On Sun, May 24, 2015 at 01:43:42PM +0200, Christian Boltz wrote:
> aa-mergeprof has some sections where it first resets the 'deleted'
> variable, and then overwrites it again a line or two later.
> This patch removes the superfluous variable resets.
>
> [ 12-mergeprof-cleanup-superfluous-deleted.d
On Sun, May 17, 2015 at 11:28:52PM +0200, Christian Boltz wrote:
> this patch adds a check to parse_profile_data() to detect if a file
> contains two profiles with the same name.
>
> Note: Two profiles with the same name, but in different files, won't be
> detected by this check.
>
> Also add ba
On Sun, May 17, 2015 at 10:33:47PM +0200, Christian Boltz wrote:
> this patch adds writeTmpfile() to AATest to write a file into the tmpdir.
> If no tmpdir exists yet, automatically create one.
>
> createTmpdir() is a separate function so that it's possible to manually
> create the tmpdir (for exa
On Sun, May 17, 2015 at 09:05:50PM +0200, Christian Boltz wrote:
> aa-mergeprof no longer calls match_net_includes(), which means the
> function can be dropped.
>
> After that, match_net_include() is also unused, so also drop it.
>
> (Needless to mention that this depends on 08-mergeprof-network-
On Mon, May 25, 2015 at 12:53:50AM +0200, Christian Boltz wrote:
> Hello,
>
> Am Sonntag, 17. Mai 2015 schrieb Christian Boltz:
> > [ 08-mergeprof-network-rule.diff ]
>
> While thinking about patch 26, I noticed that aa-mergeprof isn't a good
> home for available_buttons(). Here's the updated pat
On Sun, May 17, 2015 at 07:25:21PM +0200, Christian Boltz wrote:
> Hello,
>
> Am Donnerstag, 14. Mai 2015 schrieb Christian Boltz:
> > [ 06-mergeprof-capability-rule.diff ]
>
> Here's an updated patch with two small changes:
> - update comment about the other.aa[profile][hat].get('capability')
>
On 2015-04-02 10:17:37, Tyler Hicks wrote:
> This is a reroll of two patch sets[1][2] that I previously sent out and have
> received feedback on. This set additionally includes man pages for the new
> libapparmor APIs.
Hello - I thought I'd reply to this thread and mention the patches in
this set
On Thu, May 28, 2015 at 09:51:31PM +0200, Christian Boltz wrote:
> Am Mittwoch, 27. Mai 2015 schrieb Steve Beattie:
> > This is problematic in the situation where paths begin with an @{}
> > variable (e.g. 'change_profile @{MY_PROGRAM} -> my_program_profile,').
>
> We can prepare for variables nev
On Wed, May 13, 2015 at 11:24:29PM +0200, Christian Boltz wrote:
> Hello,
>
> as discussed in the meeting yesterday, this patch lets
> set_profile_flags() change the flags for all hats.
>
> It did this in the old 2.8 code, but didn't in 2.9.x (first there was a
> broken hat regex, then I comment
Hello,
Am Mittwoch, 27. Mai 2015 schrieb Steve Beattie:
> On Sat, May 09, 2015 at 10:35:54PM +0200, Christian Boltz wrote:
> > this patch adds utils/apparmor/rule/change_profile.py with the
> > ChangeProfileRule and ChangeProfileRuleset classes. These classes
> > are meant to handle change_profile
On 05/27/2015 02:55 PM, Tyler Hicks wrote:
> Signed-off-by: Tyler Hicks
Acked-by: John Johansen ---
> tests/regression/apparmor/query_label.c | 93
> +
> 1 file changed, 93 insertions(+)
>
> diff --git a/tests/regression/apparmor/query_label.c
> b/tests/regress
On 05/27/2015 02:55 PM, Tyler Hicks wrote:
> A number of simple query tests based on read and write perms of files
> and directories.
>
> Signed-off-by: Tyler Hicks
Acked-by: John Johansen ---
> tests/regression/apparmor/query_label.sh | 32
>
> 1 file changed
On 05/27/2015 02:55 PM, Tyler Hicks wrote:
> The test program was querying its own profile. Adjust the profile
> generation so that a separate profile is generated and have query_label
> query the separate profile.
>
> Signed-off-by: Tyler Hicks
Acked-by: John Johansen ---
> tests/regression/ap
On Sat, May 09, 2015 at 10:41:56PM +0200, Christian Boltz wrote:
> Hello,
>
> this patch drops the old RE_PROFILE_CHANGE_PROFILE regex from regex.py
> and renames RE_PROFILE_CHANGE_PROFILE_2 to RE_PROFILE_CHANGE_PROFILE.
> It also updates apparmor/rule/change_profile.py to use the changed name.
>
On Sat, May 09, 2015 at 10:39:08PM +0200, Christian Boltz wrote:
> Hello,
>
> this patch changes aa.py to use ChangeProfileRule and
> ChangeProfileRuleset instead of a sub-hasher to store and write
> change_profile rules. In detail:
> - drop all the change_profile rule parsing from parse_profile
On Sat, May 09, 2015 at 10:37:29PM +0200, Christian Boltz wrote:
> this patch adds tests for ChangeProfileRule and ChangeProfileRuleset.
>
> As usual, those classes have 100% test coverage.
>
>
> [ 02-add-tests-for-ChangeProfileRule.diff ]
Acked-by: Steve Beattie . Thanks, really appreciate
ens
On 05/27/2015 10:22 AM, William Hua wrote:
> Hi,
>
> Currently, there's no way in Apparmor to sandbox applications from
> accessing any setting in a user's dconf database other than preventing
> access altogether. We want to add a new rule to the policy format to
> permit this. Here's the proposed
17 matches
Mail list logo