Hello,
Am Donnerstag, 7. Januar 2016 schrieb Steve Beattie:
> On Thu, Jan 07, 2016 at 09:54:40PM +0100, Christian Boltz wrote:
> > [ more-simple_tests.diff ]
> >
> > === added file 'parser/tst/simple_tests/dbus/ok_bind_2.sd'
> > --- parser/tst/simple_tests/dbus/ok_bind
Hello,
Am Sonntag, 20. Dezember 2015 schrieb Christian Boltz:
> we need to check a rule part if it is *Rule.ALL or a string at various
> places. Therefore split off the checks in PtraceRule's and
> SignalRule's __init__() to the new _aare_or_alll() function in
> BaseRule.
>
&g
ill here? -> then it is covered
return True
Regards,
Christian Boltz
--
I have the ideal solution for you to speed up the writing of
the manuals: http://www.lipsum.com/ - I am sure almost nobody
will notice the difference. ;-) [houghi in opensuse-wiki]
signature.asc
Description: This
):
def test_borked_obj_is_covered_1(self):
obj = SignalRule.parse('signal send peer=/foo,')
Regards,
Christian Boltz
--
ist eine recht interessante rechnung:
3,5kg linux + bücher für €79,90
180g windows xp home ohne bücher €229,-
kennt jemand den feinunzenpreis von gold? er müßte
return '<%s>\n' % classname + '\n'.join(self.get_raw(1)) + ''
% classname
+else:
+return '<%s (empty) />' % classname
def add(self, rule):
'''add a rule object'''
Regards,
Christian Boltz
--
> Kann mir jemand sagen, wie unter der neuen SuSE der i
eer,
log_event=True)
+if not is_known_rule(aa[profile][hat], 'signal',
signal_event):
+
log_dict[aamode][profile][hat]['signal'].add(signal_event)
PROFILE_MODE_RE =
re.compile('^(r|w|l|m|k|a|ix|ux|px|pux|cx|pix|cix|cux|Ux|Px|PUx|Cx|Pix|Cix|CUx)+$')
Regar
:
+debug_logger.error("%s written, but not listed in 'changed' list" %
profile)
+
original_aa[profile] = deepcopy(aa[profile])
def matchliteral(aa_regexp, literal):
Regards,
Christian Boltz
--
[Glaskugel?] Ich habe früher Aufsicht im Rechnerpool an der Uni gemacht.
Irgendwie hat es die User b
})
# Below is not required I'd say
if not do_include:
Regards,
Christian Boltz
--
Lesson learned: Web service APIs can drive you crazy especially
if you mix it with asynchronous network connections
[David Williams in opensuse-project]
signature.asc
Description: This is a digitally
y,
+
unix (receive) type=dgram,
/home/*/** r,
/home/foo/** w,
+ change_profile,
+
^foo {
capability dac_override,
Regards,
Christian Boltz
--
> > of course, now everybody will claim how bad it is to fix bugs which
> > people rely on;
> No, I wont claim that, in
tEqual(params.regex, dup.regex)
+self.assertEqual(params.orig_regex, dup.orig_regex)
+self.assertEqual(params.orig_regex, dup.orig_regex)
+
setup_all_loops(__name__)
if __name__ == '__main__':
Regards,
Christian Boltz
--
Wir waren vor einiger Zeit schonmal "soweit fertig&
set()) & audit) and \
path_rule.get('file_prefix', set()):
Regards,
Christian Boltz
--
programmers' biggest strength is that they're lazy bastards.
[Claudio Freire in opensuse-factory]
signature.asc
Description: This is a digitally signed message part.
--
AppArmor mail
)
return [
_('Access mode'), access,
Regards,
Christian Boltz
--
Java Call Stack
Tief in der Scheisse
[Patrick Schaaf, FdI#545]
signature.asc
Description: This is a digitally signed message part.
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings
Hello,
Am Samstag, 26. Dezember 2015 schrieb John Johansen:
> On 12/08/2015 11:40 AM, Christian Boltz wrote:
> > $subject.
> >
> > In detail, this means:
> > - handle ptrace events in logparser.py
> > - "translate" those events in aa.py - from log (lo
ppArmor Crash Course". You can find
(slightly outdated) slides at blog.cboltz.de (search for AppArmor). If
slides aren't enough, check the DebConf15 video archives - I gave that
talk there.
Regards,
Christian Boltz
--
[CVS] Es gibt auch ein grafisches Frontend (nein, nicht d
DE04 2AAE B1B1 5196 C6A6 82EA 63C8 2F1C
uid [ultimate] Christian Boltz (www.cboltz.de) <g...@cboltz.de>
The key is available on the keyserver network.
If you prefer to receive it as mail attachment, just ask (off-list).
Regards,
Christian Boltz
--
>gehe zu 'http://www.lin
:
-raise AppArmorBug('Passed unknown object to SignalRule: %s' %
str(peer))
-
+self.peer, self.all_peers = self._aare_or_all(peer, 'peer', log_event)
@classmethod
def _match(cls, raw_rule):
Regards,
Christian Boltz
--
Non-understandable error messages are trademark
-add-DbusRule.diff ]
--- utils/apparmor/rule/dbus.py 2015-12-27 00:13:37.990086206 +0100
+++ utils/apparmor/rule/dbus.py 2015-12-27 00:13:07.714299658 +0100
@@ -0,0 +1,327 @@
+# --
+#Copyright (C) 2015 Christian Boltz <ap
'] = event.peer_profile
+ev['bus'] = event.dbus_bus
+ev['path'] = event.dbus_path
+ev['interface'] = event.dbus_interface
+ev['member'] = event.dbus_member
LibAppArmor.free_record(event)
Regards,
Christian Boltz
--
> Das ist uebrigens genau
'path'], e['name'], e['interface'], e['member'], e['peer_profile']])
else:
self.debug_logger.debug('UNHANDLED: %s' % e)
Regards,
Christian Boltz
--
programmers' biggest strength is that they're lazy bastards.
[Claudio Freire in opensuse-factory]
signature.asc
D
@@
network stream,
+ dbus send bus=session,
+
signal set=(abrt alrm bus chld fpe hup ill int kill pipe quit segv stkflt
term trap usr1 usr2),
ptrace tracedby,
Regards,
Christian Boltz
--
[tgz Datei entpacken] tar xzf
Für weitere Informationen lesen Sie bitte die Manpage
w))'
-
def parse_mount_rule(line):
# XXX Do real parsing here
return aarules.Raw_Mount_Rule(line)
Regards,
Christian Boltz
--
> ich wollte wohl eigentlich sagen / demonstrieren, dass
> Updateritis heilbar sein kann...
Das mag sein, aber der Entwöhnungsprozess kann dauern...
[> Da
-dbus.diff ]
--- utils/test/test-dbus.py 2015-12-27 00:13:43.570046876 +0100
+++ utils/test/test-dbus.py 2015-12-27 00:10:59.171207134 +0100
@@ -0,0 +1,864 @@
+#!/usr/bin/env python
+# --
+#Copyright (C) 2015 Christian Boltz
_test(self, params, expected):
+self.assertEqual(strip_parenthesis(params), expected)
+
class TestStripQuotes(AATest):
def test_strip_quotes_01(self):
self.assertEqual('foo', strip_quotes('foo'))
Regards,
Christian Boltz
--
> Und fuer die Jahre-Hiersein finde ich die zw
-regex_matches.py | 33 +
12 files changed, 1289 insertions(+), 147 deletions(-)
Regards,
Christian Boltz
--
Stell dein cron auch deine Rechneruhr? Ja?
Dann würde ich ihm nicht allzuviel mehr anvertrauen - er scheint leicht
überlastet und strebt in Riesenschritten die Rente an ;-)
[Matthias
ers != rule_obj.all_peers:
-return False
-
-if self.peer and not self.peer.is_equal(rule_obj.peer):
+if not self._is_equal_aare(self.peer, self.all_peers, rule_obj.peer,
rule_obj.all_peers, 'peer'):
return False
return True
Regards,
Christian Boltz
--
ches
or commit messages.
Yes, that's fixed since about two months (r3263) :-)
Regards,
Christian Boltz
--
> "Quite low" is 1 in 4 billion. Murphy could make me believe you saw it
> once, but not twice. You could plausibly see it in a stress test rig
This _is_ Christian :) he has
mediation. The mediation is performed in conjunction
Regards,
Christian Boltz
--
> Ich werde gerne als Frau Fischer angesprochen, Herr Fischer macht
> sich da nicht so gut.
Warum denn nicht. Vielleicht kannst Du dann ja mit der
Flugbereitschaft der Bundeswehr auf die Melediven fliegen ;o)
[&
Hello,
Am Dienstag, 24. November 2015 schrieb John Johansen:
> On 11/22/2015 07:20 AM, Christian Boltz wrote:
> > To allow a smooth transition, I propose to add a little aa-enabled
> > tool to 2.9 and 2.10 which just does
> >
> > #!/bin/sh
> > ex
mories of the
> perl code).
I already wanted to cry when I waded through the code to find out where I
need to add something for the signal log events. That's also the reason
why I added the details to the patch description - now we have an in-bzr
manual explaining how to add handling for oth
-like Pseudocode:
+ if (jobs_max > 8*n) {
+ WARN("%s: Invalid maximum number of jobs '%ld' > 8 * # of cpus,
reducing to %ld",
+ progname, jobs_max, n);
+ jobs_max = 8*n;
+ }
Regards,
Christian Boltz
--
Who is General F
(with the questions answered or
addressed), but I'll leave acking it for someone who understands C
better.
Regards,
Christian Boltz
--
Diese Signatur ist vorübergehend nicht erreichbar.
Versuchen Sie es später noch einmal oder hinterlassen
Sie eine Nachricht vor dem Signaturtrenner. Piep.
--
A
printf(_("No\n"));
How likely is it to hit this "no"?
If "not very likely" - would it make sense to print out err to make it
easier to find out what caused the "no"?
Regards,
Christian Boltz
--
> > Moin Moin,> Wann stehst Du den
plicating - there are quite some functions in
apparmor.easyprof that are also in apparmor.common. Often with nearly
the same code, but it seems apparmor.commen received more bugfixes ;-)
(comparing both files with meld is the easiest way to see the common
code)
Regards,
Christian Boltz
--
P
2015-11-29 21:13:39.121644329 +0100
@@ -0,0 +1,32 @@
+#! /usr/bin/env python
+# --
+#
+#Copyright (C) 2015 Christian Boltz <appar...@cboltz.de>
+#
+#This program is free software; you can redistribute it and/or
+#mod
runk only or if you also want those patches in 2.10.
Regards,
Christian Boltz
--
>> sorry, Zitat stammt von William Shakespeare (Hamlet)
>> das Posting sollte keinesfalls als Plagiat entlarft werden ;)
> Jaja, sonst ist dein Doktor-Titel weg. Siehe Schawan und Andere.
An welcher Uni
]}
in all rules ;-)
With or without this change,
Acked-by: Christian Boltz <appar...@cboltz.de> for trunk, 2.10 and 2.9
(Damn, my logprof.conf update also didn't include python3.5 :-/ )
Regards,
Christian Boltz
--
Du solltest mal deine sHIFT-taSTE und die ordogravieh in Ordnung
bringen. Das hilft in je
2015-11-19 17:42:26.329879090 +0100
+++ parser/apparmor.d.pod 2015-11-20 20:23:27.042844698 +0100
@@ -1230,8 +1230,10 @@
@{HOMEDIRS}
@{multiarch}
@{pid}
+ @{pids}
@{PROC}
@{securityfs}
+ @{apparmorfs}
@{sys}
@{tid}
@{XDG_DESKTOP_DIR}
Regards,
Christian Boltz
')
if not validate_log_mode(hide_log_mode(dmask)):
raise AppArmorException(_('Log contains unknown mode %s') %
dmask)
Regards,
Christian Boltz
--
Warum nochmal benutzen alle Procmail? Das ist eine Art Quiz, oder?
Wer die unleserlichtste Regel erstellt, bekommt einen Preis?
[Thorsten Haude in suse-linux
] utils: make aa-status(8) function
without python3-apparmor" mail for a proposal.
Regards,
Christian Boltz
--
Und da Du mit der Installation so wenig Probleme hast, könntest Du
doch die gesparte Zeit in ein paar Großbuchstaben investieren. Liest
sich besser am Bildschirm. Danke.
Hello,
[scroll down for an add-on patch that addresses Kshitij's comments]
Am Donnerstag, 19. November 2015 schrieb Kshitij Gupta:
> On Fri, Oct 23, 2015 at 6:30 PM, Christian Boltz wrote:
> > this patch adds the SignalRule and SignalRuleset classes
> > [ 07
@@ -112,6 +112,7 @@
/usr/bin/python3 = icn
/usr/bin/python3.3= icn
/usr/bin/python3.4= icn
+ /usr/bin/python3.5= icn
/usr/bin/tr = icn
[required_hats]
Regards,
Christian Boltz
--
> oder das absolut berauschende ;-))
> [ -d "/test/" ] || echo mkd
Hello,
Am Dienstag, 12. Januar 2016 schrieb Tyler Hicks:
> More boilerplate from aa_change_profile(2). That's what I get for
> copying from a man page that is incorrect. :)
Please send a patch to fix aa_change_profile.pod to ensure you get a
correct copy next time ;-)
Regards,
Chr
to the system log.
+Note that 'deny' rules will be enforced even in complain mode.
+
=head1 BUGS
If you find any bugs, please report them at
Regards,
Christian Boltz
--
When a device looks like a printer, acts like a printer,
and sounds like a printer, that device could be a computer
t; +from apparmor.common import AppArmorException
> +from apparmor.regex import re_match_include
The imports reordering makes sense, even if it will probably make it a
bit more interesting for my FileRule series (whoever commits last will
need to adjust the patch ;-)
To ensure a defined commit order,
', 'CMD_nx', 'CMD_ux', 'CMD_EXEC_IX_ON',
'CMD_DENY', 'CMD_ABORT', 'CMD_FINISHED'], True), # aa.py
build_x_functions() without exec_toggle
Regards,
Christian Boltz
--
> > Vielen Dank, daß du dir die Zeit nimmst, dran rumzutesten.
> Wenn Du es nicht gemerkt has
Hello,
Am Mittwoch, 1. Juni 2016, 23:06:41 CEST schrieb Kshitij Gupta:
> On Wed, Jun 1, 2016 at 5:37 AM, Christian Boltz <appar...@cboltz.de>
wrote:
> > thanks to reading the wrong directory in read_inactive_profiles()
> > (profile_dir instead of extra_profile_dir), a
Hello,
Am Dienstag, 31. Mai 2016, 17:22:16 CEST schrieb Seth Arnold:
> On Wed, Jun 01, 2016 at 02:07:10AM +0200, Christian Boltz wrote:
> > thanks to reading the wrong directory in read_inactive_profiles()
> > (profile_dir instead of extra_profile_dir), aa-genprof never asked
execute.
+
+The 'ix', 'Px', 'px', 'Cx', 'cx' and the fallback modes conflict with the deny
+modifier.
=item B
Regards,
Christian Boltz
--
Dann siehst du nämlich ganz genau, daß der Cursor blinkt, und er
hat feuerrote tote Augen, mit denen er dich anstarrt und brüllt:
".. UND WE
it a/libraries/libapparmor/swig/SWIG/libapparmor.i
> b/libraries/libapparmor/swig/SWIG/libapparmor.i index
> 69b4cc2..47213a1 100644
> --- a/libraries/libapparmor/swig/SWIG/libapparmor.i
> +++ b/libraries/libapparmor/swig/SWIG/libapparmor.i
> +extern void aa_dfa_free(struct aa_d
if only write is allowed in a profile.
Also, can you please add a parser/tst/simple_tests/dconf/ directory
with some example profiles (some with valid, some with invalid syntax)?
Regards,
Christian Boltz
--
Bugzilla beißt nicht und ist viel, viel netter als ich. ;)
[Lars Müller in opensuse-
creat() or open() with the
+O_APPEND flag. However, you'll need 'w' when using open() with O_RW | O_CREATE.
+
+This mode conflicts with Write mode.
=item B
Regards,
Christian Boltz
--
> > Ooooch, nu sei doch nicht gleich gnidderig. :-)
> Bin ich doch gar nicht :-)))
Dann i
Hello,
Am Montag, 11. Januar 2016 schrieb John Johansen:
> On 01/10/2016 07:22 AM, Christian Boltz wrote:
> > Am Freitag, 8. Januar 2016 schrieb John Johansen:
> >> diff --git a/devtools/Makefile b/devtools/Makefile
> >> new file mode 100644
> >> index
for me, also most
days of the following week except wednesday and thursday
I have only the usual topics for the meeting, which are
- rewiew my patches! (including several bugfixes) [1]
- get 2.9.3 and 2.10.1 released ASAP
so it's not too bad if I really miss the meeting ;-)
Regards,
Christian
works for people who know the wiki subdomain.
Regards,
Christian Boltz
--
> Ich hätte auch nie geglaubt, das es 10 Minuten dauern kann, bis jemand
> ohne Fehler einmal ein lspci -v fehlerfrei eingegeben hat.
Hast Du auch erwähnt, daß man anschließend die RETURN-Taste drücken muß?
4,7 +724,7 @@
"audit_write",
"audit_control",
"setfcap",
- "mac_override"
+ "mac_override",
"syslog",
};
Regards,
Christian Boltz
--
Durr, shouldn't send emails before having my morning coffee.
[Steve Beatti
efore, it segfaulted - and after bzr up, it doesn't
segfault anymore. So it seems this patch fixes "my" segfault.
Therefore I officially claim the credits for reporting this bug first ;-))
BTW: Even if it looks like this patch fixes my issue, it might be a good
idea to give my core
afterwards)
> diff --git a/utils/test/test-parser-simple-tests.py
> b/utils/test/test-parser-simple-tests.py index 304ff98..66b77ab
> 100644
> --- a/utils/test/test-parser-simple-tests.py
> +++ b/utils/test/test-parser-simple-tests.py
> @@ -47,6 +47,11 @@ exception_not_raised =
Helau!
Several of my patches didn't get a review since (much) more than a week.
Will someone review them, or should I just commit them as Acked-by
?
a) apparmor.d.pod changes (also for 2.10 and 2.9)
==> apparmor.d.pod-deny-x.diff <==
apparmor.d.pod: document 'deny x'
==>
] != 'p':
Regards,
Christian Boltz
--
> Aber sorry, habe die Schnauze voll mit Linux
Da gehört's eindeutig nicht hin. Nimm's lieber wieder raus.
[> Juergen Jaeckel und Bernd Glueckert in suse-linux]
signature.asc
Description: This is a digitally signed message part.
--
AppArmor m
('ix')
+raise AppArmorBug('exec permissions requested for
directory %s. This should not happen - please open a bugreport!' % exec_target)
else:
do_execute = True
Regards,
Christian Boltz
--
> > "Frontpage" is a M$ WYSIW
Hello,
Am Freitag, 12. Februar 2016, 03:26:36 CET schrieb Kshitij Gupta:
> On Sat, Dec 26, 2015, Christian Boltz <appar...@cboltz.de> wrote:
> > if a profile file contains multiple profiles, aa-mergeprof crashes
> > on
> > saving in write_profile() because the
Helau!
Am Sonntag, 7. Februar 2016, 05:35:25 CET schrieb Kshitij Gupta:
> On 07-Feb-2016 3:54 am, "Christian Boltz" <appar...@cboltz.de> wrote:
> > Helau!
>
> Interesting greeting! Some Viking warcry?
No, see below ;-)
> > Any comments or reviews on these
Hello,
Am Montag, 1. Februar 2016, 11:50:49 CET schrieb Seth Arnold:
> On Mon, Feb 01, 2016 at 07:35:07PM +0100, Christian Boltz wrote:
> > --- utils/test/test-aa.py 2016-01-26 22:22:14.660008000 +0100
> > +++ utils/test/test-aa.py 2016-02-01 18:53:10.085684909 +01
Review: Approve
Thanks!
Acked and merged ;-)
--
https://code.launchpad.net/~sdeziel/apparmor-profiles/unbound-remove-unneeded-caps/+merge/284673
Your team AppArmor Developers is subscribed to branch lp:apparmor-profiles.
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or
request_mask): %s'
% e)
return None
Regards,
Christian Boltz
--
Linux - und dein PC macht nie wieder blau.
signature.asc
Description: This is a digitally signed message part.
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https
/unbound.pid rw,
+ /{,var/}run/{unbound/,}unbound.pid rw,
# Unix control socket
/{,var/}run/unbound.ctl rw,
Regards,
Christian Boltz
[1] well, the two "deny capability" rules also cause failures, but
that's a known issue and will fix itsself when openSUSE gets the next
Hello,
Am Montag, 1. Februar 2016, 15:23:46 CET schrieb Simon Deziel:
> On 2016-01-31 11:56 AM, Christian Boltz wrote:
> > As a sidenote - the capabilities fowner, fsetid and sys_chroot are
> > not needed on openSUSE.
>
> sys_chroot is needed but fowner/fsetid should be dro
)
+
+elif sys.argv[1] == 'TEMPLATE':
+print('')
+print('')
+print('')
+
+else:
+raise Exception('unknown parameter in fake_ldd: %s' % sys.argv[1])
Regards,
Christian Boltz
--
"Der wahrscheinlich ärgerlichste Aspekt eines Computerprogrammes
ist die Art und Weise, in der e
Hello,
Am Dienstag, 22. Dezember 2015 schrieb Christian Boltz:
> if a profile file contains multiple profiles and one of those profiles
> contains a rule managed by a *Ruleset class,
> serialize_profile_from_old_profile() crashes with an AttributeError.
...
> [ 43-p
\\' + char)
Regards,
Christian Boltz
--
> I'm running SUPER. I've a USB mouse attached. The mouse is too
> sensitive, the cursor is moving too fast which is out of my control.
Even the mouse is performance enhanced, wow!
[> Qingjia Zhu and Peter Flodin in opensuse]
signat
Review: Approve
I never used pidgin, but the changes look sane and valid, therefore merged into
r154.
I tend to think that all gstreamer-related rules should go into
abstractions/gstreamer, but
a) that's something for a separate cleanup patch and
b) I don't really know gstreamer, so I'm not
It seems your merge request somehow got lost, sorry for that!
I'd like to see your added line
+ owner @{HOME}/.config/gtk-3.0/** r,
merged with the existing
owner @{HOME}/.config/gtk-2.0/** r,
which would result in
owner @{HOME}/.config/gtk-[23].0/** r,
If you expect the
e aa_change_hat(2) instead.
> +original profile, it may use aa_change_hat(2). Otherwise, the two
> profiles must +have rules permitting changing between the two
> profiles.
Same here - ...must have *change_profile* rules permitting...
With or without that changed,
Acked-by: Christian Boltz <
; echo === $(test) === ; $(PYTHON) -m
coverage run --branch -p $(test); )
$(PYTHON) -m coverage combine
coverage: .coverage
Regards,
Christian Boltz
--
Software and cathedrals are much the same -
first we build them, then we pray.
[Sam Redwine]
signature.asc
Description
'alg', 'nfc', 'vsock',
'mpls', 'ib', 'unspec' ]
network_type_keywords = ['stream', 'dgram', 'seqpacket', 'rdm', 'raw',
'packet']
network_protocol_keywords = ['tcp', 'udp', 'icmp']
Feel free to commit this together with your parser patch ;-)
Regards,
Christian Boltz
--
> Bei Mu
) keyword
'ptrace/bad_10.sd', # peer with invalid regex
Regards,
Christian Boltz
--
If something is red you should always worry. That's way it is red.
[Thorsten Kukuk]
signature.asc
Description: This is a digitally signed message part.
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
t time - but this time I didn't notice
it in the mail :-/ Unfortunately it only happens sometimes, which makes
it hard to find a good reproducer for a bugreport.
My *.diff file didn't have the extra spaces, so there was nothing to fix
;-)
Regards,
Christian Boltz
--
> Write the code
Hello,
Am Freitag, 19. Februar 2016, 16:12:23 CET schrieb Seth Arnold:
> On Tue, Dec 22, 2015 at 12:17:40AM +0100, Christian Boltz wrote:
> > Therefore this patch wraps the serialize_profile_from_old_profile()
> > call in try/except. If it fails, the diff will include an er
AFE))
else:
ans = 'INVALID'
-transitions[context_new] = ans
regex_options =
re.compile('CMD_(ix|px|cx|nx|pix|cix|nix)')
if regex_options.search(ans):
Regards,
Christian Bo
split_name(name):
-names = name.split('^')
-if len(names) == 1:
-return name, name
-else:
-return names[0], names[1]
def commonprefix(new, old):
match = re.search(r'^([^\0]*)[^\0]*(\0\1[^\0]*)*$', '\0'.join([new, old]))
if match:
Regards,
Christian Boltz
{'exec_target': exec_target, 'mode':mode})
else:
do_execute = True
Regards,
Christian Boltz
--
>Weil es sehr weit verbreitet ist, eingespielt und "überall drauf".
Die weite Verbreitung ist allenfalls geeignet, die kaputte Syntax
auszugle
, False):
if get_reqs(library):
reqs += get_reqs(library)
Regards,
Christian Boltz
--
The "Well" was referring to my role: as a product
manager, I am not even entitled to review the "validity
of implementation details", ... I sometime cannot resist
Hello,
Am Montag, 22. Februar 2016, 00:02:09 CET schrieb Kshitij Gupta:
> On Sun, Feb 21, 2016, Christian Boltz <appar...@cboltz.de> wrote:
> > $subject.
> >
> > This should happen rarely, but nevertheless it can happen - and
> > since
> > AppArmor need
Hello,
Am Sonntag, 21. Februar 2016, 23:53:40 CET schrieb Kshitij Gupta:
> On Sun, Feb 21, 2016 at 9:48 PM, Christian Boltz wrote:
> > according to a discussion with John on IRC, denied_mask="x" can only
> > happen for 'exec' log events. This patch raises an excep
Hello,
Am Montag, 22. Februar 2016, 02:07:42 CET schrieb Kshitij Gupta:
> On Fri, Dec 25, 2015 at 8:57 PM, Christian Boltz wrote:
> > [ 45-change-log_dict-to-profile_storage.diff ]
> >
> > === modified file ./utils/apparmor/aa.py
> > --- utils/apparmor/aa.py20
Hello,
Am Montag, 22. Februar 2016, 02:16:28 CET schrieb Kshitij Gupta:
> On Sat, Dec 26, 2015 at 9:07 PM, Christian Boltz wrote:
> > write_prof_data[hat] is correct (it only contains one profile, see
> > also bug 1528139), write_prof_data[profile][hat] is not and returns
> >
AaTestWithTempdir(AATest):
Regards,
Christian Boltz
--
But you are probably also complaining if local root exploits in the
kernel are fixed, because now you no longer can use that to become root
easily... [Stefan Seyfried in opensuse-factory]
signature.asc
Description: This is a digitally signed
NSTALLDEPS)
> install -m 755 ${TOOLS} $(DESTDIR)/sbin
>
> .PHONY: install-indep
> -install-indep:
> +install-indep: indep
> install -m 755 -d $(INSTALL_CONFDIR)
> install -m 644 subdomain.conf $(INSTALL_CONFDIR)
> install -m 644 parser.conf $(INSTALL_
-compare -Wmissing-field-initializers -Wformat-
security -Wunused-parameter
Regards,
Christian Boltz
--
>> Wo finde ich das log von Cyrus bei Opensuse 10.3.
> Hinter der Festplatte links?
Ich habe nachgesehen, dort ist das Log nicht, was nun?
[>> "Info Beilfuss", > P
fic additions and overrides. See local/README for details.
#include
Regards,
Christian Boltz
--
Alles wird gut. Nichts wird besser. :-)
[Ratti in fontlinge-devel]
signature.asc
Description: This is a digitally signed message part.
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Mod
}
Regards,
Christian Boltz
--
Teeren und federn und
t.
It sounds too simple, and it might start too many jobs in some cases,
but - why not use the total number of CPUs from the beginning instead of
the currently online CPUs?
The only possible disadvantage is running "too many" jobs - would that
do any harm?
Regards,
Christian Boltz
--
Hello,
Am Dienstag, 5. April 2016, 14:16:01 CEST schrieb John Johansen:
> On 04/05/2016 01:51 PM, Christian Boltz wrote:
> > Am Dienstag, 5. April 2016, 13:22:19 CEST schrieb Seth Arnold:
> >> On Tue, Apr 05, 2016 at 12:37:07PM -0700, John Johansen wrote:
> >>> Enabl
not be used.
>
> This patch adjusts the libapparmor version check to be aware of the
> 2.11 Beta 1 versioning.
>
> Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
Makes sense ;-)
Acked-by: Christian Boltz <appar...@cboltz.de>
Regards,
Christian Boltz
--
Die Anbieter von S
@@
capability net_bind_service,
capability setgid,
capability setuid,
+ capability sys_admin, # needed to store ACLS in the security.NTACL namespace
capability sys_resource,
capability sys_tty_config,
Regards,
Christian Boltz
--
> Genaugenommen kann es DAUs (also Mehrzahl) gar ni
Hello,
Am Samstag, 19. März 2016, 11:55:09 CET schrieb Steve Beattie:
> On Sun, Feb 21, 2016 at 03:00:06PM +0100, Christian Boltz wrote:
> > exec choices are stored in transitions[], but that's never used
> > (and I don't see a need for it), therefore stop storing it.
> >
,hosts,netgroup} rw,
/{,var/}run/{nscd/,}nscd.pid rwl,
/var/log/nscd.log rw,
+ @{PROC}/@{pid}/cmdline r,
@{PROC}/@{pid}/fd/ r,
@{PROC}/@{pid}/fd/* r,
@{PROC}/@{pid}/mounts r,
Regards,
Christian Boltz
--
Wenn's eine kaputte Platte ist: Entsorgen, Backup zurückspielen.
Wenn's kein
ofiles/apparmor.d/abstractions/ssl_keys 2016-03-27 16:32:32 +
@@ -16,3 +16,7 @@
/etc/ssl/ r,
/etc/ssl/** r,
+ # acmetool
+ /var/lib/acme/live/* r,
+ /var/lib/acme/certs/** r,
+ /var/lib/acme/keys/** r,
Regards,
Christian Boltz
--
das Gerät ist doch am USB-Port angeschlossen, also ve
Hello,
just as a reminder - we have an IRC meeting scheduled for today 20:00
UTC (that's in about 3 hours).
Regards,
Christian Boltz
--
They ARE right, you CAN secure an IIS against intrusion. First you turn
off all the services and other hooks that lets it do all the things they
brag
t (C) 2016 Christian Boltz <appar...@cboltz.de>
+#
+#This program is free software; you can redistribute it and/or
+#modify it under the terms of version 2 of the GNU General Public
+#License published by the Free Sof
901 - 1000 of 1302 matches
Mail list logo