Re: [apparmor] [patch] Fix dfa minimization

On 01/03/2014 02:49 PM, Steve Beattie wrote: > On Tue, Dec 24, 2013 at 01:05:47PM -0800, John Johansen wrote: >> On 12/24/2013 09:06 AM, Tyler Hicks wrote: >>> I have to admit to not being very familiar with this area of the parser. >>> The changes look sane to me, but I don't really understand eve

Re: [apparmor] [Patch] libapparmor: require libtoolize instead of libtool

On 01/03/2014 02:44 PM, Steve Beattie wrote: > libtoolize is the standard mechanism for incorporating libtool support > into a library; however, libapparmor's autogen.sh script specifically > looks for the existence of the libtool binary rather than libtoolize. > The libtoolize tool automatically g

Re: [apparmor] [patch] Fix dfa minimization

On Tue, Dec 24, 2013 at 01:05:47PM -0800, John Johansen wrote: > On 12/24/2013 09:06 AM, Tyler Hicks wrote: > > I have to admit to not being very familiar with this area of the parser. > > The changes look sane to me, but I don't really understand everything > > that is going on. > > > right, I am

[apparmor] [Patch] libapparmor: require libtoolize instead of libtool

libtoolize is the standard mechanism for incorporating libtool support into a library; however, libapparmor's autogen.sh script specifically looks for the existence of the libtool binary rather than libtoolize. The libtoolize tool automatically generates a libtool script and does not require the ex

[apparmor] [PATCH 1/4] profiles: Add strict system bus abstraction

Move the file rule from the existing permissive system bus abstraction into a new strict system bus abstraction. The strict abstraction only allows for calling the Hello, AddMatch, RemoveMatch, GetNameOwner, NameHasOwner, and StartServiceByName methods that are exported by the D-Bus daemon. The p

[apparmor] [PATCH 4/4] parser: Add DFA minimization test that mimics D-Bus abstractions

This test ensures that the proper DFA minimization occurs when a permissive D-Bus abstraction #include's the corresponding strict abstraction. Signed-off-by: Tyler Hicks --- parser/tst/equality.sh | 10 ++ 1 file changed, 10 insertions(+) diff --git a/parser/tst/equality.sh b/parser/tst

[apparmor] [PATCH 3/4] profiles: Add strict accessibility bus abstraction

Move the file rule from the existing permissive accessibility bus abstraction into a new strict accessibility bus abstraction. The strict abstraction only allows for calling the Hello, AddMatch, RemoveMatch, GetNameOwner, NameHasOwner, and StartServiceByName methods that are exported by the D-Bus

[apparmor] [PATCH 0/4] Create new strict D-Bus abstractions

Now that we have a fix for the DFA minimization bug (LP: #1262938), I think it may be a good idea to introduce a set of strict D-Bus abstractions that are reused by the existing, permissive abstractions. I've manually verified that DFA minimization happens and patch #4 in this set adds an equality

[apparmor] [PATCH 2/4] profiles: Add strict session bus abstraction

Move the file rule from the existing permissive session bus abstraction into a new strict session bus abstraction. The strict abstraction only allows for calling the Hello, AddMatch, RemoveMatch, GetNameOwner, NameHasOwner, and StartServiceByName methods that are exported by the D-Bus daemon. The

Re: [apparmor] [patch] add FIPS support to abstractions/openssl

On Fri, Jan 03, 2014 at 07:11:29PM +0100, Christian Boltz wrote: > Hello, > > > > The "/proc/sys/crypto/fips_enabled r," should IMHO be integrated in the > upstream abstractions/openssl as this is not critical if you run without > FIPS, but it will produce a lot of log entries on systems like S

[apparmor] [patch] add FIPS support to abstractions/openssl

Hello, The "/proc/sys/crypto/fips_enabled r," should IMHO be integrated in the upstream abstractions/openssl as this is not critical if you run without FIPS, but it will produce a lot of log entries on systems like SLES that are FIPS aware. References: https://bugzilla.novell.com/show_bug.c