[apparmor] wildcard syntax
John Johansen
john.johansen at canonical.com
Sat Jan 11 11:31:26 UTC 2020
On 1/10/20 9:38 PM, mailing list wrote:
> Hi there,
>
> does AA understand the ? as a wildcard for single characters?
> E.g. VirtualBox seems to want creating temporary files like
>
> $HOME/#45678361
>
> These temp files always start with hash key symbol which may
> additionally trouble AA rule?
>
> Would the rule
>
> $HOME/#???????? mrw,
>
> cover the syntax of such temp files? What about the hash key.
>
> Do I need to tell AA to see the hash key/pound symbol only as "plain
> symbol"?
>
> Ok, I now tried
> $HOME/#???????? mrw,
> The pound sign seem to be seen just as plain symbol, as desired.
>
$HOME is not a valid apparmor path expansion variable. You would use
@{HOME}/#???????? mrw,
The apparmor globbing syntax uses
* - match zero or more of anything up to but not including the directory / it is roughly equivalent to pcre [^/\x00]*
** - match zero or more of anything including traversing directory / it is roughly equivalent to pcre [^\x00]*
[] - character class
[^] - inverted character class
? - any single character not including the directory / which is a pcre [^/\00]
{,} - alternation pcre (|)
\ is used as an escape to encode special characters
# is not a special character.
More information about the AppArmor
mailing list