subject:"\[Touch\-packages\] \[Bug 1639660\] Re\: apparmor\-parse cannot parse profile with stacking \/\/"

[Touch-packages] [Bug 1639660] Re: apparmor-parse cannot parse profile with stacking //

2016-11-07 Thread John Johansen

Alright I have replicated and there is indeed a problem here. It will
work if the first profile starts with a / but fails when it doesn't


** Changed in: apparmor (Ubuntu)
   Status: New => Confirmed

** Changed in: apparmor (Ubuntu)
 Assignee: (unassigned) => John Johansen (jjohansen)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1639660

Title:
  apparmor-parse cannot parse profile  with stacking //&

Status in apparmor package in Ubuntu:
  Confirmed

Bug description:
  I am experimenting with the new profile stacking feature of AppArmor
  on Ubuntu 16.10.

  However, when trying the load a profile with stacking ("//&" ), the
  apparmor-parser will report the following erros:

  AppArmor parser error for /etc/apparmor.d/root.test.shell in
  /etc/apparmor.d/root.test.shell at line 8: syntax error, unexpected
  TOK_ID, expecting TOK_END_OF_RULE.

  The system is Ubuntu 16.10 Server edition.  I am trying to confine a
  test program at /root/test/shell.  The profile looks like the
  following:

  #include 
  /root/test/shell {
#include 

/bin/touch ix,
/root/test/read px -> readtest1 //& readtest2,
/root/test/shell mr,

profile readtest1 {
  #include 
  /root/test/file1 r,
  /root/test/read mr,
}

profile readtest2 {
  #include 
  /root/test/file2 r,
  /root/test/read mr,
}
  }

  If the stacking works, when the /root/test/shell execs
  /root/test/read, it should not be able to read either file1 or file2.

  I am not sure if I am using the stacking in the wrong way, or there is
  a bug in userspace support for stacking.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1639660/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1639660] Re: apparmor-parse cannot parse profile with stacking //

2016-11-07 Thread Yuqiong Sun

Hi John,

Thanks for the quick reply.

I did what you suggested, but it looks like it is still not working.

After I remove the whitespace, I still have the same error:

AppArmor parser error for root.test.shell in root.test.shell at line 7:
syntax error, unexpected TOK_ID, expecting TOK_END_OF_RULE

Then I tried the quote, the error message changes to the following:

AppArmor parser error for root.test.shell in root.test.shell at line 7:
Found unexpected character: '"'

Thanks.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1639660

Title:
  apparmor-parse cannot parse profile  with stacking //&

Status in apparmor package in Ubuntu:
  New

Bug description:
  I am experimenting with the new profile stacking feature of AppArmor
  on Ubuntu 16.10.

  However, when trying the load a profile with stacking ("//&" ), the
  apparmor-parser will report the following erros:

  AppArmor parser error for /etc/apparmor.d/root.test.shell in
  /etc/apparmor.d/root.test.shell at line 8: syntax error, unexpected
  TOK_ID, expecting TOK_END_OF_RULE.

  The system is Ubuntu 16.10 Server edition.  I am trying to confine a
  test program at /root/test/shell.  The profile looks like the
  following:

  #include 
  /root/test/shell {
#include 

/bin/touch ix,
/root/test/read px -> readtest1 //& readtest2,
/root/test/shell mr,

profile readtest1 {
  #include 
  /root/test/file1 r,
  /root/test/read mr,
}

profile readtest2 {
  #include 
  /root/test/file2 r,
  /root/test/read mr,
}
  }

  If the stacking works, when the /root/test/shell execs
  /root/test/read, it should not be able to read either file1 or file2.

  I am not sure if I am using the stacking in the wrong way, or there is
  a bug in userspace support for stacking.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1639660/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1639660] Re: apparmor-parse cannot parse profile with stacking //

2016-11-06 Thread John Johansen

Yuqiong Sun,

the parser is sensitive to white space. If your profile has white space
in the name you will need to use quotes around it

  /root/test/read px -> "readtest1 //& readtest2",

otherwise you will need to remove the white space and specify it as

  /root/test/read px -> readtest1//,

ideally the parser would properly handle white space in this situation
and properly parse this but at the moment it doesn't.  If this fixes
your problem I will mark this bug as a wish list feature. If not please
let us know so we can further debug the problem.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1639660

Title:
  apparmor-parse cannot parse profile  with stacking //&

Status in apparmor package in Ubuntu:
  New

Bug description:
  I am experimenting with the new profile stacking feature of AppArmor
  on Ubuntu 16.10.

  However, when trying the load a profile with stacking ("//&" ), the
  apparmor-parser will report the following erros:

  AppArmor parser error for /etc/apparmor.d/root.test.shell in
  /etc/apparmor.d/root.test.shell at line 8: syntax error, unexpected
  TOK_ID, expecting TOK_END_OF_RULE.

  The system is Ubuntu 16.10 Server edition.  I am trying to confine a
  test program at /root/test/shell.  The profile looks like the
  following:

  #include 
  /root/test/shell {
#include 

/bin/touch ix,
/root/test/read px -> readtest1 //& readtest2,
/root/test/shell mr,

profile readtest1 {
  #include 
  /root/test/file1 r,
  /root/test/read mr,
}

profile readtest2 {
  #include 
  /root/test/file2 r,
  /root/test/read mr,
}
  }

  If the stacking works, when the /root/test/shell execs
  /root/test/read, it should not be able to read either file1 or file2.

  I am not sure if I am using the stacking in the wrong way, or there is
  a bug in userspace support for stacking.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1639660/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1639660] Re: apparmor-parse cannot parse profile with stacking //

[Touch-packages] [Bug 1639660] Re: apparmor-parse cannot parse profile with stacking //

[Touch-packages] [Bug 1639660] Re: apparmor-parse cannot parse profile with stacking //

3 matches

Site Navigation

Mail list logo

Footer information