[apparmor] policy variables not working as intended
Ryan Lee
ryan.lee at canonical.com
Fri Feb 7 18:05:34 UTC 2025
Hi Ian,
Can you check if the rule
@{lib}/**.so* mr,
works for you?
If so, the issue is that your use of the variable creates a rule that
starts with two slashes, which currently isn't collapsed down into a single
slash. You can check https://gitlab.com/apparmor/apparmor/-/issues/450 for
more information.
Ryan
On Fri, Feb 7, 2025 at 9:50 AM Ian Merin <Ian.Merin at entrust.com> wrote:
> I’ve looked for documentation on variables to determine if I am using them
> incorrectly but I cannot find very much information about variables.
>
>
>
> I have created a variable @{lib}=/{,usr/}lib{,64}/
>
>
>
> And created a rule as such
>
>
>
> /@{lib}/**.so* mr,
>
>
>
> This rule appears to do nothing. If I substitute the value of @{lib} into
> the rule:
>
>
>
> /{,usr/}lib{,64}/**.so* mr,
>
>
>
> It works exactly as I expect it to. I have tried every possible
> combination of slashes for the variable with no luck. As far as I can
> tell, on apparmor and libapparmor v 3.1.2
>
>
>
> Thanks,
>
>
>
> Ian
> *Any email and files/attachments transmitted with it are intended solely
> for the use of the individual or entity to whom they are addressed. If this
> message has been sent to you in error, you must not copy, distribute or
> disclose of the information it contains. Please notify Entrust immediately
> and delete the message from your system.*
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20250207/a2534e38/attachment.html>
More information about the AppArmor
mailing list