mirror of
https://gitlab.com/apparmor/apparmor
synced 2025-08-30 22:05:27 +00:00
parser: ignore feature abi rules
AppArmor 3.0 requires policy to use a feature abi rule for access to new features. However some policy may start using abi rules even if they don't have rules that require new features. This is especially true for out of tree policy being shipped in other packages. Add enough support to older releases that the parser will ignore the abi rule and warn that it is falling back to the apparmor 2.x technique of using the system abi. If the profile contains rules that the older parser does not understand it will fail policy compilation at the unknown rule instead of the abi rule. PR: https://gitlab.com/apparmor/apparmor/merge_requests/196 Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
This commit is contained in:
John Johansen
@@ -111,6 +111,7 @@ static struct keyword_table keyword_table[] = {
|
||||
{"trace", TOK_TRACE},
|
||||
{"tracedby", TOK_TRACEDBY},
|
||||
{"readby", TOK_READBY},
|
||||
{"abi", TOK_ABI},
|
||||
|
||||
/* terminate */
|
||||
{NULL, 0}
|
||||
|
||||
Reference in New Issue
Block a user