Hello, Am Mittwoch, 25. Mai 2016, 16:09:58 CEST schrieb Tyler Hicks: > On 05/25/2016 03:59 PM, Tyler Hicks wrote: > > The purpose of this patch set is to modify the change_profile rule > > syntax to allow the policy author to specify if AT_SECURE in the > > kernel's auxiliary vector should be set (see the getauxval man page > > for details). The AT_SECURE value determines if libc will scrub the > > newly executed program's environment.> > > See the following bug for more details: > > https://launchpad.net/bugs/1584069
I looked through the patchset and didn't notice any obvious errors. > As mentioned in the bug, these changes need accompanying utils/ > updates. I haven't looked at the utils/ in quite some time and wanted > to go ahead and get the lower level changes out for review. If you want to implement this, have a look at utils/apparmor/rule/ change_profile.py and utils/test/test-change_profile.py. (luckily change_profile is already implemented as a class, which should make the change easy.) Note: change_profile log events are not handled yet. When we implement this, we'll probably have to add a question in aa-logprof to ask the user about safe vs. unsafe. Another missing part in your patch is an update for apparmor.vim.in - I'll send a patch for it. > I also > still cannot successfully run `make check` in utils/ so I'm hesitant > to try to make any changes to that code. That probably counts as a bug ;-) Can you please post the error message you see? (Maybe in a new thread to avoid cluttering up this patchset, or on IRC for a faster roundtrip time) Needless to say that the tests work for me, but maybe your system differs in some interesting[tm] details. Regards, Christian Boltz -- The former solution seems to be a lot of "monkey work", [...] I don't think it would be viable on a long term approach. We better succeed in the latter approach.. or buy lot of banana :) [Rémy Marquis in opensuse-wiki]
signature.asc
Description: This is a digitally signed message part.
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
