[apparmor] Apparmor parser error ... syntax error, unexpected TOK_EQUALS, expecting TOK_MODE
Robert Munteanu
robert.munteanu at gmail.com
Tue Sep 22 08:13:44 UTC 2015
On Tue, Sep 22, 2015 at 11:09 AM, John Johansen
<john.johansen at canonical.com> wrote:
> << snip >>
>
>>>>> Sure, attached. I find it strange that the output ends with a
>>>>>
>>>>> @{HOME}=
>>>>>
>>>>> line, which would explain the error. However, I don't have such a line
>>>>> in my /etc/apparmor.d directory
>>>>>
>>>> So this is an artifact of how the parser is processing variables.
>>>>
>>>> The defines are read and partially processed during the preprocessing phase of
>>>> the parse and it is choking on @{HOME}= being assigned inside of the profile
>>>> scope (currently vars can only be defined in the header).
>>>>
>>>> What you need to look for is a file in <apache2.d> that is including
>>>> <tunables/global>
>>>
>>> That's right , there's a apache2.d/wordpress file which has that include
>>>
>>> Removing it makes the error go away, which is good. On the other hand,
>>> the wordpress file, which contains
>>>
>>> ^wordpress {
>>> #include <abstractions/base>
>>> #include <abstractions/nameservice>
>>> #include <abstractions/apache2-common>
>>> #include <abstractions/php5>
>>> /srv/www/wordpress/ r,
>>> /srv/www/wordpress/** r,
>>> /srv/www/wordpress/wp-content/** w,
>>> /var/log/apache2/** w,
>>> /srv/www/mod_pagespeed/cache/** w,
>>> /etc/wordpress/wp-config.php r,
>>> @{PROC}/@{pid}/statm r,
>>> }
>>>
>>> makes apparmor_parser complain:
>>>
>>> $ apparmor_parser -r wordpress
>>> Found reference to variable PROC, but is never declared
>>>
>
> strange, @{PROC} is definitely defined earlier,
>
> can you provide me an updated output for
> apparmor_parser -p /etc/apparmor.d/usr.sbin.httpd2-prefork
Sure, it's attached.
The question is though - should I call apparmor_parser on
apache.d/wordpress ( which is a fragment ) or is it enough to call it
on usr.sbin.httpd2-prefork ?
Thanks,
Robert
--
http://robert.muntea.nu/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: httpd-prefork-expanded
Type: application/octet-stream
Size: 100057 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150922/ea06a348/attachment-0001.obj>
More information about the AppArmor
mailing list