[pkg-apparmor] Bug#1003158: Bug#1003158: apparmor: tunables/home seems to have wrong order of variables
Seth Arnold
seth.arnold at canonical.com
Fri Jan 7 04:19:54 GMT 2022
On Thu, Jan 06, 2022 at 08:38:32PM +0100, Christian Boltz wrote:
> Am Mittwoch, 5. Januar 2022, 23:09:01 CET schrieb Karsten Hilbert:
> > Unless I misunderstand apparmor profile logic it is not
> > purely cosmetic. It excludes "/home/*/" from @{HOME}.
>
> That's the difference between a human parser (you) and apparmor_parser
> ;-) - you think of the profile as "code" (where order matters) while
> apparmor_parser (mostly) doesn't care about the order.
>
> I'll try to explain how apparmor_parser works using pseudo-SQL:
Another way to look at this is through a quick test:
$ cat test_profile
@{A}=@{B} /a/
@{B}=/b/
@{A}+=/c/
profile p {
@{A} r,
}
$ apparmor_parser -Qd < test_profile
----- Debugging built structures -----
Name: p
Profile Mode: Enforce
--- Entries ---
Mode: r:r Name: ({/b/,/a/,/c/})
$
Maybe a simple example will be more clear :)
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-apparmor-team/attachments/20220107/7252a9b0/attachment.sig>
More information about the pkg-apparmor-team
mailing list