Hello,

Am Freitag, 2. November 2012 schrieb Gregor Dschung:
> Gregor Dschung has proposed merging lp:~chkpnt/apparmor/patch-ruby
> into lp:apparmor.
> 
> Requested reviews:
>   AppArmor Developers (apparmor-dev)
> 
> For more details, see:
> https://code.launchpad.net/~chkpnt/apparmor/patch-ruby/+merge/132723
> 
> - the globbing as used in /etc/apparmor.d/abstrations/ruby doesn't
> work for ruby 1.9.1 - rubygems need {,32,64} in the path, too

The proposed rules will fail with 1.10 and 2.x ;-)

Since this is mostly about read permissions, what about relaxing the 
rules a bit to make them version-independent and easier readable?

I'd propose to use /usr/lib{,32,64}/ruby/1.[89]*/ or even  
/usr/lib{,32,64}/ruby/[1-9].[0-9]*/ to be compatible with future ruby 
releases up to 9.x ;-)

Even if you don't want to do that:

> +  /usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/*.rb r,
> +  /usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/**/*.rb r,

You can merge these two lines to
    /usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/**.rb r,

> +  /usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/*-linux/*.so mr,
> +  /usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/*-linux/**/*.so mr,

Same here, merge to:
    /usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/*-linux/**.so mr,

> +  /usr/lib{,32,64}/ruby/site_ruby/1.{[89],[89].[0-9]}/*.rb r,
> +  /usr/lib{,32,64}/ruby/site_ruby/1.{[89],[89].[0-9]}/**/*.rb r,
> +  /usr/lib{,32,64}/ruby/site_ruby/1.{[89],[89].[0-9]}/*-linux/*.so 
mr,
> +  /usr/lib{,32,64}/ruby/site_ruby/1.{[89],[89].[0-9]}/*-linux/**/*.so 
mr,

Two more pairs to merge ;-)


Regards,

Christian Boltz
-- 
"Bei mir" läuft KDE gar nicht.
Völlig korrekt. Logisch. Aber sinnfrei.
[David Haller in opensuse-de]


-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Reply via email to