On Wed, Jun 17, 2015 at 04:21:12AM -0700, John Johansen wrote:
> The @{profile_name} is incorrectly expanded as a fully qualified path
> including its namespace if one was specified in the profile declaration.
>
> ie.
> profile :ns://a {
> ptrace @{profile_name},
> # expands to
> # ptrace :ns://a,
> }
>
> This is wrong however because within a profile if a rule refers
> to a namespace it will be wrt a sub-namespace. That is in the above
> example the ptrace rule is refering to a profile in a subnamespace
> "ns".
>
> Or from the current profile declaration scope
> :ns//ns://a
>
> Instead @{profile_name} should expand into the hname (hierarchical name),
> which is the profile hierarchy specification within the namespace the
> profile is part of.
>
> In this case
> a
>
> or for a child profile case
> profile :ns://a {
> profile b {
> ptrace @{profile_name},
> }
> }
>
> the hname expansion would be
> a//b
>
> Signed-off-by: John Johansen <[email protected]>
Again, with Christian's changes applied,
Acked-by: Steve Beattie <[email protected]>. Thanks!-- Steve Beattie <[email protected]> http://NxNW.org/~steve/
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
