Remove the Perl aa-exec implementation, move the aa-exec(8) man page to
binutils/, and point the regression test to the C based aa-exec in
binutils/.
Note that the new C aa-exec does not implement the --file option which
was present in the Perl aa-exec. It encouraged running programs as root,
sinc
Switch to the policy in the namespace specified by the --namespace
option.
Signed-off-by: Tyler Hicks
---
binutils/aa_exec.c | 55 +-
1 file changed, 46 insertions(+), 9 deletions(-)
diff --git a/binutils/aa_exec.c b/binutils/aa_exec.c
index 9
The new C based aa-exec does not implement the --file option.
Signed-off-by: Tyler Hicks
Acked-by: John Johansen
---
binutils/aa-exec.pod | 4
1 file changed, 4 deletions(-)
diff --git a/binutils/aa-exec.pod b/binutils/aa-exec.pod
index 58dedb2..14f0429 100644
--- a/binutils/aa-exec.pod
+
Add regression tests for the --profile, --namespace, and --immediate
options of aa-exec.
A new variable is added to uservars.inc to point to the in-tree or
system aa-exec depending on the presence of the USE_SYSTEM=1 make
variable at build time.
Signed-off-by: Tyler Hicks
---
tests/regression/a
This patch set creates regression tests for aa-exec and rewrites aa-exec
in C rather than Perl. The main reason behind the rewrite is that aa-exec
is becoming a widely used utility that has its place on even the most
minimal of Linux images and Perl is falling out of favor in some of those
environm
Create a simple aa-exec implementation, written in C, matching the
--help, --debug, --verbose, and --profile options present in the current
Perl implementation.
The new aa-exec sources reside in the binutils/ directory.
Signed-off-by: Tyler Hicks
---
binutils/Makefile | 9 ++-
binutils/aa_ex
Call aa_change_profile(), instead of aa_change_onexec(), when
--immediate is passed in.
Signed-off-by: Tyler Hicks
---
binutils/aa_exec.c | 18 --
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/binutils/aa_exec.c b/binutils/aa_exec.c
index a6a6008..9bcd62f 100644
On 2015-12-16 20:30:23, Tyler Hicks wrote:
> aa-enabled should live in /bin, rather than /sbin, since it requires no
> root privileges.
I'm on the fence about whether aa-enabled, and eventually aa-exec,
should live in /bin or /usr/bin.
libapparmor is in /lib (at least that's true in Ubuntu) so I
aa-enabled should live in /bin, rather than /sbin, since it requires no
root privileges.
Signed-off-by: Tyler Hicks
---
binutils/Makefile | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/binutils/Makefile b/binutils/Makefile
index fc6a8f3..3b99c3e 100644
--- a/binutils/Ma
Clean up the Makefile by removing distro-related install targets. These
should not be needed.
Signed-off-by: Tyler Hicks
---
binutils/Makefile | 46 +-
1 file changed, 1 insertion(+), 45 deletions(-)
diff --git a/binutils/Makefile b/binutils/Makefile
On 2015-12-16 15:21:46, John Johansen wrote:
> On 12/16/2015 03:17 PM, Tyler Hicks wrote:
> > On 2015-12-16 23:46:23, Christian Boltz wrote:
> >> Hello,
> >>
> >> Am Mittwoch, 16. Dezember 2015 schrieb Tyler Hicks:
> >>> diff --git a/README b/README
> >>> index 4ebd25d..4797b78 100644
> >>> --- a/R
Hello,
after the patch reviews done in the last days (thanks!), the following
patches are still pending. Most of them are Acked-by , but I'd
prefer a real review ;-)
Just as a hint - some of the patches are very easy to review, so pick
one or two quickly before someone else does ;-)
==> 21-c
On 12/16/2015 03:17 PM, Tyler Hicks wrote:
> On 2015-12-16 23:46:23, Christian Boltz wrote:
>> Hello,
>>
>> Am Mittwoch, 16. Dezember 2015 schrieb Tyler Hicks:
>>> diff --git a/README b/README
>>> index 4ebd25d..4797b78 100644
>>> --- a/README
>>> +++ b/README
>>
>>> @@ -104,7 +112,7 @@ $ make chec
On 2015-12-16 23:46:23, Christian Boltz wrote:
> Hello,
>
> Am Mittwoch, 16. Dezember 2015 schrieb Tyler Hicks:
> > diff --git a/README b/README
> > index 4ebd25d..4797b78 100644
> > --- a/README
> > +++ b/README
>
> > @@ -104,7 +112,7 @@ $ make check# depends on the parser having been
> > bu
Hello,
Am Mittwoch, 16. Dezember 2015 schrieb Tyler Hicks:
> diff --git a/README b/README
> index 4ebd25d..4797b78 100644
> --- a/README
> +++ b/README
> @@ -104,7 +112,7 @@ $ make check # depends on the parser having been
> built first $ make install
>
>
> -[Note that for the parser and t
`sudo aa-status --enabled` was exiting with error code '2' when AppArmor
was enabled but no profiles were loaded. However, the intent of the
command is to check if AppArmor is enabled and whether or not a profile
is loaded should not affect the exit code. This patch adjusts the logic
so that the la
From: John Johansen
The new aa-enabled program can be used as a barebones replacement for
`aa-status --enabled`. It is written in C, rather than Python, which
keeps its dependencies to a minimum.
By default, aa-enabled prints a human-readable status of AppArmor's
availability to stdout. It suppo
On 2015-12-16 08:34:20, John Johansen wrote:
> On 12/16/2015 08:13 AM, Tyler Hicks wrote:
> > On 2015-12-16 14:07:53, Christian Boltz wrote:
> >> Hello,
> >>
> >> Am Dienstag, 15. Dezember 2015 schrieb Seth Arnold:
> >>> On Tue, Dec 15, 2015 at 06:41:48PM -0600, Tyler Hicks wrote:
> > + i
On 12/16/2015 08:13 AM, Tyler Hicks wrote:
> On 2015-12-16 14:07:53, Christian Boltz wrote:
>> Hello,
>>
>> Am Dienstag, 15. Dezember 2015 schrieb Seth Arnold:
>>> On Tue, Dec 15, 2015 at 06:41:48PM -0600, Tyler Hicks wrote:
> + if (!quiet) {
> + switch(err) {
> + case E
On 2015-12-16 14:07:53, Christian Boltz wrote:
> Hello,
>
> Am Dienstag, 15. Dezember 2015 schrieb Seth Arnold:
> > On Tue, Dec 15, 2015 at 06:41:48PM -0600, Tyler Hicks wrote:
> > > > + if (!quiet) {
> > > > + switch(err) {
> > > > + case ENOSYS:
> > > > +
Hello,
Am Dienstag, 15. Dezember 2015 schrieb Seth Arnold:
> On Tue, Dec 15, 2015 at 06:41:48PM -0600, Tyler Hicks wrote:
> > > + if (!quiet) {
> > > + switch(err) {
> > > + case ENOSYS:
> > > + printf(_("No - not available on this system.\n"));
> > > +
Hello,
Am Dienstag, 15. Dezember 2015 schrieb Tyler Hicks:
> Don't catch AppArmorExceptions in aa-easyprof any longer and rely on
> apparmor.fail to print the exception to stderr.
>
> Signed-off-by: Tyler Hicks
This change will also make importing AppArmorException superfluous
(which means make
22 matches
Mail list logo