[Touch-packages] [Bug 1733700] Re: apparmor python tools do not understand 'include' rules

Mon, 18 Dec 2017 11:41:16 -0800 

** Changed in: apparmor
     Assignee: (unassigned) => Jamie Strandboge (jdstrand)

** Changed in: apparmor
       Status: Triaged => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1733700

Title:
  apparmor python tools do not understand 'include' rules

Status in AppArmor:
  In Progress
Status in apparmor package in Ubuntu:
  New
Status in apparmor source package in Trusty:
  New
Status in apparmor source package in Xenial:
  New
Status in apparmor source package in Zesty:
  New
Status in apparmor source package in Artful:
  New
Status in apparmor source package in Bionic:
  New

Bug description:
  The apparmor_parser now supports 'include' rules in addition to
  '#include', but the python tools only understand '#include'. This
  manifested itself in Ubuntu in bug #1734038 (see
  https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1734038/comments/15
  of that bug for details).

  Reproducer:

  $ mkdir /tmp/test

  $ cat /etc/apparmor.d/lp1733700
  profile lp1733700 {
    include "/tmp/test"
  }

  $ apparmor_parser -QTK /etc/apparmor.d/lp1733700 && echo ok
  ok

  $ sudo aa-enforce /etc/apparmor.d/lp1733700
  ERROR: Syntax Error: Missing '}' or ','. Reached end of file 
/etc/apparmor.d/lp1733700 while inside profile lp1733700

  Changing the 'include' to '#include' results in:
  $ sudo aa-enforce /etc/apparmor.d/lp1733700 
  Setting /etc/apparmor.d/lp1733700 to enforce mode.

  At least aa-logprof is also affected.

  = Original report =
  On Ubuntu artful, I'm seeing the following behavior:

      $ aa-enforce usr.bin.chromium-browser
      
      ERROR: Syntax Error: Unknown line found in file 
/etc/apparmor.d/snap.core.3440.usr.lib.snapd.snap-confine line 15:
          include "/var/lib/snapd/apparmor/snap-confine.d"   /etc/ld.so.cache r,

  I have never touched snap.core.3440.usr.lib.snapd.snap-confine.
  This is snapd 2.28.5+17.10.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1733700/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to