[apparmor] [patch 22/26] change syntax to specify a signals target from
John Johansen
john.johansen at canonical.com
Fri Mar 28 14:20:07 UTC 2014
fix: the what is treated and a condlistid
The match
{VARIABLE_NAME}/{WS}*={WS}*\(
is too broad causing mount and dbus rules to fail for sets of values eg.
mount options=(ro bind)
Instead of doing a broad match, for now lets lock it down to just
peer=(...) being the only cond that can cause entry into CONDLISTID
Signed-off-by: John Johansen <john.johansen at canonical.com>
---
parser/parser_lex.l | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- 2.9-test.orig/parser/parser_lex.l
+++ 2.9-test/parser/parser_lex.l
@@ -295,7 +295,7 @@
}
<INITIAL,MOUNT_MODE,DBUS_MODE,SIGNAL_MODE>{
- {VARIABLE_NAME}/{WS}*={WS}*\( {
+ peer/{WS}*={WS}*\( {
/* we match to the = in the lexer so that we can switch scanner
* state. By the time the parser see the = it may be too late
* as bison may have requested the next token from the scanner
This patch needs the following additional patch on it
More information about the AppArmor
mailing list