Hi all,
We talked about meeting with cboltz and he wrote me an email below.
Because of that. I tried to make apparmor profile for *mtr*
#include tunables/global
/usr/sbin/mtr {
#include abstractions/base
#include abstractions/nameservice
capability net_raw,
capability setgid,
Sorry I meant to get this out yesterday
May's meeting is scheduled for today (May 14) @20:00 UTC
in #apparmor on oftc.net
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
On Tue, May 14, 2013 at 06:13:23PM +0300, Kaan Özdinçer wrote:
We talked about meeting with cboltz and he wrote me an email below.
Because of that. I tried to make apparmor profile for *mtr*
For confinement purposes, mtr is a nice, well-contained, and alas,
setuid root, program. Depending on
On Wed, May 01, 2013 at 02:31:00PM -0700, John Johansen wrote:
Add the dynamic profiles file to the interace, to allow load policy
introspection.
Signed-off-by: John Johansen john.johan...@canonical.com
Acked-by: Kees Cook k...@ubuntu.com
+/**
+ * __next_profile - step to the next profile
On Wed, May 01, 2013 at 02:31:02PM -0700, John Johansen wrote:
For profiles that have been replaced reuse the name string so the
old and new version of the profile share the same string. This will
make some checks/comparisons in labeling quicker.
+static void share_name(struct aa_profile
On Wed, May 01, 2013 at 02:31:03PM -0700, John Johansen wrote:
The labeling of files is implied by the set of rules and profiles.
Add the ability to set implicit labels on files to reduce the number
of path and rule lookups that are needed.
Signed-off-by: John Johansen