On 05/13/2015 10:49 PM, Tyler Hicks wrote:
> On 2015-05-12 20:31:32, Seth Arnold wrote:
>> On Mon, Apr 13, 2015 at 04:56:32PM -0500, Tyler Hicks wrote:
>>> Test confinement context splitting, using aa_splitcon(3), with and
>>> without a valid mode pointer.
>>>
>>> Signed-off-by: Tyler Hicks
>>
>>
On 2015-05-12 18:11:05, Seth Arnold wrote:
> On Mon, Apr 13, 2015 at 04:56:28PM -0500, Tyler Hicks wrote:
> > When passing the size of the confinement context to
> > parse_confinement_mode(), don't include the NUL terminator byte in the
> > size.
> >
> > It is confusing to count the NUL terminator
On 2015-05-12 19:01:06, Seth Arnold wrote:
> On Mon, Apr 13, 2015 at 04:56:31PM -0500, Tyler Hicks wrote:
> > Create a new libapparmor public function that allows external code to
> > split an AppArmor confinement context.
> >
> > This is immediately useful for code that retrieves a D-Bus peer's
>
On 2015-05-12 20:31:32, Seth Arnold wrote:
> On Mon, Apr 13, 2015 at 04:56:32PM -0500, Tyler Hicks wrote:
> > Test confinement context splitting, using aa_splitcon(3), with and
> > without a valid mode pointer.
> >
> > Signed-off-by: Tyler Hicks
>
> Acked-by: Seth Arnold
> I've got a question
Hello,
this patch fixes the 2.9 aa-mergeprof capability handling.
Thanks to a broken optimization (which missed a "not" in the if
condition), aa-mergeprof never asked to merge capability rules.
Also fix a syntax / parameter error uncovered after fixing the
condition.
This patch is only meant fo
Hello,
aa-mergeprof still used the old aa[profile][hat][allow]['capability']
which no longer gets populated - which resulted in not asking for
merging any capabilities.
Actually (and funnily),
-if other.aa[profile][hat].get(allow, False):
-continue
resulted in
Hello,
as discussed in the meeting yesterday, this patch lets
set_profile_flags() change the flags for all hats.
It did this in the old 2.8 code, but didn't in 2.9.x (first there was a
broken hat regex, then I commented out the hat handling to avoid
breakage cause by the broken regex).
This pat
