Re: [apparmor] [Merge] lp:~chkpnt/apparmor/patch-ruby into lp:apparmor

2012-11-07 Thread Gregor Dschung 
I've just updated the abstraction file. Now it is smaller.

Unfortunately, AppArmor doesn't understand extglobs. If so, it would be 
possible to use 1.[89]?(.[0-9]) instead of {[89],[89].[0-9]}.
-- 
https://code.launchpad.net/~chkpnt/apparmor/patch-ruby/+merge/132723
Your team AppArmor Developers is requested to review the proposed merge of 
lp:~chkpnt/apparmor/patch-ruby into lp:apparmor.

-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

[apparmor] [Merge] lp:~chkpnt/apparmor/patch-ruby into lp:apparmor

2012-11-05 Thread Gregor Dschung 
Gregor Dschung has proposed merging lp:~chkpnt/apparmor/patch-ruby into 
lp:apparmor.

Requested reviews:
  AppArmor Developers (apparmor-dev)

For more details, see:
https://code.launchpad.net/~chkpnt/apparmor/patch-ruby/+merge/132723

- the globbing as used in /etc/apparmor.d/abstrations/ruby doesn't work for 
ruby 1.9.1
- rubygems need {,32,64} in the path, too
-- 
https://code.launchpad.net/~chkpnt/apparmor/patch-ruby/+merge/132723
Your team AppArmor Developers is requested to review the proposed merge of 
lp:~chkpnt/apparmor/patch-ruby into lp:apparmor.
=== modified file 'profiles/apparmor.d/abstractions/ruby'
--- profiles/apparmor.d/abstractions/ruby	2010-12-20 20:29:10 +
+++ profiles/apparmor.d/abstractions/ruby	2012-11-02 16:27:21 +
@@ -9,17 +9,17 @@
 #
 # --
 
-  /usr/lib{,32,64}/ruby/1.[89]/ r,
-  /usr/lib{,32,64}/ruby/1.[89]/*.rb r,
-  /usr/lib{,32,64}/ruby/1.[89]/**/*.rb r,
-  /usr/lib{,32,64}/ruby/1.[89]/*-linux/*.so mr,
-  /usr/lib{,32,64}/ruby/1.[89]/*-linux/**/*.so mr,
-
-  /usr/lib{,32,64}/ruby/site_ruby/1.[89]/ r,
-  /usr/lib{,32,64}/ruby/site_ruby/1.[89]/*.rb r,
-  /usr/lib{,32,64}/ruby/site_ruby/1.[89]/**/*.rb r,
-  /usr/lib{,32,64}/ruby/site_ruby/1.[89]/*-linux/*.so mr,
-  /usr/lib{,32,64}/ruby/site_ruby/1.[89]/*-linux/**/*.so mr,
-
-  /usr/lib/ruby/gems/1.[89]/ r,
-  /usr/lib/ruby/gems/1.[89]/** r,
+  /usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/ r,
+  /usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/*.rb r,
+  /usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/**/*.rb r,
+  /usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/*-linux/*.so mr,
+  /usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/*-linux/**/*.so mr,
+
+  /usr/lib{,32,64}/ruby/site_ruby/1.{[89],[89].[0-9]}/ r,
+  /usr/lib{,32,64}/ruby/site_ruby/1.{[89],[89].[0-9]}/*.rb r,
+  /usr/lib{,32,64}/ruby/site_ruby/1.{[89],[89].[0-9]}/**/*.rb r,
+  /usr/lib{,32,64}/ruby/site_ruby/1.{[89],[89].[0-9]}/*-linux/*.so mr,
+  /usr/lib{,32,64}/ruby/site_ruby/1.{[89],[89].[0-9]}/*-linux/**/*.so mr,
+
+  /usr/lib{,32,64}/ruby/gems/1.{[89],[89].[0-9]}/ r,
+  /usr/lib{,32,64}/ruby/gems/1.{[89],[89].[0-9]}/** r,

-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Re: [apparmor] [Merge] lp:~chkpnt/apparmor/patch-ruby into lp:apparmor

2012-11-05 Thread Christian Boltz 
Hello,

Am Freitag, 2. November 2012 schrieb Gregor Dschung:
 Gregor Dschung has proposed merging lp:~chkpnt/apparmor/patch-ruby
 into lp:apparmor.
 
 Requested reviews:
   AppArmor Developers (apparmor-dev)
 
 For more details, see:
 https://code.launchpad.net/~chkpnt/apparmor/patch-ruby/+merge/132723
 
 - the globbing as used in /etc/apparmor.d/abstrations/ruby doesn't
 work for ruby 1.9.1 - rubygems need {,32,64} in the path, too

The proposed rules will fail with 1.10 and 2.x ;-)

Since this is mostly about read permissions, what about relaxing the 
rules a bit to make them version-independent and easier readable?

I'd propose to use /usr/lib{,32,64}/ruby/1.[89]*/ or even  
/usr/lib{,32,64}/ruby/[1-9].[0-9]*/ to be compatible with future ruby 
releases up to 9.x ;-)

Even if you don't want to do that:

 +  /usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/*.rb r,
 +  /usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/**/*.rb r,

You can merge these two lines to
/usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/**.rb r,

 +  /usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/*-linux/*.so mr,
 +  /usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/*-linux/**/*.so mr,

Same here, merge to:
/usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/*-linux/**.so mr,

 +  /usr/lib{,32,64}/ruby/site_ruby/1.{[89],[89].[0-9]}/*.rb r,
 +  /usr/lib{,32,64}/ruby/site_ruby/1.{[89],[89].[0-9]}/**/*.rb r,
 +  /usr/lib{,32,64}/ruby/site_ruby/1.{[89],[89].[0-9]}/*-linux/*.so 
mr,
 +  /usr/lib{,32,64}/ruby/site_ruby/1.{[89],[89].[0-9]}/*-linux/**/*.so 
mr,

Two more pairs to merge ;-)


Regards,

Christian Boltz
-- 
Bei mir läuft KDE gar nicht.
Völlig korrekt. Logisch. Aber sinnfrei.
[David Haller in opensuse-de]


-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor