Are unbound developers aware of the new requirements for their pid handling?
It's usually possible to handle pid files without requiring chown and
dac_override privileges.
THanks
--
https://code.launchpad.net/~sdeziel/apparmor-profiles/unbound-refresh/+merge/282230
Your team AppArmor
John has asked me to start the discussion of what the libapparmor and kernel
interfaces will look like for the profile stacking feature that he is working
on. I figured the best way to do so would be to create an initial man page for
what I think that the libapparmor functions ought to look and
Modeled after the aa_change_profile(2) man page, this profile defines
the libapparmor and kernel interfaces for the in-progress profile
stacking feature.
Signed-off-by: Tyler Hicks
---
libraries/libapparmor/doc/Makefile.am | 2 +-
FYI, I proposed a patch to turn the error into a debug message:
https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=734
--
https://code.launchpad.net/~sdeziel/apparmor-profiles/unbound-refresh/+merge/282230
Your team AppArmor Developers is requested to review the proposed merge of
Thanks for getting this started; some comments inline:
On Mon, Jan 11, 2016 at 06:17:47PM -0600, Tyler Hicks wrote:
> +=pod
> +
> +=head1 NAME
> +
> +aa_stack_profile, aa_stack_onexec - combine multiple profiles to confine a
> task
> +
> +=head1 SYNOPSIS
> +
> +B<#include Esys/apparmor.hE>
> +
>
On 01/11/2016 05:02 PM, Seth Arnold wrote:
> Thanks for getting this started; some comments inline:
>
> On Mon, Jan 11, 2016 at 06:17:47PM -0600, Tyler Hicks wrote:
>> +=pod
>> +
>> +=head1 NAME
>> +
>> +aa_stack_profile, aa_stack_onexec - combine multiple profiles to confine a
>> task
>> +
>>
On 01/10/2016 07:22 AM, Christian Boltz wrote:
> Hello,
>
> those tools look quite interesting :-)
>
> Some comments and questions inline - I hope you don't need to answer
> everything with "learn C" ;-)
>
> Am Freitag, 8. Januar 2016 schrieb John Johansen:
>> diff --git
On 01/10/2016 11:32 AM, Christian Boltz wrote:
> Hello,
>
> the next IRC meeting is scheduled for next wednesday (Jan 13) at 20:00 UTC.
>
> I have an offline meeting that day and might be late (not sure how long
> it takes), therefore options are
> a) just ignore this and hope that I'm not too
On 01/10/2016 11:06 AM, Christian Boltz wrote:
> Hello,
>
> http://www.apparmor.net/ -> "Forbidden"
>
the alias here doesn't seem to be working, I will have to look into it
more
> http://apparmor.net/ -> "Service Unavailable - Guru Meditation: XID:
> 1530364709"
>
this has been updated to
On 01/08/2016 08:22 PM, Seth Arnold wrote:
> On Fri, Jan 08, 2016 at 03:48:06PM -0800, John Johansen wrote:
>> Signed-off-by: John Johansen
>
> This is pretty cool! A few comments inline...
>
>> +++ b/devtools/README
>
>> +./test_re -t -c 1000 -E expr.txt
The monthly IRC meeting will be delayed to Tuesday January 19, 2016 @20:00 UTC
in #apparmor on oftc.net
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
On Sat, Jan 09, 2016 at 02:54:09PM +0100, Christian Boltz wrote:
> Am Freitag, 8. Januar 2016 schrieb Steve Beattie:
> > I agree, though I think it *could* be done in apparmor.fail by
> > having the AppArmorBug class take an extra initializer option that
> > displays tracebacks or not, which
On Mon, Jan 11, 2016 at 05:41:43PM -0800, John Johansen wrote:
> >> +Stacking another profile via aa_stack_profile() is permanent and the
> >> process is not
> >> +permitted to revert to the previous confinement context. Unlike
> >> +aa_change_profile(2), confined programs wanting to use
On Mon, Dec 21, 2015 at 12:11:11AM +0100, Christian Boltz wrote:
> Hello,
>
> Am Sonntag, 20. Dezember 2015 schrieb Christian Boltz:
> > we need to check a rule part if it is *Rule.ALL or a string at various
> > places. Therefore split off the checks in PtraceRule's and
> > SignalRule's
Simon Déziel has proposed merging lp:~sdeziel/apparmor-profiles/unbound-refresh
into lp:apparmor-profiles.
Requested reviews:
AppArmor Developers (apparmor-dev)
For more details, see:
https://code.launchpad.net/~sdeziel/apparmor-profiles/unbound-refresh/+merge/282230
--
Your team AppArmor
Hello,
Am Montag, 11. Januar 2016 schrieb John Johansen:
> On 01/10/2016 07:22 AM, Christian Boltz wrote:
> > Am Freitag, 8. Januar 2016 schrieb John Johansen:
> >> diff --git a/devtools/Makefile b/devtools/Makefile
> >> new file mode 100644
> >> index 000..b0cd26e
> >> --- /dev/null
> >> +++
** Branch linked: lp:~cmiller/apparmor-profiles/chromiumbrowser-fcitx-
abstraction
** Branch linked: lp:~cmiller/apparmor/chromiumbrowser-fcitx-abstraction
--
You received this bug notification because you are a member of AppArmor
Developers, which is subscribed to AppArmor Profiles.
17 matches
Mail list logo