Re: [apparmor] [Merge] lp:~chkpnt/apparmor/patch-ruby into lp:apparmor
I've just updated the abstraction file. Now it is smaller. Unfortunately, AppArmor doesn't understand extglobs. If so, it would be possible to use "1.[89]?(.[0-9])" instead of "{[89],[89].[0-9]}". -- https://code.launchpad.net/~chkpnt/apparmor/patch-ruby/+merge/132723 Your team AppArmor Developers is requested to review the proposed merge of lp:~chkpnt/apparmor/patch-ruby into lp:apparmor. -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] [Merge] lp:~chkpnt/apparmor/patch-ruby into lp:apparmor
Hello, Am Freitag, 2. November 2012 schrieb Gregor Dschung: > Gregor Dschung has proposed merging lp:~chkpnt/apparmor/patch-ruby > into lp:apparmor. > > Requested reviews: > AppArmor Developers (apparmor-dev) > > For more details, see: > https://code.launchpad.net/~chkpnt/apparmor/patch-ruby/+merge/132723 > > - the globbing as used in /etc/apparmor.d/abstrations/ruby doesn't > work for ruby 1.9.1 - rubygems need {,32,64} in the path, too The proposed rules will fail with 1.10 and 2.x ;-) Since this is mostly about read permissions, what about relaxing the rules a bit to make them version-independent and easier readable? I'd propose to use /usr/lib{,32,64}/ruby/1.[89]*/ or even /usr/lib{,32,64}/ruby/[1-9].[0-9]*/ to be compatible with future ruby releases up to 9.x ;-) Even if you don't want to do that: > + /usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/*.rb r, > + /usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/**/*.rb r, You can merge these two lines to /usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/**.rb r, > + /usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/*-linux/*.so mr, > + /usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/*-linux/**/*.so mr, Same here, merge to: /usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/*-linux/**.so mr, > + /usr/lib{,32,64}/ruby/site_ruby/1.{[89],[89].[0-9]}/*.rb r, > + /usr/lib{,32,64}/ruby/site_ruby/1.{[89],[89].[0-9]}/**/*.rb r, > + /usr/lib{,32,64}/ruby/site_ruby/1.{[89],[89].[0-9]}/*-linux/*.so mr, > + /usr/lib{,32,64}/ruby/site_ruby/1.{[89],[89].[0-9]}/*-linux/**/*.so mr, Two more pairs to merge ;-) Regards, Christian Boltz -- "Bei mir" läuft KDE gar nicht. Völlig korrekt. Logisch. Aber sinnfrei. [David Haller in opensuse-de] -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
[apparmor] [Merge] lp:~chkpnt/apparmor/patch-ruby into lp:apparmor
Gregor Dschung has proposed merging lp:~chkpnt/apparmor/patch-ruby into lp:apparmor. Requested reviews: AppArmor Developers (apparmor-dev) For more details, see: https://code.launchpad.net/~chkpnt/apparmor/patch-ruby/+merge/132723 - the globbing as used in /etc/apparmor.d/abstrations/ruby doesn't work for ruby 1.9.1 - rubygems need {,32,64} in the path, too -- https://code.launchpad.net/~chkpnt/apparmor/patch-ruby/+merge/132723 Your team AppArmor Developers is requested to review the proposed merge of lp:~chkpnt/apparmor/patch-ruby into lp:apparmor. === modified file 'profiles/apparmor.d/abstractions/ruby' --- profiles/apparmor.d/abstractions/ruby 2010-12-20 20:29:10 + +++ profiles/apparmor.d/abstractions/ruby 2012-11-02 16:27:21 + @@ -9,17 +9,17 @@ # # -- - /usr/lib{,32,64}/ruby/1.[89]/ r, - /usr/lib{,32,64}/ruby/1.[89]/*.rb r, - /usr/lib{,32,64}/ruby/1.[89]/**/*.rb r, - /usr/lib{,32,64}/ruby/1.[89]/*-linux/*.so mr, - /usr/lib{,32,64}/ruby/1.[89]/*-linux/**/*.so mr, - - /usr/lib{,32,64}/ruby/site_ruby/1.[89]/ r, - /usr/lib{,32,64}/ruby/site_ruby/1.[89]/*.rb r, - /usr/lib{,32,64}/ruby/site_ruby/1.[89]/**/*.rb r, - /usr/lib{,32,64}/ruby/site_ruby/1.[89]/*-linux/*.so mr, - /usr/lib{,32,64}/ruby/site_ruby/1.[89]/*-linux/**/*.so mr, - - /usr/lib/ruby/gems/1.[89]/ r, - /usr/lib/ruby/gems/1.[89]/** r, + /usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/ r, + /usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/*.rb r, + /usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/**/*.rb r, + /usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/*-linux/*.so mr, + /usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/*-linux/**/*.so mr, + + /usr/lib{,32,64}/ruby/site_ruby/1.{[89],[89].[0-9]}/ r, + /usr/lib{,32,64}/ruby/site_ruby/1.{[89],[89].[0-9]}/*.rb r, + /usr/lib{,32,64}/ruby/site_ruby/1.{[89],[89].[0-9]}/**/*.rb r, + /usr/lib{,32,64}/ruby/site_ruby/1.{[89],[89].[0-9]}/*-linux/*.so mr, + /usr/lib{,32,64}/ruby/site_ruby/1.{[89],[89].[0-9]}/*-linux/**/*.so mr, + + /usr/lib{,32,64}/ruby/gems/1.{[89],[89].[0-9]}/ r, + /usr/lib{,32,64}/ruby/gems/1.{[89],[89].[0-9]}/** r, -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor