[apparmor] [patch] delete traces of program-chunks from apparmor.d(5)
Hello,
this patch removes the last traces of the program-chunks directory,
which I just found in the apparmor.d manpage.
I propose this patch for trunk and 2.9
[ apparmor.d.pod--program-chunks.diff ]
=== modified file 'parser/apparmor.d.pod'
--- parser/apparmor.d.pod 2014-12-19 01:14:26 +
+++ parser/apparmor.d.pod 2015-02-26 16:44:33 +
@@ -1192,10 +1192,6 @@
=back
-The abstractions stored in F are
-intended for use by specific program suites, and are not generally
-useful.
-
Some of the abstractions rely on variables that are set in files in the
F directory. These variables are currently
B<@{HOME}> and B<@{HOMEDIRS}>. Variables cannot be set in profile
scope;
Regards,
Christian Boltz
--
Microsoft is a cross between The Borg and the Ferengi. Unfortunately
they use Borg to do their marketing and Ferengi to do their programming.
[Simon Slavin in the SDM]
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] New LibreOffice Profile
Hello,
Am Donnerstag, 5. Februar 2015 schrieb Bryan Quigley:
> I've taken a few stabs (and followed a few others) at creating a
> useful LibreOffice profile (attached, previous iterations[1]).
>
> This profile should not be turned on by default because:
That means it should probably live in the extra profiles directory, with
the disadvantage that not too many people look into it or use it.
> Will not open a file without an known extension
> Will not open rw a file if it's not under /media or /home.
That doesn't match your soffice.bin profile, see below for a possible
solution.
> The permissions are quite lenient (due to file selector) but I believe
> it still provides advantages.
Indeed, the soffice.bin comes with an impressive collection of
abstractions and other permissions. (I hope you have good reasons for
each of them ;-)
Maybe you should add a comment explaining exactly that:
"What this profile will / will not do"
> [1] https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1284507
To answer your follow-up first - it seems most people are currently too
busy to review patches. I'm suffering from that myself - as you probably
noticed, I have some patches pending without feedback...
Anyway, I just looked at your profiles.
The xpdfimport looks good.
Just to be sure - does it really only need write access to temp files?
Nitpicking:
- if the tempfiles use a defined name scheme (for example
/tmp/xpdfimport.*), you should use that (with "owner" keyword) instead
of abstractions/user-tmp
- OTOH, instead of all the /lib* and /usr/lib* permissions, you could
use the slightly more permissive abstractions/base to simplify
the profile
The soffice.bin profile is a bit more interesting ;-)
/**.[hH][tT][mM]? rwk, # html, htm, etc
/**.[xX][hH][tT][mM]? rwk, # x^
This doesn't match the comment - the rules will match *.html and *.xhtml
(and also *.htma, which you probably don't want), but not *.htm and
*.xhtm.
You can merge both lines into
/**.{,x,X}[hH][tT][mM]{,l,L} rwk, # htm, html, xhtm, xhtml
or add separate lines to have it more readable)
/**.[pP][nN][gG]? rw,
/**.[sS][vV][gG]? rw,
Those mean .svgX and pngX, where X is any char. I'd guess you should
delete the ? ;-)
/**.[dD][oO]* rwk,
/**.[xX][lL]* rwk,
/**.[pP][pP]* rwk,
/**.[pP][oO][tT]* rwk,
might be a bit broad - if possible, replace * with a set of letters.
Another option might be to define a variable with all those extensions,
for example
@{libreoffice_ext} = [oO][dD]? [oO][tT]? # .od*, .ot*
@{libreoffice_ext} += [fF][oO][dD]? # .fod*
@{libreoffice_ext} += [xX][mM][lL] # .xml
By using +=, you can keep the definition readable.
The advantage of using a variable is that it makes the profile a bit
more readable and even allows to restrict in which directories you allow
write access. You could do something like
/**.@{libreoffice_ext} r, # read from everywhere and everybody
owner @{HOME}/**.@{libreoffice_ext} rw, # write own files in $HOME
owner /tmp/**.@{libreoffice_ext} rw, # ... and own files in /tmp
That all said - I didn't find anything that looks wrong in your
profiles, so I'm willing to commit them to the extra-profiles directory
with the above answered and (optionally) some of my proposed changes
included.
Regards,
Christian Boltz
--
> Alle Distributionen saugen - die Schmerzen sind nur *anders*
Für die einen ist es Linux, für die anderen der flexibelste
Schmerzbaukasten der Welt. [> G. Doering + Oli Schad]
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] [patch] delete traces of program-chunks from apparmor.d(5)
On 2015-02-26 17:48:47, Christian Boltz wrote:
> Hello,
>
> this patch removes the last traces of the program-chunks directory,
> which I just found in the apparmor.d manpage.
>
> I propose this patch for trunk and 2.9
Acked-by: Tyler Hicks
Tyler
>
>
>
> [ apparmor.d.pod--program-chunks.diff ]
>
> === modified file 'parser/apparmor.d.pod'
> --- parser/apparmor.d.pod 2014-12-19 01:14:26 +
> +++ parser/apparmor.d.pod 2015-02-26 16:44:33 +
> @@ -1192,10 +1192,6 @@
>
> =back
>
> -The abstractions stored in F are
> -intended for use by specific program suites, and are not generally
> -useful.
> -
> Some of the abstractions rely on variables that are set in files in the
> F directory. These variables are currently
> B<@{HOME}> and B<@{HOMEDIRS}>. Variables cannot be set in profile
> scope;
>
>
>
>
> Regards,
>
> Christian Boltz
> --
> Microsoft is a cross between The Borg and the Ferengi. Unfortunately
> they use Borg to do their marketing and Ferengi to do their programming.
>[Simon Slavin in the SDM]
>
>
> --
> AppArmor mailing list
> AppArmor@lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/apparmor
signature.asc
Description: Digital signature
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] [patch] fix build with GCC 5
On 2015-02-24 14:46:55, Christian Boltz wrote:
> Hello,
>
> I received the following patch to fix the build with GCC 5.
> (The patch is for 2.9.1 and should be applied to trunk and 2.9.)
>
> Note: It seems the dbus.cc change was already done in trunk in exactly
> the same way as in the patch, but not in the 2.9 branch.
Steve proposed nearly the same fix to af_rule.cc here:
https://lists.ubuntu.com/archives/apparmor/2015-February/007205.html
It received a half-ack from John and an ack from Seth. It sounds like
Steve is free to commit the patch now.
Tyler
>
> Can someone who knows the parser code please review this patch?
>
> - Weitergeleitete Nachricht -
> Von: Richard Biener
> Betreff: Request 287520 created by rguenther (submit
> security:apparmor/apparmor)
> Datum: Dienstag, 24. Februar 2015
>
> Visit https://build.opensuse.org/request/show/287520
>
> Description:
> - add apparmor-fix-stl-ostream.diff which fixes odd uses of
> std::ostream which are not valid. Fixes build with GCC 5
>
> [...]
>
> ++ apparmor-fix-stl-ostream.diff (new)
> --- apparmor-fix-stl-ostream.diff
> +++ apparmor-fix-stl-ostream.diff
> @@ -0,0 +1,35 @@
> +Index: parser/dbus.cc
> +===
> +--- parser/dbus.cc.orig 2014-10-08 22:20:20.0 +0200
> parser/dbus.cc 2015-02-24 14:10:15.656288643 +0100
> +@@ -149,7 +149,7 @@ ostream &dbus_rule::dump(ostream &os)
> + if (interface)
> + os << " interface=\"" << interface << "\"";
> + if (member)
> +-os << " member=\"" << member << os << "\"";
> ++os << " member=\"" << member << "\"";
> +
> + if (!(mode & AA_DBUS_BIND) && (peer_label || name)) {
> + os << " peer=( ";
> +Index: parser/af_rule.cc
> +===
> +--- parser/af_rule.cc.orig 2014-09-03 22:34:10.0 +0200
> parser/af_rule.cc2015-02-24 14:14:31.851251654 +0100
> +@@ -148,11 +148,14 @@ ostream &af_rule::dump_peer(ostream &os)
> +
> + ostream &af_rule::dump(ostream &os)
> + {
> +-os << dump_prefix(os);
> ++dump_prefix(os);
> + os << af_name;
> +-os << dump_local(os);
> ++dump_local(os);
> + if (has_peer_conds())
> +-os << " peer=(" << dump_peer(os) << ")";
> ++ {
> ++os << " peer=(";
> ++dump_peer(os) << ")";
> ++ }
> + os << ",\n";
> +
> + return os;
>
>
> [...]
> -
>
>
> Regards,
>
> Christian Boltz
> --
> It's too bad that the universities don't have the ability to
> teach common sense. :-) [Ken Schneider in opensuse-factory]
>
>
> --
> AppArmor mailing list
> AppArmor@lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/apparmor
signature.asc
Description: Digital signature
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] [patch] delete traces of program-chunks from apparmor.d(5)
On Thu, Feb 26, 2015 at 05:48:47PM +0100, Christian Boltz wrote:
> Hello,
>
> this patch removes the last traces of the program-chunks directory,
> which I just found in the apparmor.d manpage.
>
> I propose this patch for trunk and 2.9
Oh my yes. I can't ack this quickly enough. :)
Acked-by: Seth Arnold
I hope you can all forgive me for the horrible thing in the first place.
Thanks
>
> [ apparmor.d.pod--program-chunks.diff ]
>
> === modified file 'parser/apparmor.d.pod'
> --- parser/apparmor.d.pod 2014-12-19 01:14:26 +
> +++ parser/apparmor.d.pod 2015-02-26 16:44:33 +
> @@ -1192,10 +1192,6 @@
>
> =back
>
> -The abstractions stored in F are
> -intended for use by specific program suites, and are not generally
> -useful.
> -
> Some of the abstractions rely on variables that are set in files in the
> F directory. These variables are currently
> B<@{HOME}> and B<@{HOMEDIRS}>. Variables cannot be set in profile
> scope;
>
>
signature.asc
Description: Digital signature
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] [patch] more gcc 5 errors
On Tue, Feb 17, 2015 at 03:31:13PM -0800, John Johansen wrote: > yeah, basically, I don't think our use of dump returning ostream& > is a good use. the << operator is infix and transforms the code > which you don't get with the direct fn/method call. So it becomes > hard to correctly mix dump() with << > > dump(cerr, ...) << "foo"; > > is good but > cerr << dump(cerr, ...) << foo; > > is not, because as you said it results in << calling > > ostream &operator<<(ostream &, ostream&) instead of > > ostream &operator<<(ostream &, type) > > > as opposed to e.g. calling: > > > > os << state; > > > > which would be > > > > operator<<(os, state); > > > > and with types > > > > ostream &operator<<(ostream &os, const State &state) > > > yeah basically, I'm just baffled why it ever worked > > > I'm *guessing* gcc-4.9 maybe had some glue that would paper over > > that, but searching online hasn't turned up anything that I can see > > that references any changes in behavior here. (Nothing obvious at > > https://gcc.gnu.org/gcc-5/changes.html jumps out at me.) > > > Maybe, but it has worked in I think 3.x and 4.x Well, not really: $ ./apparmor_parser -d -Q tst/simple_tests/unix/ok_shutdown_3.sd - Debugging built structures - Name: a_profile Profile Mode: Enforce 0x6f8508unix ()addr='@HypotheticalServiceDaemon'0x6f8508, (trunk built with gcc-4.9, same result with gcc-4.6 on ubuntu 12.04.) Anyway, I'm going to go ahead and commit the patch I submitted. -- Steve Beattie http://NxNW.org/~steve/ signature.asc Description: Digital signature -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] [patch] fix minitools to work with multiple profiles at once
Hi,
On Fri, Feb 20, 2015 at 11:52:43PM +0100, Christian Boltz wrote:
> this patch fixes the minitools (aa-audit, aa-complain, aa-enforce,
> aa-autodep) to work with multiple profiles at once.
>
> The "trick" to fix the minitools is to call read_profiles() outside of
> the for loop.
>
> References: https://bugs.launchpad.net/apparmor/+bug/1378095
>
> I propose this patch for trunk and the 2.9 branch.
Acked-by: Steve Beattie for trunk and 2.9.
(Please use '--fixes lp:1378095' when committing, it'll make things easier
for me when writing the 2.9.2 release notes. Thanks)
> [ tools-fix-multi-profile.diff ]
>
> === modified file 'utils/apparmor/tools.py'
> --- utils/apparmor/tools.py 2014-10-07 13:06:01 +
> +++ utils/apparmor/tools.py 2015-02-20 21:55:40 +
> @@ -83,12 +83,12 @@
> yield (program, profile)
>
> def act(self):
> +apparmor.read_profiles()
> +
> for (program, profile) in self.get_next_to_profile():
> if program is None:
> program = profile
>
> -apparmor.read_profiles()
> -
> if not program or not(os.path.exists(program) or
> apparmor.profile_exists(program)):
> if program and not program.startswith('/'):
> program = aaui.UI_GetString(_('The given program cannot
> be found, please try with the fully qualified path name of the program: '),
> '')
> @@ -148,9 +148,10 @@
> raise apparmor.AppArmorException(cmd_info[1])
>
> def cmd_enforce(self):
> +apparmor.read_profiles()
> +
> for (program, profile) in self.get_next_to_profile():
>
> -apparmor.read_profiles()
> output_name = profile if program is None else program
>
> if not os.path.isfile(profile) or
> apparmor.is_skippable_file(profile):
> @@ -166,9 +167,10 @@
> raise apparmor.AppArmorException(cmd_info[1])
>
> def cmd_complain(self):
> +apparmor.read_profiles()
> +
> for (program, profile) in self.get_next_to_profile():
>
> -apparmor.read_profiles()
> output_name = profile if program is None else program
>
> if not os.path.isfile(profile) or
> apparmor.is_skippable_file(profile):
> @@ -184,9 +186,10 @@
> raise apparmor.AppArmorException(cmd_info[1])
>
> def cmd_audit(self):
> +apparmor.read_profiles()
> +
> for (program, profile) in self.get_next_to_profile():
>
> -apparmor.read_profiles()
> output_name = profile if program is None else program
>
> if not os.path.isfile(profile) or
> apparmor.is_skippable_file(profile):
> @@ -207,13 +210,13 @@
> raise apparmor.AppArmorException(cmd_info[1])
>
> def cmd_autodep(self):
> +apparmor.read_profiles()
> +
> for (program, profile) in self.get_next_to_profile():
> if not program:
> aaui.UI_Info(_('Please pass an application to generate a
> profile for, not a profile itself - skipping %s.') % profile)
> continue
>
> -apparmor.read_profiles()
> -
> apparmor.check_qualifiers(program)
>
> if os.path.exists(apparmor.get_profile_filename(program)) and
> not self.force:
>
--
Steve Beattie
http://NxNW.org/~steve/
signature.asc
Description: Digital signature
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
