Re: [apparmor] [patch] Change log_dict to use profile_storage() and simplify log translation

Hello, Am Montag, 22. Februar 2016, 02:07:42 CET schrieb Kshitij Gupta: > On Fri, Dec 25, 2015 at 8:57 PM, Christian Boltz wrote: > > [ 45-change-log_dict-to-profile_storage.diff ] > > > > === modified file ./utils/apparmor/aa.py > > --- utils/apparmor/aa.py2015-12-25 15:10:26.931746576

Re: [apparmor] [patch] [2/9] Add strip_parenthesis() to regex.py

+mailing list On Mon, Feb 22, 2016 at 1:07 AM, Kshitij Gupta wrote: > Hello, > > On Sun, Dec 27, 2015 at 8:34 PM, Christian Boltz > wrote: > >> Hello, >> >> some dbus rule conditionals come with optional parenthesis. Instead of >> making the regex even

Re: [apparmor] [patch] aa.py get_output(): raise exception on non-executable or non-existing programs

Hello, On Mon, Feb 22, 2016 at 1:28 AM, Christian Boltz wrote: > Hello, > > if the program specified as get_output param isn't executable or doesn't > exist at all, get_output() returns with ret = -1. > > Raising an exception looks like a better option, especially because >

Re: [apparmor] [patch] [1/9] add a named match group to RE_PROFILE_DBUS

Hello On Sun, Dec 27, 2015 at 8:33 PM, Christian Boltz wrote: > Hello, > > as a preparation for the DbusRule class, add a match group > to RE_PROFILE_DBUS. > > Also adjust test-regex_matches.py for the added group. > > Note: RE_PROFILE_DBUS is only used in aa.py, and only

Re: [apparmor] [patch] Add tests for aa.py get_output() and get_reqs()

Hello, On Tue, Feb 2, 2016 at 2:00 AM, Christian Boltz wrote: > Hello, > > Am Montag, 1. Februar 2016, 11:50:49 CET schrieb Seth Arnold: > > On Mon, Feb 01, 2016 at 07:35:07PM +0100, Christian Boltz wrote: > > > --- utils/test/test-aa.py 2016-01-26 22:22:14.660008000

Re: [apparmor] [patch] Add more ruletypes to the cleanprof test profiles

Hello, On Sat, Dec 26, 2015 at 10:13 PM, Christian Boltz wrote: > Hello, > > to ensure aa-cleanprof works as expected (and writing the rules works > as expected), add some rules for every rule class to the cleanprof.in > and cleanprof.out test profiles. > > > [

Re: [apparmor] [patch] Make sure 'x' log events always come with type 'exec'

Hello, On Mon, Feb 22, 2016 at 12:37 AM, Christian Boltz wrote: > Hello, > > Am Sonntag, 21. Februar 2016, 23:53:40 CET schrieb Kshitij Gupta: > > On Sun, Feb 21, 2016 at 9:48 PM, Christian Boltz wrote: > > > according to a discussion with John on IRC, denied_mask="x" can

Re: [apparmor] [patch] Make sure 'x' log events always come with type 'exec'

Hello, Am Sonntag, 21. Februar 2016, 23:53:40 CET schrieb Kshitij Gupta: > On Sun, Feb 21, 2016 at 9:48 PM, Christian Boltz wrote: > > according to a discussion with John on IRC, denied_mask="x" can only > > happen for 'exec' log events. This patch raises an exception if John > > is wrong ;-) > >

Re: [apparmor] [patch] handle_binfmt: resolve symlinks in library paths

Hello, Am Montag, 22. Februar 2016, 00:02:09 CET schrieb Kshitij Gupta: > On Sun, Feb 21, 2016, Christian Boltz wrote: > > $subject. > > > > This should happen rarely, but nevertheless it can happen - and > > since > > AppArmor needs the symlink target in the profile, we

Re: [apparmor] [patch] handle_binfmt: resolve symlinks in library paths

Hello, On Sun, Feb 21, 2016 at 10:03 PM, Christian Boltz wrote: > Hello, > > $subject. > > This should happen rarely, but nevertheless it can happen - and since > AppArmor needs the symlink target in the profile, we have to resolve any > symlink. > > > [

Re: [apparmor] [patch] Make sure 'x' log events always come with type 'exec'

On Sun, Feb 21, 2016 at 9:48 PM, Christian Boltz wrote: > Hello, > > according to a discussion with John on IRC, denied_mask="x" can only > happen for 'exec' log events. This patch raises an exception if John > is wrong ;-) > > > [ 75-x-but-not-exec-exception.diff ] > > ===

Re: [apparmor] [patch] Drop unused function split_name() in aa.py

On Sun, Feb 21, 2016 at 8:16 PM, Christian Boltz wrote: > Hello, > > $subject. > > > [ 74-drop-unused-split_name.diff ] > > === modified file 'utils/apparmor/aa.py' > --- utils/apparmor/aa.py2016-02-20 12:32:36 + > +++ utils/apparmor/aa.py2016-02-21

[apparmor] [patch] handle_binfmt: resolve symlinks in library paths

Hello, $subject. This should happen rarely, but nevertheless it can happen - and since AppArmor needs the symlink target in the profile, we have to resolve any symlink. [ 76-handle_binfmt-resolve-symlinks.diff ] === modified file ./utils/apparmor/aa.py --- utils/apparmor/aa.py

[apparmor] [patch] Make sure 'x' log events always come with type 'exec'

Hello, according to a discussion with John on IRC, denied_mask="x" can only happen for 'exec' log events. This patch raises an exception if John is wrong ;-) [ 75-x-but-not-exec-exception.diff ] === modified file ./utils/apparmor/aa.py --- utils/apparmor/aa.py2016-02-21

[apparmor] [patch] Drop unused function split_name() in aa.py

Hello, $subject. [ 74-drop-unused-split_name.diff ] === modified file 'utils/apparmor/aa.py' --- utils/apparmor/aa.py2016-02-20 12:32:36 + +++ utils/apparmor/aa.py2016-02-21 14:43:21 + @@ -4317,12 +4317,6 @@ else: return '%s^%s' % (name1, name2) -def

[apparmor] [patch] Don't store exec modes in transtions[]

Hello, exec choices are stored in transitions[], but that's never used (and I don't see a need for it), therefore stop storing it. [ 73-exec-transitions.diff ] === modified file 'utils/apparmor/aa.py' --- utils/apparmor/aa.py2016-02-20 12:32:36 + +++ utils/apparmor/aa.py