** Changed in: apparmor Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1262938
Title: Mount and D-Bus rules aren't being optimized correctly Status in AppArmor Linux application security framework: Fix Released Status in “apparmor” package in Ubuntu: Fix Released Bug description: I noticed that mount and dbus rules weren't being optimized correctly when a more permissive rule follows. For example, 'mount fstype=foo, mount' should result in the 'mount fstype=foo,' rule being optimized away. That rule is currently not optimized away and, oddly enough, the last 'o' in foo is truncated. Here's a more clear example with ext2 and ext3 fstypes: $ echo "/t { mount fstype=ext2, mount, }" | apparmor_parser -qQD dfa-states 2>ext2 $ echo "/t { mount fstype=ext3, mount, }" | apparmor_parser -qQD dfa-states 2>ext3 $ md5sum ext2 ext3 e5d4e0b335b1bb530fbff8e0cdfa7337 ext2 e5d4e0b335b1bb530fbff8e0cdfa7337 ext3 $ cat ext2 {1} <== (allow/deny/audit/quiet) {6} (0x 2/0/0/0) {1} -> {2}: 0x7 {2} -> {3}: 0x0 {2} -> {2}: [] {3} -> {4}: 0x0 {3} -> {3}: [] {4} -> {6}: 0x0 {4} -> {7}: 0x65 e {4} -> {5}: [] {5} -> {6}: 0x0 {5} -> {5}: [] {6} (0x 2/0/0/0) -> {6}: [^\0x0] {7} -> {6}: 0x0 {7} -> {8}: 0x78 x {7} -> {5}: [] {8} -> {6}: 0x0 {8} -> {5}: 0x74 t {8} -> {5}: [] While the md5sum of the ext2 and ext3 files should be equal, they should not contain any remnants of the fstype=ext2 or fstype=ext3 conditional. Off the top of his head, JJ thinks that it has to do with the DFA minimization in parser/libapparmor_re/hfa.cc. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1262938/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp