Hello,
Am Freitag, 2. November 2012 schrieb Gregor Dschung:
> Gregor Dschung has proposed merging lp:~chkpnt/apparmor/patch-ruby
> into lp:apparmor.
>
> Requested reviews:
> AppArmor Developers (apparmor-dev)
>
> For more details, see:
> https://code.launchpad.net/~chkpnt/apparmor/patch-ruby/+merge/132723
>
> - the globbing as used in /etc/apparmor.d/abstrations/ruby doesn't
> work for ruby 1.9.1 - rubygems need {,32,64} in the path, too
The proposed rules will fail with 1.10 and 2.x ;-)
Since this is mostly about read permissions, what about relaxing the
rules a bit to make them version-independent and easier readable?
I'd propose to use /usr/lib{,32,64}/ruby/1.[89]*/ or even
/usr/lib{,32,64}/ruby/[1-9].[0-9]*/ to be compatible with future ruby
releases up to 9.x ;-)
Even if you don't want to do that:
> + /usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/*.rb r,
> + /usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/**/*.rb r,
You can merge these two lines to
/usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/**.rb r,
> + /usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/*-linux/*.so mr,
> + /usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/*-linux/**/*.so mr,
Same here, merge to:
/usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/*-linux/**.so mr,
> + /usr/lib{,32,64}/ruby/site_ruby/1.{[89],[89].[0-9]}/*.rb r,
> + /usr/lib{,32,64}/ruby/site_ruby/1.{[89],[89].[0-9]}/**/*.rb r,
> + /usr/lib{,32,64}/ruby/site_ruby/1.{[89],[89].[0-9]}/*-linux/*.so
mr,
> + /usr/lib{,32,64}/ruby/site_ruby/1.{[89],[89].[0-9]}/*-linux/**/*.so
mr,
Two more pairs to merge ;-)
Regards,
Christian Boltz
--
"Bei mir" läuft KDE gar nicht.
Völlig korrekt. Logisch. Aber sinnfrei.
[David Haller in opensuse-de]
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
