This patch fixes an issue with the toplevel make clean target that did
not take into account where the libapparmor tree had been moved to.
---
Makefile |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: b/Makefile
===
This patch abstracts out the generation of the lists of capabilities
and network protocol names to the common Make.rules file that is
included in most locations in the build tree, to allow it to be
re-used in the utils/ tree and possibly elsewhere.
It provides the lists in both make variables and
On Thu, Mar 22, 2012 at 10:06:09AM -0700, Steve Beattie wrote:
It also sorts the resulting lists, which causes it to output differently
than the before case. I did confirm that the results for the generated
files used in the parser build were the same after taking the sorting
into account.
Signed-off-by: John Johansen john.johan...@canonical.com
---
parser/libapparmor_re/hfa.cc | 14 +++---
parser/libapparmor_re/hfa.h |4 ++--
2 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/parser/libapparmor_re/hfa.cc b/parser/libapparmor_re/hfa.cc
index
The kernel has an extended test for change_profile when used with
onexec, that allows it to only work against set executables.
The parser is not correctly mapping change_profile for this test
update the mapping so change_onexec will work when confined.
Note: the parser does not currently support
Signed-off-by: John Johansen john.johan...@canonical.com
---
parser/parser.h|3 ++-
parser/parser_lex.l| 17 +
parser/parser_misc.c |4 +++-
parser/parser_yacc.y | 15 +--
On 03/22/2012 10:06 AM, Steve Beattie wrote:
This patch adds a make install target for the generated apparmor.vim
file, installing by default into /usr/share/apparmor based on IRC
discussions; alternate suggestions welcome. (Installing directly
into the vim syntax tree is difficult as the
On 03/22/2012 10:06 AM, Steve Beattie wrote:
This patch replaces the apparmor.vim generating script with a python
version that eliminates the need for using the replace tool from the
mysql-server package. It makes use of the automatically generated
lists of capabilities and network protocols
On Thu, Mar 22, 2012 at 11:44:53AM -0700, John Johansen wrote:
Signed-off-by: John Johansen john.johan...@canonical.com
Acked-By: Steve Beattie sbeat...@ubuntu.com
---
parser/libapparmor_re/hfa.cc | 14 +++---
parser/libapparmor_re/hfa.h |4 ++--
2 files changed, 9
Acked-By: Steve Beattie sbeat...@ubuntu.com
Thanks.
--
Steve Beattie
sbeat...@ubuntu.com
http://NxNW.org/~steve/
signature.asc
Description: Digital signature
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
On 03/22/2012 12:46 PM, Steve Beattie wrote:
On Thu, Mar 22, 2012 at 11:44:54AM -0700, John Johansen wrote:
The kernel has an extended test for change_profile when used with
onexec, that allows it to only work against set executables.
The parser is not correctly mapping change_profile for
** Changed in: apparmor (Ubuntu)
Milestone: None = ubuntu-12.04-beta-2
--
You received this bug notification because you are a member of AppArmor
Developers, which is the registrant for AppArmor.
https://bugs.launchpad.net/bugs/962521
Title:
aa_getcon returns garbage on error path
Status
** Changed in: apparmor
Status: New = Confirmed
--
You received this bug notification because you are a member of AppArmor
Developers, which is the registrant for AppArmor.
https://bugs.launchpad.net/bugs/962521
Title:
aa_getcon returns garbage on error path
Status in AppArmor Linux
Public bug reported:
when calling aa_getcon it returns a garbage filled buffer if it fails
** Affects: apparmor
Importance: High
Assignee: John Johansen (jjohansen)
Status: Confirmed
** Affects: apparmor (Ubuntu)
Importance: High
Assignee: John Johansen (jjohansen)
** Tags added: rls-p-tracking
** Changed in: apparmor
Status: Confirmed = Fix Committed
--
You received this bug notification because you are a member of AppArmor
Developers, which is the registrant for AppArmor.
https://bugs.launchpad.net/bugs/962521
Title:
aa_getcon returns garbage
When creating the prior abstraction patches, I mistakenly converted
/usr/include/linux/capability.h to sys/capability.h. This patch
corrects the issue.
=== modified file 'common/Make.rules'
--- common/Make.rules 2012-03-22 20:19:27 +
+++ common/Make.rules 2012-03-22 21:29:40 +
@@
On Thu, 2012-03-22 at 14:33 -0700, Steve Beattie wrote:
When creating the prior abstraction patches, I mistakenly converted
/usr/include/linux/capability.h to sys/capability.h. This patch
corrects the issue.
=== modified file 'common/Make.rules'
--- common/Make.rules 2012-03-22 20:19:27
--
Jamie Strandboge | http://www.canonical.com
Author: Jamie Strandboge ja...@canonical.com
Description: clean up utils/vim/common
Forwarded: yes
Index: apparmor-2.7.102/utils/vim/Makefile
===
---
Hello,
Am Donnerstag, 22. März 2012 schrieb Steve Beattie:
CAP_WAKE_ALARM 8
This one is missing in apparmor.vim.
I assume it translates to
capability wake_alarm,
in the profiles, therefore I propose the following patch:
=== modified file 'utils/vim/create-apparmor.vim.sh'
---
On 03/22/2012 03:08 PM, Christian Boltz wrote:
Hello,
Am Donnerstag, 22. März 2012 schrieb Steve Beattie:
CAP_WAKE_ALARM 8
yep
This one is missing in apparmor.vim.
I assume it translates to
capability wake_alarm,
in the profiles, therefore I propose the following patch:
===
Hello,
(also affects patch 3/6, but splitting the mail wouldn't make sense)
Am Donnerstag, 22. März 2012 schrieb Steve Beattie:
This patch abstracts out the generation of the lists of capabilities
and network protocol names to the common Make.rules file that is
included in most locations in
On Thu, 2012-03-22 at 23:20 +0100, Christian Boltz wrote:
--- a/common/Make.rules
+++ b/common/Make.rules
@@ -151,6 +151,40 @@ _clean:
-rm -f ${MANPAGES} *.[0-9].gz ${HTMLMANPAGES} pod2htm*.tmp
# =
+# generate list of capabilities based on
+#
Installing the apparmor.vim file by default sounds like a great idea. It's too
useful to leave it out and changes often enough that upstream vim or vim
packaging doesn't feel right. Yet.
-Original Message-
From: John Johansen john.johan...@canonical.com
Sender:
On 03/22/2012 03:35 PM, Seth Arnold wrote:
I'm always worried when I see shared magic numbers. If AA_ONEXEC is supposed
to share with AA_CHANGE_HAT, please define one in terms of the other or
provide a comment to warn the future. Thanks :)
Well in fact they aren't exactly the same and could
This bug was fixed in the package apparmor - 2.7.102-0ubuntu1
---
apparmor (2.7.102-0ubuntu1) precise; urgency=low
* New upstream release. Fixes the following issues in support of LXC
AppArmor support for beta-2:
- Fix the return size of aa_getprocattr (LP: #962521)
-
** Branch linked: lp:ubuntu/apparmor
--
You received this bug notification because you are a member of AppArmor
Developers, which is the registrant for AppArmor.
https://bugs.launchpad.net/bugs/962521
Title:
aa_getcon returns garbage on error path
Status in AppArmor Linux application
Hello,
(I should have read all mails before replying to the 4/6 patch ;-)
Am Donnerstag, 22. März 2012 schrieb Steve Beattie:
This patch replaces the apparmor.vim generating script with a python
version that eliminates the need for using the replace tool from the
mysql-server package.
I'm
27 matches
Mail list logo