mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
fix: the what conditional names can be a condlistid
The match
{VARIABLE_NAME}/{WS}*={WS}*\(
is too broad causing mount and dbus rules to fail for sets of values eg.
mount options=(ro bind)
Instead of doing a broad match, for now lets lock it down to just
peer=(...) being the only cond that can cause entry into CONDLISTID
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
This commit is contained in:
John Johansen
parent
f19c9f9511
commit
559f0a72fa
1 changed files with 1 additions and 1 deletions
|
|
@ -301,7 +301,7 @@ LT_EQUAL <=
|
|||
}
|
||||
|
||||
<INITIAL,MOUNT_MODE,DBUS_MODE,SIGNAL_MODE>{
|
||||
{VARIABLE_NAME}/{WS}*={WS}*\( {
|
||||
peer/{WS}*={WS}*\( {
|
||||
/* we match to the = in the lexer so that we can switch scanner
|
||||
* state. By the time the parser see the = it may be too late
|
||||
* as bison may have requested the next token from the scanner
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue