[apparmor] [Patch][parser] Convert cache to using mtime

Convert cache to using mtime For some strange reason our caching use ctime instead of mtime. However this can lead to odd cases of the cache missing even though neither the profile data nor cache data have changed. Signed-off-by: John Johansen --- parser/parser_main.c |4 ++-- 1 file chang

Re: [apparmor] Support binary that might be in different locations?

On Tue, Jun 17, 2014 at 10:17:14AM +0800, Aaron Lewis wrote: > What does the second keyword ("nginx" here) in "profile nginx > /usr/{s,}bin/nginx" mean? > Is it just the profile name, which acts like an ID of the profile perhaps? Yes, that's it exactly; this is the name that will show in ps auxZ o

Re: [apparmor] What's the 'd' flag?

Ah I get it, I didn't see the operation="unlink" part back then Thanks John! On Tue, Jun 17, 2014 at 8:31 AM, John Johansen wrote: > On 06/16/2014 05:26 PM, Aaron Lewis wrote: >> Hi, >> >> Take a look at the following message >> >> [ 760.181424] type=1400 audit(xxx:113): apparmor="ALLOWED"

Re: [apparmor] Support binary that might be in different locations?

Thanks John. What does the second keyword ("nginx" here) in "profile nginx /usr/{s,}bin/nginx" mean? Is it just the profile name, which acts like an ID of the profile perhaps? On Tue, Jun 17, 2014 at 8:28 AM, John Johansen wrote: > On 06/16/2014 05:20 PM, Aaron Lewis wrote: >> Hi, >> >> I have a

Re: [apparmor] What's the 'd' flag?

On 06/16/2014 05:26 PM, Aaron Lewis wrote: > Hi, > > Take a look at the following message > > [ 760.181424] type=1400 audit(xxx:113): apparmor="ALLOWED" > operation="unlink" parent=1 profile="/usr/sbin/php5-fpm" > name="/run/php5-fpm.sock" pid=1340 comm="php5-fpm" requested_mask="d" > denied

Re: [apparmor] Support binary that might be in different locations?

On 06/16/2014 05:20 PM, Aaron Lewis wrote: > Hi, > > I have a profile that works on /usr/sbin/nginx, is it possible to make > it work for /usr/bin/nginx as well? > (without a new profile, not even the {} part) > > I'm not sure if this is supported. > It is. You can specfiy a globbing pattern ba

[apparmor] What's the 'd' flag?

Hi, Take a look at the following message [ 760.181424] type=1400 audit(xxx:113): apparmor="ALLOWED" operation="unlink" parent=1 profile="/usr/sbin/php5-fpm" name="/run/php5-fpm.sock" pid=1340 comm="php5-fpm" requested_mask="d" denied_mask="d" fsuid=0 ouid=0 I tried to set the 'd' flag in th

[apparmor] Support binary that might be in different locations?

Hi, I have a profile that works on /usr/sbin/nginx, is it possible to make it work for /usr/bin/nginx as well? (without a new profile, not even the {} part) I'm not sure if this is supported. -- Best Regards, Aaron Lewis - PGP: 0x13714D33 - http://pgp.mit.edu/ Finger Print: 9F67 391B B770 8FF