apparmor does not expand variables within dbus rules

Bug #1218099 reported by Jamie Strandboge
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Fix Released
High
Jamie Strandboge
Saucy
Fix Released
High
Jamie Strandboge
apparmor-easyprof-ubuntu (Ubuntu)
Fix Released
High
Jamie Strandboge
Saucy
Fix Released
High
Jamie Strandboge

Bug Description

$ cat /tmp/test_var_in_dbus_rule
@{APP_ID_DBUS}="com_2eubuntu_2edropping_2dletters_5fdropping_2dletters_5f0_2e1_2e2_2e2"
profile test_var_in_dbus_rule {
  dbus (send)
       bus=session
       path="/com/canonical/hud/applications/@{APP_ID_DBUS}",
}

$ apparmor_parser -p /tmp/test_var_in_dbus_rule
@{APP_ID_DBUS}="com_2eubuntu_2edropping_2dletters_5fdropping_2dletters_5f0_2e1_2e2_2e2"
profile test_var_in_dbus_rule {
  dbus (send)
       bus=session
       path="/com/canonical/hud/applications/@{APP_ID_DBUS}",
}

$ sudo apparmor_parser -r /tmp/test_var_in_dbus_rule
apparmor_parser: Regex grouping error: Invalid number of items between {}
apparmor_parser: Unable to parse input line '/com/canonical/hud/applications/@{APP_ID_DBUS}'
ERROR processing policydb rules for profile test_var_in_dbus_rule, failed to load
[1]

Changed in apparmor (Ubuntu Saucy):
status: New → Triaged
Changed in apparmor-easyprof-ubuntu (Ubuntu Saucy):
status: New → Triaged
Changed in apparmor (Ubuntu Saucy):
importance: Undecided → High
Changed in apparmor-easyprof-ubuntu (Ubuntu Saucy):
importance: Undecided → High
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in apparmor (Ubuntu Saucy):
status: Triaged → New
Tyler Hicks (tyhicks)
Changed in apparmor (Ubuntu Saucy):
assignee: nobody → Tyler Hicks (tyhicks)
milestone: none → ubuntu-13.09
status: New → Triaged
tags: added: application-confinement appstore
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Steve committed r2161 for this to trunk. I'll prepare the upload for 13.10.

Changed in apparmor (Ubuntu Saucy):
assignee: Tyler Hicks (tyhicks) → Jamie Strandboge (jdstrand)
status: Triaged → In Progress
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

I didn't reference it in the changelog, but apparmor-easyprof-ubuntu now uses dbus rules with APP_ID_DBUS in 1.0.24.

Changed in apparmor-easyprof-ubuntu (Ubuntu Saucy):
status: Triaged → Fix Released
Changed in apparmor (Ubuntu Saucy):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.8.0-0ubuntu26

---------------
apparmor (2.8.0-0ubuntu26) saucy; urgency=low

  * debian/patches/0064-lp1218099.patch: add support for variable expansion in
    dbus rules (LP: #1218099)
 -- Jamie Strandboge <email address hidden> Thu, 29 Aug 2013 16:28:36 -0500

Changed in apparmor (Ubuntu Saucy):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.