Public bug reported:
I am experimenting with the new profile stacking feature of AppArmor on
Ubuntu 16.10.
However, when trying the load a profile with stacking ("//&" ), the
apparmor-parser will report the following erros:
AppArmor parser error for /etc/apparmor.d/root.test.shell in
/etc/apparmor.d/root.test.shell at line 8: syntax error, unexpected
TOK_ID, expecting TOK_END_OF_RULE.
The system is Ubuntu 16.10 Server edition. I am trying to confine a
test program at /root/test/shell. The profile looks like the following:
#include <tunables/global>
/root/test/shell {
#include <abstractions/base>
/bin/touch ix,
/root/test/read px -> readtest1 //& readtest2,
/root/test/shell mr,
profile readtest1 {
#include <abstractions/base>
/root/test/file1 r,
/root/test/read mr,
}
profile readtest2 {
#include <abstractions/base>
/root/test/file2 r,
/root/test/read mr,
}
}
If the stacking works, when the /root/test/shell execs /root/test/read,
it should not be able to read either file1 or file2.
I am not sure if I am using the stacking in the wrong way, or there is a
bug in userspace support for stacking.
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1639660
Title:
apparmor-parse cannot parse profile with stacking //&
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1639660/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
