[apparmor] [patch] Fix user-download abstraction for non-latin file names

Vincas Dargis vindrg at gmail.com
Mon Apr 17 13:27:45 UTC 2017


I have noticed that abstractions/user-download profile allows to download into home directory, while protecting dot files:

owner @{HOME}/[a-zA-Z0-9]*           rwl,

Though it fails for files with non-latin symbols, tested with /usr/bin/tee copied to /usr/local/bin/testtee with minimal 
profile using user-download abstraction:

echo "foo" | testtee ~/ąčęėįšųūž
testtee: /home/vincas/ąčęėįšųūž: Permission denied

When file rule is changed into:

owner @{HOME}/[^.]*		     rwl,

It works as expected:

$ echo "foo" | testtee ~/ąčęėįšųūž

$ echo "foo" | testtee ~/.bashrc
testtee: /home/vincas/.bashrc: Permission denied
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix-apparmor-user-download-nonlatin.patch
Type: text/x-diff
Size: 547 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170417/8a051a2e/attachment.patch>

More information about the AppArmor mailing list