subject:"\[Bug 1446794\] Re\: parser error with 'deny change

[Bug 1446794] Re: parser error with 'deny change_profile'

2016-05-17 Thread John Johansen

The deny modifier has been fixed in the 2.11 parser. However, the audit
modifier is not properly supported by the backend permission format and
will result in equality.sh failing

With the above patch to equality.sh, the failures all involve audit
which is being silently dropped in permission encoding:

Binary inequality audit, deny, and audit deny modifiers for "change_profile -> 
unconfined"
FAIL: Hash values match
known-good (e01d6f3ba173df734864ab965521e195) == profile-under-test 
(e01d6f3ba173df734864ab965521e195) for the following profile:
/t { audit change_profile -> unconfined, }

Binary inequality audit, deny, and audit deny modifiers for "change_profile -> 
unconfined"
FAIL: Hash values match
known-good (e01d6f3ba173df734864ab965521e195) == profile-under-test 
(e01d6f3ba173df734864ab965521e195) for the following profile:
/t { audit allow change_profile -> unconfined, }

.Binary inequality deny and audit deny modifiers for "change_profile -> 
unconfined"
FAIL: Hash values match
known-good (0f104a93d8f001f0f780702c8ff255b7) == profile-under-test 
(0f104a93d8f001f0f780702c8ff255b7) for the following profile:
/t { audit deny change_profile -> unconfined, }

..Binary inequality audit, deny, and audit deny modifiers for "change_profile 
-> /**"
FAIL: Hash values match
known-good (df13fc0410c7ea6bce4c4ef14cfd504d) == profile-under-test 
(df13fc0410c7ea6bce4c4ef14cfd504d) for the following profile:
/t { audit change_profile -> /**, }

Binary inequality audit, deny, and audit deny modifiers for "change_profile -> 
/**"
FAIL: Hash values match
known-good (df13fc0410c7ea6bce4c4ef14cfd504d) == profile-under-test 
(df13fc0410c7ea6bce4c4ef14cfd504d) for the following profile:
/t { audit allow change_profile -> /**, }

.Binary inequality deny and audit deny modifiers for "change_profile -> /**"
FAIL: Hash values match
known-good (0f104a93d8f001f0f780702c8ff255b7) == profile-under-test 
(0f104a93d8f001f0f780702c8ff255b7) for the following profile:
/t { audit deny change_profile -> /**, }

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1446794

Title:
  parser error with 'deny change_profile'

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1446794/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1446794] Re: parser error with 'deny change_profile'

2015-07-22 Thread Steve Beattie

AppArmor 2.10 has fixed the parsing issue; however, the policy generated
does not actually deny the change_profile.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1446794

Title:
  parser error with 'deny change_profile'

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1446794/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1446794] Re: parser error with 'deny change_profile'

2015-07-22 Thread Steve Beattie

The following is a patch against the parser's policy equality and
inequality test script that demonstrates that 'deny change_profile'
policy is not being generated correctly:

Index: b/parser/tst/equality.sh
===
--- a/parser/tst/equality.sh
+++ b/parser/tst/equality.sh
@@ -285,7 +285,8 @@ for rule in "capability" "capability mac
"file /f r" "file /f w" "file /f rwmlk" \
"link /a -> /b" "link subset /a -> /b" \
"l /a -> /b" "l subset /a -> /b" \
-   "file l /a -> /b" "l subset /a -> /b"
+   "file l /a -> /b" "l subset /a -> /b" \
+   "change_profile -> unconfined" "change_profile -> /**"
 do
verify_binary_equality "allow modifier for \"${rule}\"" \
"/t { ${rule}, }" \

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1446794

Title:
  parser error with 'deny change_profile'

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1446794/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1446794] Re: parser error with 'deny change_profile'

[Bug 1446794] Re: parser error with 'deny change_profile'

[Bug 1446794] Re: parser error with 'deny change_profile'

3 matches

Site Navigation

Mail list logo

Footer information