Hi John/Seth, Can you please guide me to resolve the above query on the header file with enabling many capabilities in the header file?
Thanks Murali.S On Thu, Apr 22, 2021 at 9:15 PM Murali Selvaraj <[email protected]> wrote: > > Hi John, > > I am still facing below error while parsing the profile. > > While parsing profiles sh -x /etc/apparmor/apparmor_parse.sh > AppArmor parser error for /nvram2/apparmor_boot/usr.bin.test in > /nvram2/apparmor_boot/usr.bin.test at line 5: syntax error, unexpected > TOK_SET_VAR, expecting TOK_ID or TOK_END_OF_RULE > > murali@linux:/nvram2/apparmor_boot# cat caps/common > @{default_caps}=chown,dac_override,dac_read_search,fowner,fsetid,kill,ipc_lock,sys_nice,setpcap,pc_owner,sys_ptrace,sys_chroot > > #include "/nvram2/apparmor_boot/caps/common" > profile test /usr/bin/test flags=(attach_disconnected) { > capability setuid, > capability setgid, > capability @{default_caps}, ===>> This line shows syntax error [ > syntax error, unexpected TOK_SET_VAR, expecting TOK_ID or > TOK_END_OF_RULE ] > /sys/devices/system/cpu/online r, > /etc/security/* r, > /proc/driver/ng1/* rw, > /proc/sys/kernel/ngroups_max r, > /usr/ccsp/ethagent/ r, > /proc/*/comm r, > /proc/*/auxv r, > /proc/*/cmdline r, > /proc/*/environ r, > /proc/*/limits r, > /proc/*/stat r, > } > > Can you please help us to resolve this error? > > Thanks > Murali.S > > On Thu, Apr 22, 2021 at 10:51 AM John Johansen > <[email protected]> wrote: > > > > On 4/20/21 10:01 AM, Murali Selvaraj wrote: > > > Hi All, > > > > > > As per our design , we are applying certain capabilities to all my > > > profiles. > > > > > > -> created custom include files as follow in #include "relative_path" > > > > > > @{default_caps}=chown,dac_override,dac_read_search,fowner,fsetid,kill,ipc_lock,sys_nice,setpcap,ipc_owner,sys_ptrace,sys_chroot > > > > > > -> Adding this header file in the required apparmor profiles. > > > #include "relative_path" > > > capability @{default_caps}, > > > > > > -> While parsing the apparmor profiles into Kernel, observing below > > > errors. > > > syntax error, unexpected TOK_EQUALS, expecting TOK_MODE > > > > > > Can someone help me to clarify the above queries. > > > > > > > At this time variable assignment can not be done in the profile body. It > > can only appear in the profile header. You need to rework your profile to do > > > > include "relative_path" > > > > profile example { > > > > capability @{default_caps}, > > } > > -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
