mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-30 22:05:27 +00:00
Code Issues Releases Wiki Activity

fix: the what names can treated as a condlistid

Browse Source 
The match
  {VARIABLE_NAME}/{WS}*={WS}*\(

is too broad causing mount and dbus rules to fail for sets of values eg.

  mount options=(ro bind)

Instead of doing a broad match, for now lets lock it down to just
peer=(...) being the only cond that can cause entry into CONDLISTID

Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen
2014-04-23 11:36:26 -07:00
parent b222731c4f
commit f19c9f9511
7 changed files with 54 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
parser/parser_misc.c
View File

@@ -1150,6 +1150,17 @@ void print_value_list(struct value_list *list)
}
}
void move_conditional_value(const char *rulename, char **dst_ptr,
struct cond_entry *cond_ent)
{
if (*dst_ptr)
yyerror("%s conditional \"%s\" can only be specified once\n",
rulename, cond_ent->name);
*dst_ptr = cond_ent->vals->value;
cond_ent->vals->value = NULL;
}
struct cond_entry *new_cond_entry(char *name, int eq, struct value_list *list)
{
struct cond_entry *ent = (struct cond_entry *) calloc(1, sizeof(struct cond_entry));