Hi,
better late than never, here's a report from what happened about
AppArmor at DebConf14 a few weeks ago. A few of us (Kees, Steve, Seth,
Holger and I -- John was excused, but I got to see him a bit latter)
met and had a formal BoF, that was video'ed, although the recording is
not online yet [1]
On Thu, Sep 11, 2014 at 07:49:36PM +0200, Christian Boltz wrote:
> Am Donnerstag, 11. September 2014 schrieb Steve Beattie:
> > Bug: https://bugzilla.novell.com/show_bug.cgi?id=895495
> >
> > We define the __unused macro as a shortcut for __attribute__((unused))
> > to quiet compiler warnings for
I've committed the v2 patches that received acks. This v3 patch set
contains the remaining patches that have not yet received acks plus a
new patch (PATCH 5/7).
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparm
The unix_socket_client test program was using an abstract socket, which
was set up using the autobind feature, when testing any socket address
types.
To more accurately test a specific address type, this patch changes the
client code to use whatever address type that the server is using. The
strin
The client will now do a getsockname() on its socket in order to test
the AppArmor 'getattr' unix rule permission.
Signed-off-by: Tyler Hicks
---
* No changes since v2
tests/regression/apparmor/unix_socket_client.c| 19 +++
tests/regression/apparmor/unix_socket_pathname.sh
Tests abstract UNIX domain sockets with various combinations of implied
permissions, explicit permissions, and conditionals. It also tests with
bad permissions and conditionals.
The new file unix_socket.inc includes a generic set of tests that can be
reused by another test script in order to test
Tests abstract UNIX domain sockets with various combinations of implied
permissions, explicit permissions, and conditionals. It also tests with
bad permissions and conditionals.
Signed-off-by: Tyler Hicks
---
* Changes since v2:
- Added unix_socket_unnamed to the TESTS variable in the Makefile
The unix_socket operations for testing getopt and setopt permissions
were occurring back to back. This patch breaks them up into "pre-bind"
and "post-bind" operations. The setopt operation now occurs pre-bind
while the getopt operation happens post-bind. This allows for the test
policy to test seto
Use the sendto()/recvfrom() functions when dealing with dgram sockets in
unix_socket_client.
This allows us to test different interfaces besides the typical
write()/read() and will allow for a smaller permissions set for
unix_socket_client.
Signed-off-by: Tyler Hicks
---
* No changes since v2
The server will now do a shutdown() on its socket in order to test the
AppArmor 'shutdown' unix rule permission.
Signed-off-by: Tyler Hicks
---
* No changes since v2
tests/regression/apparmor/unix_socket.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/tests/regression/apparmor/unix
On Mon, Sep 22, 2014 at 03:44:04PM -0700, Steve Beattie wrote:
> With the move to C++-ification of the parser, the parser's makefile was
> not updated to take into account .cc files when deriving object files.
> This would result in the final linking compilation of the parser binary
> including all
Hello,
Am Sonntag, 14. September 2014 schrieb Kshitij Gupta:
> On Sun, Sep 14, 2014 at 1:55 AM, Christian Boltz wrote:
...
> Encodings cant let one live in peace.
Indeed :-/
> > Maybe it would be a good idea not to assume any encoding and use raw
> > bytes instead? (Patches welcome ;-)
> >
> >
On 2014-09-21 04:04:48, John Johansen wrote:
> On 09/19/2014 06:48 PM, Seth Arnold wrote:
> > On Fri, Sep 19, 2014 at 01:48:09PM -0700, John Johansen wrote:
> >> On 09/19/2014 12:37 PM, John Johansen wrote:
> >>
> >> fix: if the apparmor parser fails to load the cache try rebuilding
> >>
> >> v2. C
With the move to C++-ification of the parser, the parser's makefile was
not updated to take into account .cc files when deriving object files.
This would result in the final linking compilation of the parser binary
including all of the .cc files in its command line, rather than the ,o
files. This p
Hello,
On 9/15/14, Christian Boltz wrote:
> Hello,
>
> this patch makes the profile parsing regexes in aa.py easier to read by
> splitting out common parts (like audit and deny flags or the typical end
> of the line (comma and comment).
>
> The patch also introduces the named match groups , and
On Sun, Sep 21, 2014 at 12:15:51AM -0700, John Johansen wrote:
> On 09/20/2014 11:52 AM, Christian Boltz wrote:
> > Hello,
> >
> v2 of the patch returning the last error encountered
>
> fix: Make the parser behave the same as when driven with xargs -n1
>
> Currently the parser is bailing when it
On Sun, Sep 21, 2014 at 04:04:48AM -0700, John Johansen wrote:
> On 09/19/2014 06:48 PM, Seth Arnold wrote:
> > On Fri, Sep 19, 2014 at 01:48:09PM -0700, John Johansen wrote:
> >> On 09/19/2014 12:37 PM, John Johansen wrote:
> >>
> >> fix: if the apparmor parser fails to load the cache try rebuildi
On 2014-09-05 16:29:59, John Johansen wrote:
> So a revised version of the patch
>
> v2 - properly handle the accept permission, look for the bits with local_mask
>
> Do not output local permissions for rules that have peer_conditionals
>
> while it is not possible to specify a rule with local c
On 09/22/2014 06:17 AM, azurIt wrote:
> Hi,
>
> does apparmor supports nested child profiles or child profiles inside hats?
> I'm asking because i'm having problems with execution using 'cx' permission
> inside a hat. I'm unable to create a child profile directly inside hat
> because of this er
Hi,
does apparmor supports nested child profiles or child profiles inside hats? I'm
asking because i'm having problems with execution using 'cx' permission inside
a hat. I'm unable to create a child profile directly inside hat because of this
error:
apparmor_parser: Unable to replace "test". P
20 matches
Mail list logo