Re: [apparmor] add profile for lessopen (less profile)

Hello, I recently submitted a profile patch for less. Thoughts? https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=bin.less;att=1;bug=770268 > -- > > Message: 1 > Date: Sun, 21 Dec 2014 17:34:13 +0100 > From: Chris

Re: [apparmor] [patch] make coverage should fail if one of the tests fails

Hello, Am Montag, 22. Dezember 2014 schrieb John Johansen: > On 12/03/2014 04:24 PM, Christian Boltz wrote: > > Am Dienstag, 2. Dezember 2014 schrieb Steve Beattie: > >> On Sat, Nov 29, 2014 at 09:26:03PM +0100, Christian Boltz wrote: > >>> the subject says it all - make coverage should fail if on

Re: [apparmor] Wish list

Hello, Am Montag, 22. Dezember 2014 schrieb John Johansen: > On 12/21/2014 09:15 AM, Christian Boltz wrote: > > Dear Santa, > > > > I have some AppArmor patches that nobody reviewed since some weeks. > > Since I hope and assume I wasn't too naughty in the last year [1], > > can I please have some

[apparmor] [patch] raise exception if sub_str_to_mode() is called with invalid mode string (was: Re: [patch] add tests for aamode.py)

Hello, Am Montag, 22. Dezember 2014 schrieb John Johansen: > On 11/29/2014 11:19 AM, Christian Boltz wrote: > > See for example > > > > def test_sub_str_to_mode_8(self): > > self.assertEqual(sub_str_to_mode('asdf42'), {'a'}) > > > > Now the question is if sub_str_to_mode shoud be non

Re: [apparmor] add profile for lessopen

Hello, (CC'ing Marcus to make sure he notices the discussion) Am Montag, 22. Dezember 2014 schrieb John Johansen: > On 12/21/2014 08:34 AM, Christian Boltz wrote: > > this patch adds a profile for lessopen.sh which handles programms > > automatically executed by less (for example to get a file li

Re: [apparmor] Wish list

On 12/22/2014 06:16 AM, John Johansen wrote: > On 12/21/2014 09:15 AM, Christian Boltz wrote: >> Dear Santa, >> >> I have some AppArmor patches that nobody reviewed since some weeks. >> Since I hope and assume I wasn't too naughty in the last year [1], can I >> please have some comments or even Ac

Re: [apparmor] add profile for lessopen

On 12/21/2014 08:34 AM, Christian Boltz wrote: > Hello, > > this patch adds a profile for lessopen.sh which handles programms > automatically executed by less (for example to get a file list out of > tarballs). > > Patch by Marcus Meissner > > References: https://bugzilla.opensuse.org/show_bu

Re: [apparmor] [patch] fix dnsmasq profile to allow executing bash and allow lib64 libvirt_leaseshelper script

On 12/22/2014 05:06 AM, Christian Boltz wrote: > Hello, > > this patch fixes the dnsmasq profile to allow executing bash to run the > --dhcp-script argument. Also fixed /usr/lib -> /usr/{lib,lib64} to get > libvirt leasehelper script to run even on x86_64. > > References: https://bugzilla.opens

Re: [apparmor] Wish list

On 12/21/2014 09:15 AM, Christian Boltz wrote: > Dear Santa, > > I have some AppArmor patches that nobody reviewed since some weeks. > Since I hope and assume I wasn't too naughty in the last year [1], can I > please have some comments or even Acks under my christmas tree? ;-) > Hehe, sorry Dece

Re: [apparmor] [patch] add tests for aamode.py

On 11/29/2014 11:19 AM, Christian Boltz wrote: > Hello, > > Am Samstag, 29. November 2014 schrieb Steve Beattie: >> On Fri, Nov 28, 2014 at 07:47:29PM +0100, Christian Boltz wrote: >>> Am Donnerstag, 27. November 2014 schrieb Steve Beattie: If we're going to raise an exception that nobody's g

Re: [apparmor] [patch] aa.py: change_profile vs. changes_profile

On 11/29/2014 05:18 AM, Christian Boltz wrote: > Hello, > > Am Freitag, 28. November 2014 schrieb Steve Beattie: >> There's some really wonky behavior for view differences when doing so >> (with or without the patch applied): >> >> --- /tmp/home.ubuntu.tmp.spork.sh 2014-11-28 23:07:50.769388829 -0

Re: [apparmor] [patch] make coverage should fail if one of the tests fails

On 12/03/2014 04:24 PM, Christian Boltz wrote: > Hello, > > Am Dienstag, 2. Dezember 2014 schrieb Steve Beattie: >> On Sat, Nov 29, 2014 at 09:26:03PM +0100, Christian Boltz wrote: >>> the subject says it all - make coverage should fail if one of the >>> tests fails. Currently it ignores failures

Re: [apparmor] [patch] extra profiles: update mysqld profile

On 12/01/2014 02:03 PM, Christian Boltz wrote: > Hello, > > this patch updates the mysqld profile in the extras directory to > something that works on my servers ;-) > > BTW: AFAIK Ubuntu ships an active profile for mysqld - can someone merge > it with this profile, please? > so acking this for

Re: [apparmor] [patch] add some missing /run/dovecot/* to usr.lib.dovecot.imap{, -login}

On 12/03/2014 01:50 PM, Christian Boltz wrote: > Hello, > > this patch adds the needed permissions as reported in > https://bugs.launchpad.net/apparmor/+bug/1296667/ comment #1 > to the usr.lib.dovecot.imap and imap-login profiles. > Acked-by: John Johansen > > === modified file 'profiles/app

Re: [apparmor] [patch] update and cleanup usr.sbin.dovecot profile

On 12/03/2014 01:44 PM, Christian Boltz wrote: > Hello, > > this patch adds #include to the > usr.sbin.dovecot profile. Effectively this adds "deny capability > block_suspend," which is the only missing part from > https://bugs.launchpad.net/apparmor/+bug/1296667/ > > It also removes "capabili

[apparmor] [patch] fix dnsmasq profile to allow executing bash and allow lib64 libvirt_leaseshelper script

Hello, this patch fixes the dnsmasq profile to allow executing bash to run the --dhcp-script argument. Also fixed /usr/lib -> /usr/{lib,lib64} to get libvirt leasehelper script to run even on x86_64. References: https://bugzilla.opensuse.org/show_bug.cgi?id=911001 Patch by "Cédric Bosdonnat"