[apparmor] [PATCH] Fix broken -n parameter

Commit -r 2934 Add fns to handle profile removal to the kernel interface broke use of the -n parameter unless a namespace was specified with the profile. Signed-off-by: John Johansen --- parser/parser_yacc.y | 4 +++- 1 file changed, 3 insertions(+), 1

Re: [apparmor] [patch] apparmor.d.pod: document 'deny x'

On Sun, Jan 10, 2016 at 06:32:49PM +0100, Christian Boltz wrote: > Hello, > > deny rules don't allow ix, Px, Ux etc. - only 'deny /foo x,' is allowed. > > (Well, mostly - see https://bugs.launchpad.net/apparmor/+bug/1532578 ) > > > I propose this patch for trunk and 2.10 > (it doesn't apply on

[apparmor] [PATCH] parser: Move failing test to TODO

This test causes `make check` to fail but it is known bug so mark it as a TODO test. Signed-off-by: Tyler Hicks --- parser/tst/simple_tests/file/ok_bare_1.sd | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/parser/tst/simple_tests/file/ok_bare_1.sd

[apparmor] [PATCH 0/2] Fix two namespace parsing bugs

AppArmor policy namespaces were not being properly parsed in some situations. These two patches fix the known bugs and improve the test coverage for namespace parsing. Tyler -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at:

[apparmor] [PATCH 1/2] parser: Allow the profile keyword to be used with namespaces

https://launchpad.net/bugs/1544387 Don't split namespaces from profile names using YACC grammar. Instead, treat the entire string as a label in the grammer. The label can then be split into a namespace and a profile name using the new parse_label() function. This fixes a bug that caused the

Re: [apparmor] [PATCH] Fix broken -n parameter

On 02/11/2016 10:34 AM, Tyler Hicks wrote: > This patch should be ignored. A fix for this bug is already in > lp:apprmor as revno 3300. > right, so either 3300 should be backported to 2.10 or this patch can be > Tyler > > On 2016-02-11 06:56:17, John Johansen wrote: >> Commit -r 2934 >> Add

Re: [apparmor] [patch] apparmor.d.pod: add details about append and creating files

On Sun, Jan 10, 2016 at 06:19:56PM +0100, Christian Boltz wrote: > I hope my description is correct. If not, please give me a better text ;-) Funny thing; I didn't see any O_APPEND tests in our test suite. This description didn't sound correct, so I went testing, and I don't think that 'a' is

Re: [apparmor] [patch] Handle quoted peers when parsing ptrace rules

Hello On Wed, Jan 6, 2016 at 10:41 PM, Christian Boltz wrote: > Hallo, > lol > > I noticed in Simon's sshd profile that the ptrace peer can contain a > quoted value - something I missed when writing the PtraceRule class. > > This patch adds handling for quoted values and

Re: [apparmor] [patch] Fix aa-mergeprof crash with files containing multiple profiles

Hello, On Sat, Dec 26, 2015 at 10:06 PM, Christian Boltz wrote: > Hello, > > if a profile file contains multiple profiles, aa-mergeprof crashes on > saving in write_profile() because the second profile in the file is not > listed in 'changed'. > > This patch first checks if

Re: [apparmor] [PATCH] parser: Move failing test to TODO

On 2016-02-11 13:20:58, Steve Beattie wrote: > On Thu, Feb 11, 2016 at 02:54:53PM -0600, Tyler Hicks wrote: > > This test causes `make check` to fail but it is known bug so mark it as > > a TODO test. > > > > Signed-off-by: Tyler Hicks > > --- > >

[apparmor] [PATCH 2/2] parser: Properly parse named transition targets

https://launchpad.net/bugs/1540666 Reuse the new parse_label() function to initialize named_transition structs so that transition targets, when used with change_profile, are properly seperated into a profile namespace and profile name. Signed-off-by: Tyler Hicks ---

Re: [apparmor] [patch] Remove pname to bin_name mapping in autodep()

Hello, On Sun, Jan 3, 2016 at 11:21 PM, Christian Boltz wrote: > Hello, > > if autodep() is called with a pname starting with / (which can happen > for (N)amed exec depending on the user input), this pname is mapped to > bin_name. > > This might look like a good idea,

Re: [apparmor] [PATCH] parser: Move failing test to TODO

On Thu, Feb 11, 2016 at 02:54:53PM -0600, Tyler Hicks wrote: > This test causes `make check` to fail but it is known bug so mark it as > a TODO test. > > Signed-off-by: Tyler Hicks > --- > parser/tst/simple_tests/file/ok_bare_1.sd | 3 ++- > 1 file changed, 2

Re: [apparmor] [patch] Fix aa-mergeprof crash with files containing multiple profiles

Hello, Am Freitag, 12. Februar 2016, 03:26:36 CET schrieb Kshitij Gupta: > On Sat, Dec 26, 2015, Christian Boltz wrote: > > if a profile file contains multiple profiles, aa-mergeprof crashes > > on > > saving in write_profile() because the second profile in the file is > >

Re: [apparmor] [PATCH 0/2] Fix two namespace parsing bugs

On 2016-02-11 15:57:57, Tyler Hicks wrote: > AppArmor policy namespaces were not being properly parsed in some situations. > These two patches fix the known bugs and improve the test coverage for > namespace parsing. Both of these fixes apply cleanly to the 2.10 branch so I nominate them for

Re: [apparmor] [PATCH] Fix broken -n parameter

On 2016-02-11 16:42:28, John Johansen wrote: > On 02/11/2016 10:34 AM, Tyler Hicks wrote: > > This patch should be ignored. A fix for this bug is already in > > lp:apprmor as revno 3300. > > > right, so either 3300 should be backported to 2.10 or this patch can be It has already been backported

Re: [apparmor] [PATCH] Fix broken -n parameter

This patch should be ignored. A fix for this bug is already in lp:apprmor as revno 3300. Tyler On 2016-02-11 06:56:17, John Johansen wrote: > Commit -r 2934 > Add fns to handle profile removal to the kernel interface > > broke use of the -n parameter unless a namespace was specified with the