[apparmor] What are "AARE"s, exactly?
TheDiveO at gmx.eu
TheDiveO at gmx.eu
Mon Mar 1 08:34:32 UTC 2021
Hi,
thank you very much for taking the time to answering my questions about AAREs and also for going to update the man page of apparmor.d! These upcoming changes help a lot in order to make the link between AAREs and globbing, as well as variable substitution.
What might (still) be left are the grammar definitions for FILEGLOB and AARE; are they actually the same or is AARE the "superset" of FILEGLOB due to it allowing for VARIABLE? If FILEGLOB and AARE actually are the same, would it make sense to then boil them down into a single grammar element, preferably AARE? Why AARE: because of VARIABLE, to distinguish from "plain" FILEGLOB.
In consequence, it would also help to specifically reference the "Globbing (AARE)" section from the "Format" section:
AARE = ?*[]{}^ See section "Globbing (AARE)" below for meanings.
Now, that begs for expanding on AARE grammar, which admittedly is a gory issue, try finding a proper globbing grammar :/
But one important aspect here is that contrary to (sh?) range negation "[!]", AppArmor uses [^] similar to typical regex'es.
Another question here is: does AppArmor AARE explicitly support character classes, or is this an undocumented and un-guaranteed side-effect of the Python-based implementation of the parser?
With best regards,
Harald
More information about the AppArmor
mailing list