[apparmor] What are "AARE"s, exactly?

Christian Boltz apparmor at cboltz.de
Mon Mar 1 18:46:24 UTC 2021 

Hello,

Am Montag, 1. März 2021, 09:34:32 CET schrieb TheDiveO at gmx.eu:
> What might (still) be left are the grammar definitions for FILEGLOB
> and AARE; are they actually the same or is AARE the "superset" of
> FILEGLOB due to it allowing for VARIABLE? If FILEGLOB and AARE
> actually are the same, would it make sense to then boil them down
> into a single grammar element, preferably AARE? Why AARE: because of
> VARIABLE, to distinguish from "plain" FILEGLOB.

I'd say that FILEGLOB and AARE are very close from a user's point of 
view, but there are some technical details under the hood (and "funny" 
things the syntax allows, but that qualify as "please don't try this at 
home" ;-) so we probably will keep them listed separately.

One of these details is that variable expansion is done first, before 
doing any plaintext or AARE matching, so strictly speaking variables are 
not really part of AARE. However, from a user's point of view this 
doesn't really matter.

> In consequence, it would also help to specifically reference the
> "Globbing (AARE)" section from the "Format" section:
> 
>   AARE = ?*[]{}^ See section "Globbing (AARE)" below for meanings.

Good idea.

Submitted as https://gitlab.com/apparmor/apparmor/-/merge_requests/715 
(includes the changes from my previous mail).

> Now, that begs for expanding on AARE grammar, which admittedly is a
> gory issue, try finding a proper globbing grammar :/
> 
> But one important aspect here is that contrary to (sh?) range negation
> "[!]", AppArmor uses [^] similar to typical regex'es.

At least in bash, both   ls [^p]*   and   ls [!p]*   work.

> Another question here is: does AppArmor AARE explicitly support
> character classes, or is this an undocumented and un-guaranteed
> side-effect of the Python-based implementation of the parser?

This is a side effect of the python implementation, which is "close 
enough" to what apparmor_parser does, but not exactly the same.


Regards,

Christian Boltz
-- 
Infrastructure is, by definition, boring. Whenever people in Infra
have an interesting day, somebody is going to write a postmortem.
[Kris Köhntopp in
https://plus.google.com/+KristianKöhntopp/posts/MBYz6YRNWQ5]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20210301/7cd5f0f7/attachment-0001.sig>

More information about the AppArmor mailing list