Re: [apparmor] [Merge] lp:~sdeziel/apparmor-profiles/unbound-refresh into lp:apparmor-profiles

Are unbound developers aware of the new requirements for their pid handling? It's usually possible to handle pid files without requiring chown and dac_override privileges. THanks -- https://code.launchpad.net/~sdeziel/apparmor-profiles/unbound-refresh/+merge/282230 Your team AppArmor

[apparmor] [RFC PATCH 0/1] Kick off discussion around stacking interfaces

John has asked me to start the discussion of what the libapparmor and kernel interfaces will look like for the profile stacking feature that he is working on. I figured the best way to do so would be to create an initial man page for what I think that the libapparmor functions ought to look and

[apparmor] [RFC PATCH 1/1] libapparmor: Create man page for aa_stack_profile()/aa_stack_onexec()

Modeled after the aa_change_profile(2) man page, this profile defines the libapparmor and kernel interfaces for the in-progress profile stacking feature. Signed-off-by: Tyler Hicks --- libraries/libapparmor/doc/Makefile.am | 2 +-

Re: [apparmor] [Merge] lp:~sdeziel/apparmor-profiles/unbound-refresh into lp:apparmor-profiles

FYI, I proposed a patch to turn the error into a debug message: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=734 -- https://code.launchpad.net/~sdeziel/apparmor-profiles/unbound-refresh/+merge/282230 Your team AppArmor Developers is requested to review the proposed merge of

Re: [apparmor] [RFC PATCH 1/1] libapparmor: Create man page for aa_stack_profile()/aa_stack_onexec()

Thanks for getting this started; some comments inline: On Mon, Jan 11, 2016 at 06:17:47PM -0600, Tyler Hicks wrote: > +=pod > + > +=head1 NAME > + > +aa_stack_profile, aa_stack_onexec - combine multiple profiles to confine a > task > + > +=head1 SYNOPSIS > + > +B<#include Esys/apparmor.hE> > + >

Re: [apparmor] [RFC PATCH 1/1] libapparmor: Create man page for aa_stack_profile()/aa_stack_onexec()

On 01/11/2016 05:02 PM, Seth Arnold wrote: > Thanks for getting this started; some comments inline: > > On Mon, Jan 11, 2016 at 06:17:47PM -0600, Tyler Hicks wrote: >> +=pod >> + >> +=head1 NAME >> + >> +aa_stack_profile, aa_stack_onexec - combine multiple profiles to confine a >> task >> + >>

Re: [apparmor] [PATCH] Add compressed dfa matching routines to library, and a base test program

On 01/10/2016 07:22 AM, Christian Boltz wrote: > Hello, > > those tools look quite interesting :-) > > Some comments and questions inline - I hope you don't need to answer > everything with "learn C" ;-) > > Am Freitag, 8. Januar 2016 schrieb John Johansen: >> diff --git

Re: [apparmor] IRC meeting

On 01/10/2016 11:32 AM, Christian Boltz wrote: > Hello, > > the next IRC meeting is scheduled for next wednesday (Jan 13) at 20:00 UTC. > > I have an offline meeting that day and might be late (not sure how long > it takes), therefore options are > a) just ignore this and hope that I'm not too

Re: [apparmor] www.apparmor.net broken

On 01/10/2016 11:06 AM, Christian Boltz wrote: > Hello, > > http://www.apparmor.net/ -> "Forbidden" > the alias here doesn't seem to be working, I will have to look into it more > http://apparmor.net/ -> "Service Unavailable - Guru Meditation: XID: > 1530364709" > this has been updated to

Re: [apparmor] [PATCH] Add compressed dfa matching routines to library, and a base test program

On 01/08/2016 08:22 PM, Seth Arnold wrote: > On Fri, Jan 08, 2016 at 03:48:06PM -0800, John Johansen wrote: >> Signed-off-by: John Johansen > > This is pretty cool! A few comments inline... > >> +++ b/devtools/README > >> +./test_re -t -c 1000 -E expr.txt

[apparmor] apparmor monthly IRC meeting for January 2016

The monthly IRC meeting will be delayed to Tuesday January 19, 2016 @20:00 UTC in #apparmor on oftc.net -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor

Re: [apparmor] [patch] Raise AppArmorBug on unknown request_mask in logparser.py

On Sat, Jan 09, 2016 at 02:54:09PM +0100, Christian Boltz wrote: > Am Freitag, 8. Januar 2016 schrieb Steve Beattie: > > I agree, though I think it *could* be done in apparmor.fail by > > having the AppArmorBug class take an extra initializer option that > > displays tracebacks or not, which

Re: [apparmor] [RFC PATCH 1/1] libapparmor: Create man page for aa_stack_profile()/aa_stack_onexec()

On Mon, Jan 11, 2016 at 05:41:43PM -0800, John Johansen wrote: > >> +Stacking another profile via aa_stack_profile() is permanent and the > >> process is not > >> +permitted to revert to the previous confinement context. Unlike > >> +aa_change_profile(2), confined programs wanting to use

Re: [apparmor] [patch] split off _aare_or_all()

On Mon, Dec 21, 2015 at 12:11:11AM +0100, Christian Boltz wrote: > Hello, > > Am Sonntag, 20. Dezember 2015 schrieb Christian Boltz: > > we need to check a rule part if it is *Rule.ALL or a string at various > > places. Therefore split off the checks in PtraceRule's and > > SignalRule's

[apparmor] [Merge] lp:~sdeziel/apparmor-profiles/unbound-refresh into lp:apparmor-profiles

Simon Déziel has proposed merging lp:~sdeziel/apparmor-profiles/unbound-refresh into lp:apparmor-profiles. Requested reviews: AppArmor Developers (apparmor-dev) For more details, see: https://code.launchpad.net/~sdeziel/apparmor-profiles/unbound-refresh/+merge/282230 -- Your team AppArmor

Re: [apparmor] [PATCH] Add compressed dfa matching routines to library, and a base test program

Hello, Am Montag, 11. Januar 2016 schrieb John Johansen: > On 01/10/2016 07:22 AM, Christian Boltz wrote: > > Am Freitag, 8. Januar 2016 schrieb John Johansen: > >> diff --git a/devtools/Makefile b/devtools/Makefile > >> new file mode 100644 > >> index 000..b0cd26e > >> --- /dev/null > >> +++

[apparmor] [Bug 1532902] Re: chromium-browser profile complains about fcitx input method

** Branch linked: lp:~cmiller/apparmor-profiles/chromiumbrowser-fcitx- abstraction ** Branch linked: lp:~cmiller/apparmor/chromiumbrowser-fcitx-abstraction -- You received this bug notification because you are a member of AppArmor Developers, which is subscribed to AppArmor Profiles.