Python utils lack support for path rules using the file keyword
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
Fix Released
|
Medium
|
Tyler Hicks | ||
apparmor (Ubuntu) |
Fix Released
|
Medium
|
Tyler Hicks | ||
Trusty |
Fix Released
|
Undecided
|
Unassigned | ||
Utopic |
Fix Released
|
Medium
|
Tyler Hicks |
Bug Description
aa.py doesn't support "file," rules and emits a traceback when encountering them:
$ mkdir /tmp/profs
$ printf "profile file {\n file,\n}" > /tmp/profs/file
$ sudo aa-enforce -d /tmp/profs /tmp/profs/file
Traceback (most recent call last):
File "./aa-enforce", line 30, in <module>
tool.
File "/var/scm/
apparmor.
File "/var/scm/
read_
File "/var/scm/
profile_data = parse_profile_
File "/var/scm/
raise AppArmorExcepti
apparmor.
Related branches
Changed in apparmor (Ubuntu): | |
importance: | Undecided → Medium |
status: | New → Triaged |
Changed in apparmor: | |
status: | Triaged → In Progress |
assignee: | nobody → Tyler Hicks (tyhicks) |
summary: |
- Python utils lack support for bare file rules + Python utils lack support for path rules using the file keyword |
Changed in apparmor (Ubuntu): | |
assignee: | nobody → Tyler Hicks (tyhicks) |
status: | Triaged → In Progress |
Changed in apparmor (Ubuntu Trusty): | |
status: | New → Fix Released |
Changed in apparmor: | |
milestone: | none → 2.9.0 |
This is affecting me, as aa-enable keeps bailing out on abstractions installed by the lxc package:
$ sudo aa-enforce /usr/lib/ chromium- browser/ chromium- browser aa-enforce" , line 30, in <module> cmd_enforce( ) python3/ dist-packages/ apparmor/ tools.py" , line 153, in cmd_enforce read_profiles( ) python3/ dist-packages/ apparmor/ aa.py", line 2558, in read_profiles profile( profile_ dir + '/' + file, True) python3/ dist-packages/ apparmor/ aa.py", line 2584, in read_profile data(data, file, 0) python3/ dist-packages/ apparmor/ aa.py", line 2914, in parse_profile_data include( include_ name) python3/ dist-packages/ apparmor/ aa.py", line 4170, in load_include data(data, incfile, True) python3/ dist-packages/ apparmor/ aa.py", line 3031, in parse_profile_data on(_('Syntax Error: Unknown line found in file: %s line: %s') % (file, lineno + 1)) common. AppArmorExcepti on: 'Syntax Error: Unknown line found in file: abstractions/ lxc/start- container line: 2'
Traceback (most recent call last):
File "/usr/sbin/
tool.
File "/usr/lib/
apparmor.
File "/usr/lib/
read_
File "/usr/lib/
profile_data = parse_profile_
File "/usr/lib/
load_
File "/usr/lib/
incdata = parse_profile_
File "/usr/lib/
raise AppArmorExcepti
apparmor.