apparmor parser fails due to matchflags not being reset
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Undecided
|
Steve Beattie | ||
Quantal |
Fix Released
|
Undecided
|
Steve Beattie |
Bug Description
The apparmor parser fails when parsing the following policy due to the matchflags in the dfa backend not being reset:
/usr/bin/
/usr/bin/profile1 Cx -> profile1,
/usr/bin/profile2 Cx -> profile2,
/usr/bin/profile3 Cx -> profile3,
/usr/bin/profile4 Cx -> profile4,
/usr/bin/profile5 Cx -> profile5,
/usr/bin/profile6 Cx -> profile6,
profile profile1 {
}
profile profile2 {
}
profile profile3 {
}
profile profile4 {
/usr/
/usr/bin/dpkg Ux,
}
profile profile5 {
}
profile profile6 {
}
}
like so:
$ apparmor_parser -Q x-conflict2.sd
profile has merged rule with conflicting x modifiers
ERROR processing regexs for profile profile4, failed to load
tags: |
added: verification-done-precise verification-needed removed: verification-done |
tags: |
added: verification-done-precise removed: verification-needed-precise |
Attached is a debdiff for raring that addresses the issue. Packages built based on this pass the lp:qa-regression-testsuite apparmor test script. Debdiffs for quantal and precise SRU will follow.