name
+	 */
+	error = process_variables_in_name(*prof);
+
+	if (!error)
+		error = new_set_var(PROFILE_NAME_VARIABLE, prof->get_name(true).c_str());
 
 	if (!error)
 		error = process_variables_in_entries(prof->entries);
diff --git a/parser/parser_yacc.y b/parser/parser_yacc.y
index b3083d5..d529e97 100644
--- a/parser/parser_yacc.y
+++ b/parser/parser_yacc.y
@@ -252,6 +252,7 @@ void add_local_entry(Profile *prof);
 %type <val_list> valuelist
 %type <boolean> expr
 %type <id>	id_or_var
+%type <id>	opt_id_or_var
 %type <boolean> opt_subset_flag
 %type <boolean> opt_audit_flag
 %type <boolean> opt_owner_flag
@@ -307,7 +308,10 @@ opt_ns: { /* nothing */ $$ = NULL; }
 opt_id: { /* nothing */ $$ = NULL; }
 	| TOK_ID { $$ = $1; }
 
-profile_base: TOK_ID opt_id flags TOK_OPEN rules TOK_CLOSE
+opt_id_or_var: { /* nothing */ $$ = NULL; }
+	| id_or_var { $$ = $1; }
+
+profile_base: TOK_ID opt_id_or_var flags TOK_OPEN rules TOK_CLOSE
 	{
 		Profile *prof = $5;
 
@@ -317,11 +321,8 @@ profile_base: TOK_ID opt_id flags TOK_OPEN rules TOK_CLOSE
 
 		prof->name = $1;
 		prof->attachment = $2;
-		if ($2 && $2[0] != '/')
-			/* we don't support variables as part of the profile
-			 * name or attachment atm
-			 */
-			yyerror(_("Profile attachment must begin with a '/'."));
+		if ($2 && !($2[0] == '/' || strncmp($2, "@{", 2) == 0))
+			yyerror(_("Profile attachment must begin with a '/' or variable."));
 		prof->flags = $3;
 		if (force_complain && kernel_abi_version == 5)
 			/* newer abis encode force complain as part of the
diff --git a/parser/tst/simple_tests/vars/vars_profile_name_01.sd b/parser/tst/simple_tests/vars/vars_profile_name_01.sd
new file mode 100644
index 0000000..a83c2e7
--- /dev/null
+++ b/parser/tst/simple_tests/vars/vars_profile_name_01.sd
@@ -0,0 +1,8 @@
+#=DESCRIPTION reference variables in rules that also have alternations
+#=EXRESULT PASS
+
+@{FOO}=bar
+
+/does/not/exist@{FOO} {
+  /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/vars/vars_profile_name_02.sd b/parser/tst/simple_tests/vars/vars_profile_name_02.sd
new file mode 100644
index 0000000..672af43
--- /dev/null
+++ b/parser/tst/simple_tests/vars/vars_profile_name_02.sd
@@ -0,0 +1,8 @@
+#=DESCRIPTION reference variables in rules that also have alternations
+#=EXRESULT PASS
+
+@{FOO}=bar baz
+
+/does/not/exist@{FOO} {
+  /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/vars/vars_profile_name_03.sd b/parser/tst/simple_tests/vars/vars_profile_name_03.sd
new file mode 100644
index 0000000..23037c8
--- /dev/null
+++ b/parser/tst/simple_tests/vars/vars_profile_name_03.sd
@@ -0,0 +1,8 @@
+#=DESCRIPTION profiles declared with the profile keyword can begin with var
+#=EXRESULT PASS
+
+@{FOO}=bar
+
+profile @{FOO} {
+  /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/vars/vars_profile_name_04.sd b/parser/tst/simple_tests/vars/vars_profile_name_04.sd
new file mode 100644
index 0000000..3224759
--- /dev/null
+++ b/parser/tst/simple_tests/vars/vars_profile_name_04.sd
@@ -0,0 +1,8 @@
+#=DESCRIPTION profiles declared with the profile keyword can begin with var
+#=EXRESULT PASS
+
+@{FOO}=bar baz
+
+profile @{FOO} {
+  /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/vars/vars_profile_name_05.sd b/parser/tst/simple_tests/vars/vars_profile_name_05.sd
new file mode 100644
index 0000000..1fc0758
--- /dev/null
+++ b/parser/tst/simple_tests/vars/vars_profile_name_05.sd
@@ -0,0 +1,8 @@
+#=DESCRIPTION reference variables in rules that also have alternations
+#=EXRESULT PASS
+
+@{FOO}=bar
+
+profile /does/not /exist{@{FOO},} {
+  /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/vars/vars_profile_name_06.sd b/parser/tst/simple_tests/vars/vars_profile_name_06.sd
new file mode 100644
index 0000000..b051c24
--- /dev/null
+++ b/parser/tst/simple_tests/vars/vars_profile_name_06.sd
@@ -0,0 +1,8 @@
+#=DESCRIPTION reference variables in rules that also have alternations
+#=EXRESULT PASS
+
+@{FOO}=bar baz
+
+profile /does/not /exist@{FOO} {
+  /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/vars/vars_profile_name_07.sd b/parser/tst/simple_tests/vars/vars_profile_name_07.sd
new file mode 100644
index 0000000..6ec43e5
--- /dev/null
+++ b/parser/tst/simple_tests/vars/vars_profile_name_07.sd
@@ -0,0 +1,10 @@
+#=DESCRIPTION profiles declared with the profile keyword can begin with var
+#=EXRESULT FAIL
+#=TODO
+# This test needs check on @{FOO} attachment having leading / post var expansion
+
+@{FOO}=bar
+
+profile /does/not/exist @{FOO} {
+  /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/vars/vars_profile_name_08.sd b/parser/tst/simple_tests/vars/vars_profile_name_08.sd
new file mode 100644
index 0000000..99dfd56
--- /dev/null
+++ b/parser/tst/simple_tests/vars/vars_profile_name_08.sd
@@ -0,0 +1,10 @@
+#=DESCRIPTION profiles declared with the profile keyword can begin with var
+#=EXRESULT FAIL
+#=TODO
+# This test needs check on @{FOO} attachment having leading / post var expansion
+
+@{FOO}=bar baz
+
+profile /does/not/exist @{FOO} {
+  /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/vars/vars_profile_name_09.sd b/parser/tst/simple_tests/vars/vars_profile_name_09.sd
new file mode 100644
index 0000000..48c11bf
--- /dev/null
+++ b/parser/tst/simple_tests/vars/vars_profile_name_09.sd
@@ -0,0 +1,9 @@
+#=DESCRIPTION reference variables in rules that also have alternations
+#=EXRESULT PASS
+
+@{FOO}=bar
+@{BAR}=baz
+
+profile /does/not@{BAR} /exist@{FOO} {
+  /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/vars/vars_profile_name_10.sd b/parser/tst/simple_tests/vars/vars_profile_name_10.sd
new file mode 100644
index 0000000..e6a574f
--- /dev/null
+++ b/parser/tst/simple_tests/vars/vars_profile_name_10.sd
@@ -0,0 +1,9 @@
+#=DESCRIPTION reference variables in rules that also have alternations
+#=EXRESULT PASS
+
+@{FOO}=bar baz
+@{BAR}=baz
+
+profile /does/not@{BAR} /exist@{FOO} {
+  /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/vars/vars_profile_name_11.sd b/parser/tst/simple_tests/vars/vars_profile_name_11.sd
new file mode 100644
index 0000000..ed007f5
--- /dev/null
+++ b/parser/tst/simple_tests/vars/vars_profile_name_11.sd
@@ -0,0 +1,9 @@
+#=DESCRIPTION profiles declared with the profile keyword have var and var attachment
+#=EXRESULT PASS
+
+@{FOO}=/bar /baz
+@{BAR}=baz foo
+
+profile /does/not/exist@{BAR} @{FOO} {
+  /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/vars/vars_profile_name_12.sd b/parser/tst/simple_tests/vars/vars_profile_name_12.sd
new file mode 100644
index 0000000..8e3a405
--- /dev/null
+++ b/parser/tst/simple_tests/vars/vars_profile_name_12.sd
@@ -0,0 +1,11 @@
+#=DESCRIPTION profiles declared with the profile keyword can expand var and have var attachment
+#=EXRESULT FAIL
+#=TODO
+# This test needs check on @{FOO} attachment having leading / post var expansion
+
+@{FOO}=bar baz
+@{BAR}=baz foo
+
+profile /does/not/exist@{BAR} @{FOO} {
+  /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/vars/vars_profile_name_13.sd b/parser/tst/simple_tests/vars/vars_profile_name_13.sd
new file mode 100644
index 0000000..9c91f6e
--- /dev/null
+++ b/parser/tst/simple_tests/vars/vars_profile_name_13.sd
@@ -0,0 +1,11 @@
+#=DESCRIPTION reference variables in rules that also have alternations
+#=EXRESULT FAIL
+#=TODO
+# This test needs check on @{FOO} attachment having leading / post var expansion
+
+@{FOO}=bar
+@{BAR}=baz
+
+profile @{BAR} @{FOO} {
+  /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/vars/vars_profile_name_14.sd b/parser/tst/simple_tests/vars/vars_profile_name_14.sd
new file mode 100644
index 0000000..feffe81
--- /dev/null
+++ b/parser/tst/simple_tests/vars/vars_profile_name_14.sd
@@ -0,0 +1,11 @@
+#=DESCRIPTION reference variables in rules that also have alternations
+#=EXRESULT PASS
+#=TODO
+# This test needs check on @{FOO} attachment having leading / post var expansion
+
+@{FOO}=/bar /baz
+@{BAR}=baz
+
+profile @{BAR} @{FOO} {
+  /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/vars/vars_profile_name_15.sd b/parser/tst/simple_tests/vars/vars_profile_name_15.sd
new file mode 100644
index 0000000..37aa388
--- /dev/null
+++ b/parser/tst/simple_tests/vars/vars_profile_name_15.sd
@@ -0,0 +1,11 @@
+#=DESCRIPTION profiles declared with the profile keyword can begin with var
+#=EXRESULT FAIL
+#=TODO
+# This test needs check on @{FOO} attachment having leading / post var expansion
+
+@{FOO}=bar baz
+@{BAR}=baz foo
+
+profile @{BAR} @{FOO} {
+  /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/vars/vars_profile_name_16.sd b/parser/tst/simple_tests/vars/vars_profile_name_16.sd
new file mode 100644
index 0000000..f2d66f2
--- /dev/null
+++ b/parser/tst/simple_tests/vars/vars_profile_name_16.sd
@@ -0,0 +1,8 @@
+#=DESCRIPTION var in sub profile name
+#=EXRESULT PASS
+
+@{FOO}=bar
+
+profile /does/not/exist {
+  profile foo@{FOO} { }
+}
diff --git a/parser/tst/simple_tests/vars/vars_profile_name_17.sd b/parser/tst/simple_tests/vars/vars_profile_name_17.sd
new file mode 100644
index 0000000..1c44b85
--- /dev/null
+++ b/parser/tst/simple_tests/vars/vars_profile_name_17.sd
@@ -0,0 +1,8 @@
+#=DESCRIPTION var in sub profile name
+#=EXRESULT PASS
+
+@{FOO}=bar
+
+profile /does/not/exist {
+  profile @{FOO} { }
+}
diff --git a/parser/tst/simple_tests/vars/vars_profile_name_18.sd b/parser/tst/simple_tests/vars/vars_profile_name_18.sd
new file mode 100644
index 0000000..fd5b54f
--- /dev/null
+++ b/parser/tst/simple_tests/vars/vars_profile_name_18.sd
@@ -0,0 +1,8 @@
+#=DESCRIPTION var in hat name
+#=EXRESULT PASS
+
+@{FOO}=bar
+
+profile /does/not/exist {
+  ^foo@{FOO} { }
+}
diff --git a/parser/tst/simple_tests/vars/vars_profile_name_19.sd b/parser/tst/simple_tests/vars/vars_profile_name_19.sd
new file mode 100644
index 0000000..1c44b85
--- /dev/null
+++ b/parser/tst/simple_tests/vars/vars_profile_name_19.sd
@@ -0,0 +1,8 @@
+#=DESCRIPTION var in sub profile name
+#=EXRESULT PASS
+
+@{FOO}=bar
+
+profile /does/not/exist {
+  profile @{FOO} { }
+}
diff --git a/parser/tst/simple_tests/vars/vars_profile_name_20.sd b/parser/tst/simple_tests/vars/vars_profile_name_20.sd
new file mode 100644
index 0000000..f2d66f2
--- /dev/null
+++ b/parser/tst/simple_tests/vars/vars_profile_name_20.sd
@@ -0,0 +1,8 @@
+#=DESCRIPTION var in sub profile name
+#=EXRESULT PASS
+
+@{FOO}=bar
+
+profile /does/not/exist {
+  profile foo@{FOO} { }
+}
diff --git a/parser/tst/simple_tests/vars/vars_profile_name_21.sd b/parser/tst/simple_tests/vars/vars_profile_name_21.sd
new file mode 100644
index 0000000..a27b94c
--- /dev/null
+++ b/parser/tst/simple_tests/vars/vars_profile_name_21.sd
@@ -0,0 +1,8 @@
+#=DESCRIPTION var in hat name
+#=EXRESULT PASS
+
+@{FOO}=bar
+
+profile /does/not/exist {
+  ^@{FOO} { }
+}
diff --git a/parser/tst/simple_tests/vars/vars_profile_name_22.sd b/parser/tst/simple_tests/vars/vars_profile_name_22.sd
new file mode 100644
index 0000000..a42afba
--- /dev/null
+++ b/parser/tst/simple_tests/vars/vars_profile_name_22.sd
@@ -0,0 +1,10 @@
+#=DESCRIPTION all attachment expansions must start with /
+#=EXRESULT FAIL
+#=TODO
+# This test needs check on @{FOO} attachment having leading / post var expansion
+
+@{FOO}=/bar baz
+
+profile /does/not/exist @{FOO} {
+  /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/vars/vars_profile_name_23.sd b/parser/tst/simple_tests/vars/vars_profile_name_23.sd
new file mode 100644
index 0000000..5bb2122
--- /dev/null
+++ b/parser/tst/simple_tests/vars/vars_profile_name_23.sd
@@ -0,0 +1,7 @@
+#=DESCRIPTION reference variables in profile name is undefined
+#=EXRESULT FAIL
+
+
+/does/not/exist@{FOO} {
+  /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/vars/vars_profile_name_24.sd b/parser/tst/simple_tests/vars/vars_profile_name_24.sd
new file mode 100644
index 0000000..ebfb403
--- /dev/null
+++ b/parser/tst/simple_tests/vars/vars_profile_name_24.sd
@@ -0,0 +1,8 @@
+#=DESCRIPTION reference variables is null
+#=EXRESULT FAIL
+
+@{FOO}=
+
+/does/not/exist@{FOO} {
+  /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/vars/vars_profile_name_25.sd b/parser/tst/simple_tests/vars/vars_profile_name_25.sd
new file mode 100644
index 0000000..56ce8ba
--- /dev/null
+++ b/parser/tst/simple_tests/vars/vars_profile_name_25.sd
@@ -0,0 +1,10 @@
+#=DESCRIPTION reference variables is null
+#=EXRESULT FAIL
+#=TODO
+#needs post var expansion check that variable contained a value
+
+@{FOO}=
+
+@{FOO} {
+  /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/vars/vars_profile_name_26.sd b/parser/tst/simple_tests/vars/vars_profile_name_26.sd
new file mode 100644
index 0000000..e81acb9
--- /dev/null
+++ b/parser/tst/simple_tests/vars/vars_profile_name_26.sd
@@ -0,0 +1,10 @@
+#=DESCRIPTION reference variables is null
+#=EXRESULT FAIL
+#=TODO
+#needs post var expansion check that variable contained a value
+
+@{FOO}=
+
+profile bar @{FOO} {
+  /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/vars/vars_profile_name_bad_1.sd b/parser/tst/simple_tests/vars/vars_profile_name_bad_1.sd
new file mode 100644
index 0000000..0b308c8
--- /dev/null
+++ b/parser/tst/simple_tests/vars/vars_profile_name_bad_1.sd
@@ -0,0 +1,8 @@
+#=DESCRIPTION bare profile names must start with /
+#=EXRESULT FAIL
+
+@{FOO}=bar
+
+@{FOO} {
+  /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/vars/vars_profile_name_bad_2.sd b/parser/tst/simple_tests/vars/vars_profile_name_bad_2.sd
new file mode 100644
index 0000000..009d0b8
--- /dev/null
+++ b/parser/tst/simple_tests/vars/vars_profile_name_bad_2.sd
@@ -0,0 +1,6 @@
+#=DESCRIPTION special @{profile_name} not defined for profile name declaration
+#=EXRESULT FAIL
+
+profile @{profile_name} {
+  /does/not/exist r,
+}
-- 
2.1.4




More information about the AppArmor mailing list