parser accepts " /foo x -> /bar," as valid rule
Bug #1532578 reported by
Christian Boltz
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
New
|
Undecided
|
Unassigned |
Bug Description
If you try to use a file rule like
/foo x,
the parser complains that you need to use ix, Px, Cx etc - good.
However, if you add an exec target like
/foo x -> /bar,
it will happily accept that rule.
Reproducer:
echo '/t { /foo x -> /bar, }' | /sbin/apparmor_
surprisingly accepts the rule as valid.
I'd expect that only deny rules allow to use a plain 'x':
deny /foo x,
To post a comment you must log in.