Hello!
Just as a reminder about this topic: at the moment MariaDB 5.5 has no
effective AppArmor profile. I am happy to accept pull requests /
patches for it, if somebody more knowledgeable in AppArmor profile
generation wants to supply one.
Debian official packaging repo:
Hello,
this patch updates the usr.sbin.winbindd profile
- allow rw access to /var/cache/krb5rcache/
- treat passdb.tdb.tmp as passdb.tdb
Patch from Lars Müller lmue...@suse.com
References: https://bugzilla.novell.com/show_bug.cgi?id=870607
=== modified file
Hello,
Am Montag, 14. April 2014 schrieb Tyler Hicks:
diff --git a/parser/apparmor.d.pod b/parser/apparmor.d.pod
index 853cd5c..ff7887d 100644
--- a/parser/apparmor.d.pod
+++ b/parser/apparmor.d.pod
+BPROFILE = [ ICOMMENT ... ] [ IVARIABLE ASSIGNMENT
... ] ( '' IPROGRAM '' | IPROGRAM ) [
On 2014-04-18 16:30:36, Christian Boltz wrote:
Hello,
Am Montag, 14. April 2014 schrieb Tyler Hicks:
diff --git a/parser/apparmor.d.pod b/parser/apparmor.d.pod
index 853cd5c..ff7887d 100644
--- a/parser/apparmor.d.pod
+++ b/parser/apparmor.d.pod
+BPROFILE = [ ICOMMENT ... ] [
On Tue, Apr 15, 2014 at 10:22:24AM -0700, john.johan...@canonical.com wrote:
Add signal rules and make sure the parser encodes support for them
if the supported feature set reports supporting them.
Acked-by: Seth Arnold seth.arn...@canonical.com
Would it make more sense to put exists as entry
On Tue, Apr 15, 2014 at 10:22:09AM -0700, john.johan...@canonical.com wrote:
Policy enforcement needs to be able to support older userspaces and
compilers that don't know about new features. The absence of a feature
in the policydb indicates that feature mediation is not present for
it.
We
On Tue, Apr 15, 2014 at 10:22:25AM -0700, john.johan...@canonical.com wrote:
The match
{VARIABLE_NAME}/{WS}*={WS}*\(
is too broad causing mount and dbus rules to fail for sets of values eg.
mount options=(ro bind)
Instead of doing a broad match, for now lets lock it down to just
On Tue, Apr 15, 2014 at 10:22:26AM -0700, john.johan...@canonical.com wrote:
The match
{VARIABLE_NAME}/{WS}*={WS}*\(
is too broad causing mount and dbus rules to fail for sets of values eg.
mount options=(ro bind)
Instead of doing a broad match, for now lets lock it down to just
On 04/18/2014 04:38 PM, Seth Arnold wrote:
On Tue, Apr 15, 2014 at 10:22:24AM -0700, john.johan...@canonical.com wrote:
Add signal rules and make sure the parser encodes support for them
if the supported feature set reports supporting them.
Acked-by: Seth Arnold seth.arn...@canonical.com
On Tue, Apr 15, 2014 at 10:22:27AM -0700, john.johan...@canonical.com wrote:
ptrace rules currently take the form of
ptrace [ptrace_perms] [peer_profile_name],
ptrace_perm := read|trace|readby|tracedby
ptrace_perms := ptrace_perm | '(' ptrace_perm+ ')'
After having used the cross
On Fri, Apr 18, 2014 at 05:03:08PM -0700, John Johansen wrote:
No. I considered doing this, and nearly did it. It is remapped higher for
a few reasons. Having it not be 0 allowed catching a few things during
dev, where an 0 initialized value was being passed through (remapping
after that could
11 matches
Mail list logo
