Hi,
The issue with the failing profile is that there are legitimate
conflicting X transitions:
# encrypted ~/.Private and old-style encrypted $HOME
owner @{HOME}/.Private/** mrixwlk,
# new-style encrypted $HOME
owner @{HOMEDIRS}/.ecryptfs/*/.Private/** mrixwlk,
and
owner @{HOMEDIRS}/bin/** Pixmr,
where HOMEDIRS = /home/ and HOME = /home/*, that results in:
/home/*/.Private/** mrixwlk,
/home/bin/** Pixmr,
even adjusting the latter rule to be @{HOME} rather than @{HOMEDIRS}
still results in a conflict with the "new-style encrypted $HOME" rule:
/home/.ecryptfs/*/.Private/** mrixwlk,
/home/*/bin/** Pixmr,
However, the parser has been updated to have a slightly better error
message when conflicts like this occur, currently it reports the
following when given profiles such as these:
$ apparmor_parser -Q bug_fails.p
profile has merged rule with conflicting x modifiers
ERROR processing regexs for profile confined_user, failed to load
though ideally it would give a better indication as to which rules are
conflicting.
I'm going to mark this bug as incomplete as the error message has been
improved, but ideally would be improved more; however, I'm not sure at
the point where the DFA computation detects that there are overlapping
'x' rules it has enough information to backtrack to identify which rules
are problematic.
** Changed in: apparmor (Ubuntu)
Status: Confirmed => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/670639
Title:
apparmor_parser dfa dominance is incorrect
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/670639/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
