take the time then to do it myself.
> (The patch is a little larger than I'd hoped, to deal with the removal
> of the 'p' variable due to lifting get_next_to_profile() into a separate
> function.)
Ah, sure, but the final program is better off for it.
> Signed-off-by:
check call into
> the test/ subdirectory, like in the attached patch (which includes
> your updated path for aa-decode). Thanks.
>
> Also attached is a second patch that hooks in the (former) test target
> in the utils/vim/ subdirectory.
Both patches look good to me, I like t
Hello, this quick patch fixes several problems with aa-unconfined:
AttributeError: 'module' object has no attribute 'UI_Info'
AttributeError: 'module' object has no attribute 'open_file_read'
AttributeError: 'module' object has no attribute 'check_for_apparmor'
I propose this patch for trunk.
Th
ves a bogus argument to linker
> to forcibly set the SONAME in the library, as libtool will do this
> automatically (and override the passed argument).
>
> Signed-off-by: Steve Beattie
Thanks for giving this another look.
Acked-by: Seth Arnold
> ---
> libraries/liba
I propose this patch for trunk.
Signed-of-by: Seth Arnold
Thanks
Subject: libapparmor1 -> libapparmor2 in autoconf
Author: Seth Arnold
The library version has changed to 2:
AA_LIB_CURRENT = 2
AA_LIB_REVISION = 0
AA_LIB_AGE = 0
---
libraries/libapparmor/configure.ac |2 +-
1 file changed
The AppArmor development team is pleased to announce the 2.8.3 release
of the AppArmor user space components. This release is an incremental
improvement over the AppArmor 2.8.2 release, focusing on fixing bugs
in the userspace code.
The release is available from
https://launchpad.net/apparmor
Hello,
The attached patch fixes a small typo in the apparmor_parser --help
output.
The typo only exists on the 2.8 branch, trunk has this fixed already.
Signed-off-by: Seth Arnold
Thanks
=== modified file 'parser/parser_main.c'
--- parser/parser_main.c 2013-10-14 08:51:21 +
gt; file also needs to be readable.
>
> References: https://bugzilla.novell.com/show_bug.cgi?id=863226
>
> I also propose this patch for 2.8
Acked-by: Seth Arnold
for both trunk and 2.8
Thanks
>
>
> === modified file 'profiles/apparmor.d/abstractions/winbind&
Description: Remove access to pulseaudio debug socket from audio abstraction
Grant access to specific files in the /var/run/user/UID/pulse/ directory to
remove access to potentially dangerous and non-essential files such as the
debug (cli) socket provided by the module-cli-protocol-unix module.
Author: Jamie Strandboge
Description: update mod_apparmor man page for Apache 2.4 and add new
apparmor.d/usr.sbin.apache2 profile (based on the prefork profile)
---
changehat/mod_apparmor/mod_apparmor.pod |3
profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 | 79 ---
Hello, these are some patches from Ubuntu's apparmor package that are not
yet applied to upstream trunk. I have compile tested and 'make check'
tested both the library and parser after each patch with successful
results.
Some patches from the Ubuntu packaging would still be left in Ubuntu's
packag
Author: Jamie Strandboge
Description: allow mmap of fglrx dri libraries
Bug-Ubuntu: https://launchpad.net/bugs/1200392
Index: apparmor-2.8.0/profiles/apparmor.d/abstractions/X
===
--- apparmor-2.8.0.orig/profiles/apparmor.d/abstractio
Author: Jamie Strandboge
Description: CAP_EPOLLWAKEUP was added to the 3.5 series in:
http://thread.gmane.org/gmane.linux.kernel/1289986
This allows for drivers that support poll to prevent suspend. Adjust
utils/severity.db for this.
Forwarded: yes
---
utils/severity.db |1 +
1 file change
Description: Allow using sssd for group and password lookups
Index: apparmor/profiles/apparmor.d/abstractions/nameservice
===
--- apparmor.orig/profiles/apparmor.d/abstractions/nameservice 2013-11-29
13:31:27.462965841 -0500
+++ appa
Description: /etc/vdpau_wrapper.cfg needed for Firefox 18+ on quantal
Author: Micah Gersten
Modified by Seth Arnold; nvidia nvpau_wrapper.cfg permission was hoisted
up into an nvidia abstraction.
---
profiles/apparmor.d/abstractions/ubuntu-browsers.d/multimedia |3 +++
1 file changed, 3
-09-29
X-Bzr-Revision-Id: john.johan...@canonical.com-20130929085239-9w7bjjqh60gyf7f9
Refreshed by Seth Arnold
---
parser/parser_main.c | 17 +++--
1 file changed, 11 insertions(+), 6 deletions(-)
Index: b/parser/parser_main.c
Author: Jamie Strandboge
Description: chromium-browser profile
Forwarded: yes
---
profiles/apparmor.d/usr.bin.chromium-browser | 221 +++
1 file changed, 221 insertions(+)
Index: b/profiles/apparmor.d/usr.bin.chromium-browser
On Wed, Feb 05, 2014 at 10:35:58AM -0800, Steve Beattie wrote:
> Yes, much better. Acked-by: Steve Beattie
>
> With that, we can get rid of the valgrind supression that applies for
> that bit of code. Here's the patch to do that:
Also nice :)
Acked-by: Seth Arnold
>
const*) (parser_main.c:1003)
> by 0x404074: main (parser_main.c:1340)
>
> This patch quiets the warning by not using strlen(). This can be done
> because yyleng already contains the length of string.
>
> Signed-off-by: Tyler Hicks
Very nice, thanks.
Acked-by: Seth Arnold
&g
invocation like so:
>
> valgrind --suppressions=my_suppressions_file [blah blah]
> )
>
> Signed-off-by: Steve Beattie
Acked-by: Seth Arnold
Nice find, thanks
> ---
> parser/tst/valgrind_simple.py |1 +
> 1 file changed, 1 insertion(+)
>
> Index: b/parser
On Tue, Feb 04, 2014 at 05:30:20PM -0500, John Johansen wrote:
> On 02/04/2014 05:04 PM, Steve Beattie wrote:
>
> And to go along with this, lets move the short options to be right next to
> the long so its easier to update them together.
Acked-by: Seth Arnold
Nice idea, if they&#x
de the short option in the list include in the call
> to getopt_long(3). This patch adds it along with the indicator
> that it requires an argument (the different cache location) to the
> getopt_long() call.
>
> Signed-off-by: Steve Beattie
Acked-by: Seth Arnold
Thanks
> ---
[I've trimmed the Cc:, it didn't seem worthwhile to keep all this in the
Debian BTS in addition to the usual mail list archives.]
On Thu, Jan 16, 2014 at 04:15:35PM -0800, John Johansen wrote:
> It does not at the moment consider what is loaded into the kernel, but only
> works off of the cache ti
On Thu, Jan 16, 2014 at 05:03:43PM -0800, John Johansen wrote:
> Well some of this will depend on which parser version you want to support.
Argh. Leave it to me to forget that kernel, userspace, and surrounding
frameworks do not update in lockstep. Just how many dimensions does this
matrix have, a
On Thu, Jan 16, 2014 at 02:57:52PM -0800, John Johansen wrote:
> Is there a way for a trigger to notice which file was updated?
> That way we could use a trigger.
>
> If not another option that comes to mind is we could add a new flag to the
> parser that would say reload only if the cache is out
On Wed, Jan 15, 2014 at 07:30:52PM +0100, intrigeri wrote:
> Didier Raboud suggested to use dpkg triggers for what dh_apparmor
> does, and is happy to give a hand. See the attached message.
> Thank you, Didier!
>
> What do the original dh_apparmor authors / Ubuntu folks think?
> Any reason Didier
On Tue, Jan 14, 2014 at 06:16:42PM +0100, intrigeri wrote:
> confining Pidgin is a top-priority for Tails, so I've been looking
> into it to see what profile I'll integrate into the
> apparmor-profiles-extra Debian package.
>
> The Pidgin profile in lp:~apparmor-dev/apparmor-profiles/master hasn't
r the regression tests,
> mod_apparmor and pam_apparmor by making a separate libapparmor_check
> target that looks to see if an error message should be generated.
Both patches look good to me, thanks.
Acked-by: Seth Arnold
> --
> Steve Beattie
>
> http://NxNW.org/~steve/
On Fri, Dec 20, 2013 at 11:06:26PM -0800, Steve Beattie wrote:
> On Tue, Dec 10, 2013 at 01:36:10PM -0800, Seth Arnold wrote:
> > Is building against the in-tree version the "best" default?
>
> Yes. If there's been any development of the parser that depends on
>
On Fri, Dec 20, 2013 at 02:11:12PM +0100, intrigeri wrote:
> Hi,
>
> I have reported this FTBFS against the AppArmor Debian package there:
>
>http://bugs.debian.org/732695
>
> Dear upstream, any hint?
>
> Cheers,
Hey intrigeri,
There were some backwards-incompatible changes with bison 3.x
e kernel change.
>
> Signed-off-by: Tyler Hicks
Thanks for all these fixes.
Acked-by: Seth Arnold
> ---
> profiles/apparmor.d/abstractions/cups-client | 2 +-
> profiles/apparmor.d/abstractions/dbus | 2 +-
> profiles/apparmor.d/abstractions/p11-kit
cessibility bus D-Bus rules.
>
> This patch follows the lead of the dbus and dbus-session abstraction by
> granting full access to the accessibility bus.
>
> Signed-off-by: Tyler Hicks
Acked-by: Seth Arnold
> ---
> profiles/apparmor.d/abstractions/dbus-accessibility |
hose buses, bus-specific
> D-Bus mediation rules need to be added to the abstractions.
>
> Signed-off-by: Tyler Hicks
Acked-by: Seth Arnold
> ---
> profiles/apparmor.d/abstractions/dbus | 1 +
> profiles/apparmor.d/abstractions/dbus-session | 1 +
> 2 files change
yet figured out if this requires kernel modifications to
support the differential compression.
I have some questions inline.
With the caveat that I haven't looked at how well the _other_ code
will handle this, only the code in this patch:
Acked-by: Seth Arnold
> === modified file &#x
t this patch separate to keep the previous patch smaller and more
> easily reviewed.)
>
> Signed-off-by: Steve Beattie
Nice cleanup, this makes for two easier-to-review patches, so thanks for
taking the effort to split them apart. :)
Acked-by: Seth Arnold
Thanks
> ---
> pars
ading and trailing slashes can probably be handled more
cleanly, and I think I'd like to see the free(*name) calls pulled up
towards the start of expand_by_alternations(), but there's nothing worth
holding up this patch.
Acked-by: Seth Arnold
Thanks
> ---
> parser/parser
gt; PATH_MAX.
>
> While contrived, it is possible to have alternations that are longer
> than PATH_MAX that always match paths that are shorter than PATH_MAX.
>
> Signed-off-by: Steve Beattie
Acked-by: Seth Arnold
Thanks
signature.asc
Description: Digital signature
--
App
On Mon, Dec 09, 2013 at 12:37:13PM -0800, Steve Beattie wrote:
It's too late to make it through expand_by_alternations(), so just a quick
thought on these first two functions...
> +static void trim_trailing_slash(std::string& str)
> +{
> + for (std::string::reverse_iterator rit = str.rbegin()
Signed-off-by: Steve Beattie
Acked-by: Seth Arnold
Thanks
> ---
> parser/parser_regex.c | 61
> +-
> 1 file changed, 17 insertions(+), 44 deletions(-)
>
> Index: b/parser/parser_regex.c
> ==
On Tue, Dec 10, 2013 at 07:29:43PM -0800, Seth Arnold wrote:
> > Signed-off-by: Steve Beattie
>
> This review will have to happen in two stages; about half-way through I
On Thu, Dec 12, 2013 at 12:19:19AM -0800, Seth Arnold wrote:
> And the second half review...
Taking another
On Mon, Dec 09, 2013 at 12:37:11PM -0800, Steve Beattie wrote:
> This patch removes the string length limit in convert_aaregex_to_pcre()
> usage. One of the benefits to moving to C++ is the ability to use
> std::strings, which dynamically resize themselves. While it's a large
> patch, a non-trivial
On Mon, Dec 09, 2013 at 12:37:11PM -0800, Steve Beattie wrote:
> This patch removes the string length limit in convert_aaregex_to_pcre()
> usage. One of the benefits to moving to C++ is the ability to use
> std::strings, which dynamically resize themselves. While it's a large
> patch, a non-trivial
On Sun, Dec 08, 2013 at 03:41:17PM +0100, Christian Boltz wrote:
> Hello,
>
> Am Donnerstag, 5. Dezember 2013 schrieb Seth Arnold:
> > On Thu, Dec 05, 2013 at 10:50:56PM +0100, Christian Boltz wrote:
> > > as discussed on #apparmor yesterday, here's the most importan
mething cleaner. I
> particularly don't like including apparmor.h through a pre-processor option.
Thanks for tackling this, it had the potential to be a gigantic disaster
for someone.
I don't particularly love the design but have nothing better to suggest.
Is building against the in-
On Tue, Dec 03, 2013 at 12:12:28PM -0800, Steve Beattie wrote:
> This patch annotates that a couple of values emitted on failure are
> of type size_t, eliminating a couple of compiler warnings.
>
> Signed-off-by: Steve Beattie
Acked-by: Seth Arnold
> ---
> tests/r
On Tue, Dec 03, 2013 at 12:12:27PM -0800, Steve Beattie wrote:
> Signed-off-by: Steve Beattie
This is fantastic.
Acked-by: Seth Arnold
Small comments inline:
> ---
> parser/README.devel | 94
>
> 1 file changed
t;
> Signed-off-by: Steve Beattie
Acked-by: Seth Arnold
Thanks
> ---
> parser/tst/simple_tests/file/file/ok_alternations_1.sd |7 +++
> parser/tst/simple_tests/file/file/ok_alternations_2.sd |7 +++
> parser/tst/simple_tests/file/ok_alternations_1.sd
rsion
> v2: based on feedback:
> - add more alternation tests for cases where only part of the
> alternation is defined within a variable
> - mark test with nested alternations as being successful now that
> the patch that implements it was accepted
>
On Tue, Dec 03, 2013 at 12:12:24PM -0800, Steve Beattie wrote:
> This patch adds a test that verifies the parser considers an emty
> character class regex as a parse arror.
>
> Signed-off-by: Steve Beattie
Acked-by: Seth Arnold
Woo moar tests! :)
> ---
> parser/tst
-Wmissing-field-initializers]
> rlimits = { 0 };
> ^
>
> This patch fixes the issue.
>
> Signed-off-by: Steve Beattie
Acked-by: Seth Arnold
Thanks
> ---
> parser/profile.h |2 +-
> 1 file changed, 1 insertion(+), 1
at valgrind really is picky. :)
Acked-by: Seth Arnold
> ---
> parser/parser_misc.c |6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> Index: b/parser/parser_misc.c
> ===
> --- a/parser/parser_
class patterns (i.e. inside '[ ]'). This patch
> fixes the issue and adds a few unit tests around character classes.
>
> Signed-off-by: Steve Beattie
Heh, nice find, I'm curious how this was spotted. :)
Acked-by: Seth Arnold
Thanks
signature.asc
Description: Digital
On Mon, Dec 09, 2013 at 01:16:37PM -0800, Steve Beattie wrote:
> changes from there back in to trunk, especially since it looks like
> Christian and Kshitij are contributing translations via launchpad :).
Yay!
> I currently have the launchpad integration committing changes
> automatically to the
to update
any translation tables anywhere else as a result of this change?
The patch itself of course looks good :)
Acked-by: Seth Arnold
Thanks
> === modified file 'parser/parser_yacc.y'
> --- parser/parser_yacc.y2013-09-28 00:26:39 +
> +++ parser/parser_yacc.y
at look right?
>
> Correct except for the type returned, which will be ePatternRegex if I'm
> not mistaken.
Copy-and-waste for the win.
> And, I think tests for both /*/ and /**/ would be useful. So here's a
> patch:
>
> Signed-off-by: Steve Beattie
Acked-b
On Tue, Dec 03, 2013 at 12:12:20PM -0800, Steve Beattie wrote:
> Signed-off-by: Steve Beattie
Acked-by: Seth Arnold
I think one more case would be useful, to check that /**/ works as
expected:
MY_REGEX_TEST("/**/", "/[^/\\x00][^\\x00]*/", ePatternTailGlob)
cases.
>
> Signed-off-by: Steve Beattie
Acked-by: Seth Arnold
Thanks, these are real mind-benders of patches.
> ---
> parser/parser_regex.c | 18 +++---
> 1 file changed, 15 insertions(+), 3 deletions(-
On Tue, Dec 03, 2013 at 12:12:18PM -0800, Steve Beattie wrote:
> Signed-off-by: Steve Beattie
Acked-by: Seth Arnold
Thanks
> ---
> parser/tst/Makefile |2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> Index: b/p
overage extensions consistent in clean targets
>
> Signed-off-by: Steve Beattie
Acked-by: Seth Arnold
Thanks
> ---
> parser/Makefile|9 -
> parser/libapparmor_re/Makefile |2 +-
> parser/tst/Makefile|1 +
> 3 files chan
es to make sure that eavesdropping confinement is
> working as intended.
>
> Signed-off-by: Tyler Hicks
This looks mostly good, a few small comments inline. Address them as you
wish.
Acked-by: Seth Arnold
Thanks
> ---
> tests/regression/apparmor/Makefile | 5
On Tue, Nov 19, 2013 at 06:16:24PM -0800, Tyler Hicks wrote:
> Rules using implied permissions may pick up the eavesdropping
> permission, depending on the conditionals present in the rule.
>
> Signed-off-by: Tyler Hicks
Acked-by: Seth Arnold
> ---
> parser/ts
On Tue, Nov 19, 2013 at 06:16:23PM -0800, Tyler Hicks wrote:
> Make the dbus rule generator knowledgeable of the eavesdrop permission.
>
> Signed-off-by: Tyler Hicks
Acked-by: Seth Arnold
> ---
> parser/tst/gen-dbus.pl | 6 ++
> 1 file changed, 6 insertions(+)
>
On Tue, Nov 19, 2013 at 06:16:22PM -0800, Tyler Hicks wrote:
> Signed-off-by: Tyler Hicks
Acked-by: Seth Arnold
Thanks
> ---
> parser/apparmor.d.pod | 15 ---
> 1 file changed, 12 insertions(+), 3 deletions(-)
>
> diff --git a/parser/apparmor.d.pod b/par
On Thu, Nov 07, 2013 at 11:35:53AM -0800, John Johansen wrote:
> Good question. I'm not really sure. I know I don't want to support all of it
> but I would like to have more than we have. I think the set available in
> aare globbing should be smaller than the set we make available in the
> pcre syn
On Thu, Dec 05, 2013 at 10:50:56PM +0100, Christian Boltz wrote:
> as discussed on #apparmor yesterday, here's the most important patch
> we've ever seen ;-)
>
> References: https://bugzilla.novell.com/show_bug.cgi?id=853661
>
>
> === modified file 'parser/apparmor.pod'
> --- parser/apparmor.po
On Thu, Nov 28, 2013 at 12:03:06PM +0400, Vladimir Kozlov wrote:
> I'm trying to find a way to restrict network access to local subnet for
> some programs. I've found that in AppArmor documentation there is a mention
> of such a possibility (
> http://wiki.apparmor.net/index.php/ProfileLanguage#Net
On Tue, Nov 05, 2013 at 05:35:00AM -0800, John Johansen wrote:
> Signed-off-by: John Johansen
Very nearly same question with MAY_ACCESS as MAY_CHDIR;
both nfs_permission() and fuse_permission() as well as
probe_sysfs_permissions() use MAY_ACCESS. And again, I believe this patch
as written is corr
On Tue, Nov 05, 2013 at 05:35:01AM -0800, John Johansen wrote:
> Signed-off-by: John Johansen
Acked-by: Seth Arnold
> ---
> security/apparmor/audit.c | 1 +
> security/apparmor/include/audit.h | 1 +
> security/apparmor/lsm.c | 13 +
> 3
On Tue, Nov 05, 2013 at 05:34:59AM -0800, John Johansen wrote:
> Signed-off-by: John Johansen
Acked-by: Seth Arnold
Thanks
> ---
> security/apparmor/audit.c | 1 +
> security/apparmor/include/audit.h | 1 +
> security/apparmor/lsm.c | 13 +
>
On Tue, Nov 05, 2013 at 05:34:58AM -0800, John Johansen wrote:
> Signed-off-by: John Johansen
Both nfs_permission() and fuse_permission() use MAY_CHDIR without an
obvious security hook nearby. (The chroot() syscall does have a nearby
security_path_chroot() call.) Should this patch add security_pa
- correctly return 0 on a successful run and an error code if one
> or more test cases fail.
> - point LD_LIBRARY_PATH at the in-tree libapparmor build.
> - split out some utility functions into testlib.py, for possible
> use by other to be written test scripts
>
cript had in that situation. So here's a patch that skips the
> testcases when the apparmor filesystem can't be found. Sigh.
>
> Signed-off-by: Steve Beattie
Hooray for quickly catching the culprit, when it's still easy to spot.
Acked-by: Seth Arnold
Thanks!
> --
On Wed, Oct 23, 2013 at 06:41:51PM -0700, Steve Beattie wrote:
> This patch adds a parser make variable and a make target for building
> the compiler with coverage compilation flags. With this, coverage
> information can be generated by running tests/test suites against the
> built parser and run t
> --
> 2 files changed, 6 insertions(+), 178 deletions(-)
I think I'd have liked to see the caching.py added also in this patch, it
seems odd to ACK a patch that removes so much but doesn't put anything
back... slight whinging asid
anks.
Acked-by: Seth Arnold
> ---
> parser/tst/caching.py | 24 +---
> parser/tst/testlib.py |6 --
> 2 files changed, 13 insertions(+), 17 deletions(-)
>
> Index: b/parser/tst/caching.py
> ==
On Wed, Oct 23, 2013 at 06:41:48PM -0700, Steve Beattie wrote:
> With the C++-ization of the parser, some functions were renamed or
> eliminated; this patch fixes the relevant valgrind false positive suppression
> pattern to match.
>
> Signed-off-by: Steve Beattie
Acked-by: Seth
performance improvements. My mind goes in
circles a little bit untangling the normalize() vs normalize_eps()
methods, but it all feels like it hangs together as it should.
Acked-by: Seth Arnold
Thanks
> ---
> parser/libapparmor_re/expr-tree.cc | 96
> ++---
ps://bugzilla.novell.com/show_bug.cgi?id=852018
>
> I propose this patch for trunk and the 2.8 branch.
Acked-by: Seth Arnold
(It doesn't match what our ca-certificates version 20130906 does, I
presume it will match some day, though.. :)
Thanks!
>
> === modified file &#
On Fri, Nov 22, 2013 at 11:01:59AM -0800, Tyler Hicks wrote:
> > > diff --git a/parser/dbus.c b/parser/dbus.c
> > > index d408478..f5aaca2 100644
> > > --- a/parser/dbus.c
> > > +++ b/parser/dbus.c
> > > @@ -18,6 +18,7 @@
> > >
> > > #include
> > > #include
> > > +#include
> > >
> > > #in
macros, except AA_CLASS_DBUS, from
> libapparmor's apparmor.h header. These macros are already defined in the
> parser's policydb.h header.
>
> Signed-off-by: Tyler Hicks
Acked-by: Seth Arnold
> ---
> libraries/libapparmor/src/apparmor.h | 15 +--
>
"parser.h"
> #include "profile.h"
Note that this means to use the system apparmor.h rather than a version
in the source directory where the parser is being compiled.
This is probably the desired behavior but I wanted to point it out all the
same. :)
Thanks Tyler,
Ack
On Wed, Nov 20, 2013 at 07:24:12AM -0800, Tyler Hicks wrote:
> > > @@ -50,6 +50,7 @@ __BEGIN_DECLS
> > >
> > > #define AA_DBUS_SEND AA_MAY_WRITE
> > > #define AA_DBUS_RECEIVE AA_MAY_READ
> > > +#define AA_DBUS_EAVESDROP(1 << 5)
> > > #define AA_DBUS_BIND
On Tue, Nov 19, 2013 at 06:25:06PM -0800, Tyler Hicks wrote:
> The new logic is a little more future proof when adding new D-Bus
> permissions.
I wish I'd read this description first :) but I came to much the same
conclusion, that this logic is both more understandable and more likely to
work in t
n the bus conditional. Any other
> conditionals are not compatible with eavesdropping rules and the parser
> will return an error.
>
> Signed-off-by: Tyler Hicks
Acked-by: Seth Arnold
Small notes inline..
> ---
> libraries/libapparmor/src/apparmor.h | 1 +
> pars
es/apparmor.d/abstractions/dbus-session
> @@ -10,4 +10,5 @@
> # --
>
>/usr/bin/dbus-launch ix,
> + /etc/machine-id r,
>/var/lib/dbus/machine-id r,
> --
> 1.8.3.2
Okay, I've now learned enough that thi
gt;
> I propose the patch for 2.8 and trunk (the patch is for 2.8, but it
> should apply to trunk without problems)
Ack for both 2.8 and trunk.
Acked-by: Seth Arnold
> === modified file 'profiles/apparmor.d/usr.sbin.nmbd'
> --- profiles/apparmor.d/usr.sbin.nmbd 2011-08
the typeof builtin),
> the patch also adds/converts to using -std=gnu++c0x in the build
> rules (which conveniently eliminates some other warnings we had due
> to other c++11-isms).
Very nice. I certainly don't mind using gnuisms, compiling on a platform
where clang is the compile
2.8 and trunk.
Acked-by: Seth Arnold
Acked for both 2.8 and trunk.
Thanks
> === modified file 'profiles/apparmor.d/usr.sbin.ntpd'
> --- profiles/apparmor.d/usr.sbin.ntpd 2013-10-03 13:35:56 +
> +++ profiles/apparmor.d/usr.sbin.ntpd 2013-11-14 20:36:47 +
> @@ -40,
On Wed, Nov 13, 2013 at 09:38:55PM -0800, Jeroen Ooms wrote:
> After a long peer review process, the paper about using AppArmor with
> the R statistical computing language has been published in Volume 55
> of the Journal of Statistical Software:
> http://www.jstatsoft.org/v55/i07. The Journal of St
On Mon, Nov 04, 2013 at 05:28:22PM -0800, John Johansen wrote:
> > + //MY_REGEX_TEST("\\", "\\", ePatternBasic);
> > + MY_REGEX_TEST("", "", ePatternBasic);
> > + //MY_REGEX_TEST("\\blort", "\\blort", ePatternBasic);
> > + MY_REGEX_TEST("blort", "blort", ePatternBasic);
> >
ly, thanks
>
> Well, part of the slowdown was me writing some unit tests for that
> function. Here's the patch that does that:
>
> Signed-off-by: Steve Beattie
Acked-by: Seth Arnold
Note that the strdup() strings aren't ever free()d. It's probably fine for
tests
On Fri, Nov 01, 2013 at 05:31:53PM -0700, Tyler Hicks wrote:
> The libapparmor_wrap.c target generates libapparmor_wrap.c and
> LibAppArmor.pm. The Perl module must exist before `perl Makefile.PL`
> under the Makefile.perl target, otherwise the generated Makefile.perl
> ends up with an empty $(TO_I
atch submission).
>
> And here's the same fix for the 2.8 branch (which doesn't have the dbus
> patches applied, so is slightly different)
>
> Signed-off-by: Steve Beattie
Acked-by: Seth Arnold
Thanks
> ---
> parser/tst/Makefile |4 ++--
ed
> with parallelism (e.g. make check -j4). This patch against trunk fixes
> the issue (it's a subset of the '[patch 6/8] parser - use new caching
> test script' patch from my last patch submission).
>
> Signed-off-by: Steve Beattie
Acked-by: Seth Arnold
Unrelated except
On Sun, Oct 27, 2013 at 12:11:49AM +0200, Christian Boltz wrote:
> Hello,
>
> this patch fixes some minor issues in parser/po/de.po
>
> I propose this patch for trunk only - fortunately nothing is critical
> enough for a backport to 2.8;-)
Acked-by: Seth Arnold
Danke!
>
On Wed, Oct 23, 2013 at 10:21:01AM +0200, intrigeri wrote:
> > FYI, I don't think this needs to be done now, but I've found the audio
> > abstraction a bit wide in modern distributions and I will probably be
> > proposing
> > a patch set in the future that breaks both gstreamer and pulseaudio out
On Thu, Oct 17, 2013 at 08:54:18PM -0400, Jeroen Ooms wrote:
> This is not directly related to AppArmor, but since apparmor allows
> setting rlimits in profiles I was wondering if anyone has noticed
> problems with setrlimit in recent kernels?
>
> I upgraded to Ubuntu Saucy (13.10) today and have
On Fri, Sep 20, 2013 at 10:10:45AM +0530, Kshitij Gupta wrote:
> If someone will ever read the code they'll probably wonder what LANG=C
> is supposed to do? and in some weird case if it happens that someone
> has netstat with a translation local 'C' (very unlikely ;-) we might
> get into a problem.
ve been a royal headache. :) But it looked
good, at least for as long as I could focus on it.
> Subject: add optional allow prefix to the language
> From: John Johansen
Acked-by: Seth Arnold
Thanks!
signature.asc
Description: Digital signature
--
AppArmor mailing list
AppArmor@lists.ubu
On Wed, Sep 18, 2013 at 12:35:56PM +, intrig...@debian.org wrote:
> From: intrigeri
Acked-by: Seth Arnold
Thanks
> It needs it in addition to ed.
> ---
> ubuntu/13.10/usr.sbin.apt-cacher-ng | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/ubuntu/13.10/usr.sb
801 - 900 of 1195 matches
Mail list logo
