That worked! I swear I tried every possible combination of leading slashes yesterday with no luck, but this format does appear to work for me.
The reason I did it this way is because the example on https://manpages.ubuntu.com/manpages/focal/man5/apparmor.d.5.html defines @{HOME} = /home/<file://home/>*/ /root/<file://root/> […] /@{HOME}/.foo_file rw, Is the example incorrect? Thanks, Ian From: Ryan Lee <ryan....@canonical.com> Sent: Friday, February 7, 2025 1:06 PM To: Ian Merin <ian.me...@entrust.com> Cc: apparmor@lists.ubuntu.com Subject: [EXTERNAL] Re: [apparmor] policy variables not working as intended Hi Ian, Can you check if the rule @{lib}/**. so* mr, works for you? If so, the issue is that your use of the variable creates a rule that starts with two slashes, which currently isn't collapsed down into a single slash. You can check https: //gitlab. com/apparmor/apparmor/-/issues/450 Hi Ian, Can you check if the rule @{lib}/**.so* mr, works for you? If so, the issue is that your use of the variable creates a rule that starts with two slashes, which currently isn't collapsed down into a single slash. You can check https://gitlab.com/apparmor/apparmor/-/issues/450<https://urldefense.com/v3/__https:/gitlab.com/apparmor/apparmor/-/issues/450__;!!FJ-Y8qCqXTj2!f9oWyuGcS34NJiZS203lli6FcfWdViVkOl3Xavc2LT8mzO9fpEOFbKj284WaKyRWIp0UW1p2TpDGnhH1qrQ$> for more information. Ryan On Fri, Feb 7, 2025 at 9:50 AM Ian Merin <ian.me...@entrust.com<mailto:ian.me...@entrust.com>> wrote: I’ve looked for documentation on variables to determine if I am using them incorrectly but I cannot find very much information about variables. I have created a variable @{lib}=/{,usr/}lib{,64}/ And created a rule as such /@{lib}/**.so*<mailto:/@%7blib%7d/**.so*> mr, This rule appears to do nothing. If I substitute the value of @{lib} into the rule: /{,usr/}lib{,64}/**.so* mr, It works exactly as I expect it to. I have tried every possible combination of slashes for the variable with no luck. As far as I can tell, on apparmor and libapparmor v 3.1.2 Thanks, Ian Any email and files/attachments transmitted with it are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.
