[apparmor] Fun with mod_apparmor + keepalive + iOS

Hi, After getting comfortable with mod_apparmor and slowly migrating sites to it, I'm seeing some weird audit logs from the HANDLING_UNTRUSTED_INPUT hat on a virtual host. The weird entries all have this form: apparmor="DENIED" operation=“file_perm" profile="/usr/sbin/apache2//HANDLING_UNTR

Re: [apparmor] [Patch 0/7] v2 of unacked man page changes

Hello, just in case you want to do a 8/7 ;-) patch: With 7/7 applied, we have this interesting[tm] line: B = [ I ... ] [ I ... ] ( '"' I '"' | I ) [ 'flags=(complain)' ]'{' [ ( I | I | I | I | I | I | I | I | I | I | I | I | I | I) ... ] '}' It would be more readable if we split out the inn

Re: [apparmor] [PATCH 7/7] Add basic documentation of apparmor rlimit controls

Hello, Am Samstag, 21. März 2015 schrieb John Johansen: > buglink: https://launchpad.net/bugs/1429202 > > Signed-off-by: John Johansen > --- > parser/apparmor.d.pod | 35 ++- > 1 file changed, 34 insertions(+), 1 deletion(-) > > diff --git a/parser/apparmor.d.po

Re: [apparmor] [PATCH 5/7] Fix use of FILEGLOB in apparmor.d.pod

Hello, Am Samstag, 21. März 2015 schrieb John Johansen: > Refactor FILEGLOB so that it means both quoted and unquoted file > globs. > > Also > FILEGLOB was uncorrectly referenced in a few places where it should > have allowed for quoting. > > There were also a few places that provided a paramete

Re: [apparmor] [PATCH 2/7] Update exec transition documentation.

Hello, Am Samstag, 21. März 2015 schrieb John Johansen: > Add miss ix and ux fallback permission modes, named profile > transitions. Also fix the file access modes and rule pattern to > properly reflect what is allowed. > > Signed-off-by: John Johansen > --- > parser/apparmor.d.pod | 98 > +

Re: [apparmor] [PATCH 1/7] Add basic documentation of change_profile rules to apparmor.d man page

Hello, Am Samstag, 21. März 2015 schrieb John Johansen: > Signed-off-by: John Johansen > --- > parser/apparmor.d.pod | 42 +- > 1 file changed, 41 insertions(+), 1 deletion(-) > > diff --git a/parser/apparmor.d.pod b/parser/apparmor.d.pod > index f54d450..

[apparmor] [PATCH 6/7] update apparmor.d man page to file rule pattern

Update the file rule pattern to show it is possible to specify a bare file rule. Eg. file, Signed-off-by: John Johansen Acked-by: Christian Boltz --- parser/apparmor.d.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/parser/apparmor.d.pod b/parser/apparmor.d.pod index

[apparmor] [PATCH 4/7] Add basic info about link rules to apparmor.d man page

Signed-off-by: John Johansen Acked-by: Christian Boltz --- parser/apparmor.d.pod | 50 +- 1 file changed, 45 insertions(+), 5 deletions(-) diff --git a/parser/apparmor.d.pod b/parser/apparmor.d.pod index 661d924..10808c9 100644 --- a/parser/apparm

[apparmor] [PATCH 7/7] Add basic documentation of apparmor rlimit controls

buglink: https://launchpad.net/bugs/1429202 Signed-off-by: John Johansen --- parser/apparmor.d.pod | 35 ++- 1 file changed, 34 insertions(+), 1 deletion(-) diff --git a/parser/apparmor.d.pod b/parser/apparmor.d.pod index a6fdb9a..7c65e5d 100644 --- a/parser/appa

[apparmor] [PATCH 5/7] Fix use of FILEGLOB in apparmor.d.pod

Refactor FILEGLOB so that it means both quoted and unquoted file globs. Also FILEGLOB was uncorrectly referenced in a few places where it should have allowed for quoting. There were also a few places that provided a parameter description with FILEGLOB without defining that that is full equivalent

[apparmor] [Patch 0/7] v2 of unacked man page changes

- applied Christian's suggested changes - expanded some of the explanations - add FILEGLOB consolidation patch - add basic rlimit documentation -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor

[apparmor] [PATCH 3/7] Update apparmor.d man page to document file rules with leading permissions

Signed-off-by: John Johansen Acked-by: Christian Boltz --- parser/apparmor.d.pod | 15 ++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/parser/apparmor.d.pod b/parser/apparmor.d.pod index 5c97896..661d924 100644 --- a/parser/apparmor.d.pod +++ b/parser/apparmor.d.pod

[apparmor] [PATCH 1/7] Add basic documentation of change_profile rules to apparmor.d man page

Signed-off-by: John Johansen --- parser/apparmor.d.pod | 42 +- 1 file changed, 41 insertions(+), 1 deletion(-) diff --git a/parser/apparmor.d.pod b/parser/apparmor.d.pod index f54d450..ebc6490 100644 --- a/parser/apparmor.d.pod +++ b/parser/apparmor.d.pod

[apparmor] [PATCH 2/7] Update exec transition documentation.

Add miss ix and ux fallback permission modes, named profile transitions. Also fix the file access modes and rule pattern to properly reflect what is allowed. Signed-off-by: John Johansen --- parser/apparmor.d.pod | 98 ++- 1 file changed, 89 insert

Re: [apparmor] [PATCH 10/10] Add basic info about link rules to apparmor.d man page

On 03/20/2015 12:06 PM, Christian Boltz wrote: > Hello, > > Am Freitag, 20. März 2015 schrieb John Johansen: >> Signed-off-by: John Johansen >> --- >> parser/apparmor.d.pod | 27 +-- >> 1 file changed, 25 insertions(+), 2 deletions(-) >> >> diff --git a/parser/apparmor.d.

Re: [apparmor] [PATCH 06/10] Add basic documentation of change_profile rules to apparmor.d man page

On 03/20/2015 05:53 AM, Christian Boltz wrote: > Hello, > > Am Freitag, 20. März 2015 schrieb John Johansen: >> Signed-off-by: John Johansen >> --- >> parser/apparmor.d.pod | 22 +- >> 1 file changed, 21 insertions(+), 1 deletion(-) >> >> diff --git a/parser/apparmor.d.pod b/

Re: [apparmor] [PATCH 07/10] Update exec transition documentation.

On 03/20/2015 11:23 AM, Christian Boltz wrote: > Hallo Leute, > > Am Freitag, 20. März 2015 schrieb John Johansen: >> Add miss ix and ux fallback permission modes, named profile >> transitions. Also fix the file access modes and rule pattern to >> properly reflect what is allowed. >> >> Signed-off