_onexec() so returning void is fine.
Reviewed-by: "Tyler Hicks (Microsoft)"
Tyler
> ---
> security/apparmor/domain.c | 2 +-
> security/apparmor/include/task.h | 2 +-
> security/apparmor/task.c | 5 +
> 3 files changed, 3 insertions(+), 6 deletions(-
On 2019-10-29 22:28:42, Justin Dick wrote:
> Hello all -
>
> I'm trying to enable snapd on an embedded device, and looking into getting
> apparmor support sorted out. I'm working with kernel 3.10 and AFAIK have
> everything set up properly in the config. After boot,
>
Hello, Jann Horn reported that private security bug mail for the
apparmor-profiles project on Launchpad was incorrectly made public on
the AppArmor mailing list:
https://lists.ubuntu.com/archives/apparmor/2018-November/011847.html
To fix this problem, I've unsubscribed the AppArmor mailing
On 2018-11-06 20:48:40, Jann Horn wrote:
> Hi!
>
> I'm subscribed to apparmor@lists.ubuntu.com, and I noticed that I got
> bug mail for https://bugs.launchpad.net/bugs/1800789 via this list
> when the bug was still marked as a security bug.
The problem looks to be in the bug subscription
On 05/30/2018 01:57 PM, John Johansen wrote:
> A new logo has been proposed by Noah Davis for the apparmor project to use.
> All versions of the logo under considerations are included below.
>
>
> This is an open vote, anyone in the community can participate.
>
>
> 1. Vote for the logos basic
On 05/30/2018 01:50 PM, John Johansen wrote:
>
> A new logo has been proposed by Noah Davis for the apparmor project to use.
> All versions of the logo under considerations are included below.
>
>
> This is an open vote, anyone in the community can participate.
>
>
> 1. Vote for the logos
Currently on the error exit path the allocated rule is not free'd
causing a memory leak. Fix this by calling aa_audit_rule_free().
Detected by CoverityScan, CID#1468966 ("Resource leaks")
Fixes: cb740f574c7b ("apparmor: modify audit rule support to support profile
stacks")
On 03/23/2018 05:48 PM, Tyler Hicks wrote:
> On 03/23/2018 12:10 PM, John Johansen wrote:
>> On 02/06/2018 09:29 AM, Christian Boltz wrote:
>>> Hello,
>>>
>>> Am Montag, 5. Februar 2018, 22:13:19 CET schrieb Marco d'Itri:
>>>> On Feb
On 03/23/2018 12:10 PM, John Johansen wrote:
> On 02/06/2018 09:29 AM, Christian Boltz wrote:
>> Hello,
>>
>> Am Montag, 5. Februar 2018, 22:13:19 CET schrieb Marco d'Itri:
>>> On Feb 05, Jamie Strandboge wrote:
It continues to be a tricky problem. I think mostly we
A fix for this bug was released in AppArmor 2.12. The upstream commit is
e55583ff27308e3338b5c046de42536bbdd48120
** Changed in: apparmor-profiles
Status: New => Fix Released
--
You received this bug notification because you are a member of AppArmor
Developers, which is subscribed to
On 12/06/2017 12:47 PM, Casey Schaufler wrote:
> On 12/6/2017 9:51 AM, Tyler Hicks wrote:
>> Hello - The AppArmor project would like for AppArmor audit records to be
>> supported by the audit-userspace tools, such as ausearch, but it
>> requires some coordination between the
Hello - The AppArmor project would like for AppArmor audit records to be
supported by the audit-userspace tools, such as ausearch, but it
requires some coordination between the linux-security-module and
linux-audit lists. This was raised as a feature request years ago in
Ubuntu and more recently
>
> There's a total of 50 errors, all with 'Invalid policy'.
>
> git bisect tracked this down to
>
>
> 7ab65fa5f13c774088d64c3881df798c63d87a44 is the first bad commit
> commit 7ab65fa5f13c774088d64c3881df798c63d87a44
> Author: Tyler Hicks <tyhi...@canonica
\
> (cd parser && make)
> /
> Thank you, I will try.
>
> //
> //
>
> 2017-11-17 21:06 GMT+02:00 Tyler Hicks <tyhi...@canonical.com
> <mailto:tyhi...@canonical.com>>:
>
> On 11/17/2017 12:57 PM, John Johansen wrote:
> &g
On 11/17/2017 12:57 PM, John Johansen wrote:
> On 11/17/2017 01:33 AM, Viacheslav Salnikov wrote:
>> Hi guys,
>>
>> I have a question about apparmor and its dependency from python.
>> I'm using it with Yocto, apparmor version is 2.11.0.
>>
>> Except*aa-easyprof*, does apparmor or its libraries and
No worries at all! You'd have to be following along closely on the
mailing list or IRC channel to know about the migration.
--
You received this bug notification because you are a member of AppArmor
Developers, which is subscribed to AppArmor Profiles.
https://bugs.launchpad.net/bugs/1732040
Hello and thanks for contacting us. We just migrated the AppArmor code
hosting from Launchpad to GitLab a week or two ago. Would it be possible
for you to create a merge request in GitLab against the apparmor-
profiles project?
https://gitlab.com/apparmor/apparmor-profiles
Here's some info
On 11/05/2017 05:55 AM, intrigeri wrote:
> Hi!
>
> So far the Debian packaging lives in bzr and I regularly merge from
> the apparmor-ubuntu-citrain branch. I want to move it to Git ASAP.
+1
>
> Does Ubuntu have a plan wrt. packaging src:apparmor in Git?
Not at this time.
> If not, I will
On 11/02/2017 04:08 PM, John Johansen wrote:
> On 11/02/2017 01:03 PM, Tyler Hicks wrote:
>> On 11/02/2017 03:00 PM, John Johansen wrote:
>>> ]
>>>> We walked through a merge yesterday with this merge request:
>>>>
>>>> https://gitlab.com/
On 11/02/2017 03:00 PM, John Johansen wrote:
> ]
>> We walked through a merge yesterday with this merge request:
>>
>> https://gitlab.com/apparmor/apparmor/merge_requests/1
>>
>> The audit trail of who merged the code is implicitly present in the
>> merge commit. By default, there's no
On 11/02/2017 02:07 PM, Christian Boltz wrote:
> Hello,
>
> Am Mittwoch, 1. November 2017, 21:46:17 CET schrieb Tyler Hicks:
>> On 11/01/2017 02:41 PM, Christian Boltz wrote:
>
>>> Another question is if we want to continue sending patches to the
>>> mailingli
On 11/01/2017 06:36 PM, Tyler Hicks wrote:
> On 11/01/2017 06:34 PM, Seth Arnold wrote:
>> On Wed, Nov 01, 2017 at 03:46:17PM -0500, Tyler Hicks wrote:
>>> What the maintainer did for the GitHub contribution that I mentioned
>>> above was to merge my pull request into
On 11/01/2017 06:34 PM, Seth Arnold wrote:
> On Wed, Nov 01, 2017 at 03:46:17PM -0500, Tyler Hicks wrote:
>> What the maintainer did for the GitHub contribution that I mentioned
>> above was to merge my pull request into a local branch, interactive
>> rebase to add his Signed-
On 11/01/2017 05:18 PM, Steve Beattie wrote:
> On Wed, Nov 01, 2017 at 03:46:17PM -0500, Tyler Hicks wrote:
>>> Am Mittwoch, 1. November 2017, 08:27:12 CET schrieb Steve Beattie:
>>>> There more work to do to flesh out the above and standardize on some
>>>> p
On 11/01/2017 02:41 PM, Christian Boltz wrote:
> Hello,
>
> thanks for doing the migration!
>
> Am Mittwoch, 1. November 2017, 08:27:12 CET schrieb Steve Beattie:
>> There more work to do to flesh out the above and standardize on some
>> practices around git, but this should let us make
On 10/03/2017 12:46 PM, intrigeri wrote:
> Hi,
>
> Steve Beattie:
>> So to be explicit, I'm not aware of anyone seriously suggesting we
>> stay with Launchpad. What I'd personally rather hear are the pros and
>> cons of maintaining a project on github vs gitlab, because I don't
>> have experience
On 09/26/2017 04:26 PM, Steve Beattie wrote:
> Hello,
>
> I've made available a test apparmor git repository at
>
> https://code.launchpad.net/~sbeattie/apparmor/+git/apparmor
>
> You can git clone it via
>
> git clone https://git.launchpad.net/~sbeattie/apparmor/+git/apparmor
>
> Please
On 09/07/2017 06:44 PM, John Johansen wrote:
> Document the use of the features_X and requires() functions
>
> Signed-off-by: John Johansen <john.johan...@canonical.com>
Thanks! I have a few typo fixes mentioned below but feel free to fix
them, add my ack, and commit.
Acked-
On 09/07/2017 05:50 PM, John Johansen wrote:
> On 09/07/2017 01:27 PM, Tyler Hicks wrote:
>> On 09/06/2017 03:09 PM, John Johansen wrote:
>>> Update the tests to test whether the kernel and parser support domain
>>> transitions on pivot_root.
>>>
>>
On 09/06/2017 03:09 PM, John Johansen wrote:
> Update the tests to test whether the kernel and parser support domain
> transitions on pivot_root.
>
> Signed-off-by: John Johansen
> ---
> tests/regression/apparmor/pivot_root.sh | 68
>
On 08/04/2017 06:56 AM, intrigeri wrote:
> Michael Biebl:
>> One suggestion: I just tried to run "debcheckout apparmor" which failed
>> because I didn't have bzr installed. I think you'd make apparmor more
>> approachable for other maintainers if the repo was using git.
>
> Sure (and it would
I noticed a few things that could be cleaned up in the aa-enabled and aa-status
man pages while reviewing Jamie's aa-status syntax fix. I'm only nominating
these for master as these don't fix build failures or anything along those
lines.
Tyler
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Create an EXIT STATUS header and place the BUGS section after the EXIT
STATUS section to match the style in aa-enabled.pod.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
---
utils/aa-status.pod | 14 --
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/ut
Make the possible exit status values bold to match the style used in
aa-status.pod as of r3680.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
---
binutils/aa-enabled.pod | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/binutils/aa-enabled.pod b/binut
On 07/25/2017 06:00 PM, Casey Schaufler wrote:
> What is the best place to get the AppArmor kernel test suite?
> I haven't found an obvious source.
Hey Casey - They're in the AppArmor userspace project. Here's a link to
the README:
be opened for reading, etc.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
Tested-by: Christian Boltz <appar...@cboltz.de>
Acked-by: John Johansen <john.johan...@canonical.com>
---
parser/lib.c | 3 +++
parser/parser_main.c | 2 ++
2 files changed, 5 insertions(+)
d
On 05/11/2017 04:39 PM, Tyler Hicks wrote:
> Christian reported that `apparmor_parser -r /file/not/found` returns 0
> indicating that the profile was loaded as expected even though
> /file/not/found does not exist in the filesystem. This patch ensures
> that a non-zero error code is r
On 05/11/2017 04:39 PM, Tyler Hicks wrote:
> Christian reported that `apparmor_parser -r /file/not/found` returns 0
> indicating that the profile was loaded as expected even though
> /file/not/found does not exist in the filesystem. This patch ensures
> that a non-zero error code is r
, readable, etc.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
Tested-by: Christian Boltz <appar...@cboltz.de>
Acked-by: John Johansen <john.johan...@canonical.com>
---
parser/lib.c | 3 +++
parser/parser_main.c | 2 ++
2 files changed, 5 insertions(+)
diff --git a/parser/li
On 05/10/2017 05:28 AM, Klaus Frick wrote:
> Hello,
>
> i am using ubuntu16.04 (uname -r 4.8.0-51-generic). I have problems with
> a DVB-T2 usb-driver on ubuntu16.10. So I went back to 16.04 and checked
> syslog. I don`t think this is my problem, but it shuld be fixed.
>
> the file is in list,
On 04/01/2017 10:51 PM, John Johansen wrote:
> There has been work upstream to bring generic LSM stacking to the
> Linux kernel. If this happens it will require changes to apparmor,
> specifically around the proc//attr interfaces that apparmor
> shares with other lsms. Currently only a single LSM
On 04/20/2017 02:23 PM, Tyler Hicks wrote:
> On 04/15/2017 05:54 PM, Christian Boltz wrote:
>> Am Samstag, 25. März 2017, 21:53:21 CEST schrieb Christian Boltz:
>>> since r3634, the tools allow any order of dbus conditionals.
>>>
>>> Quoting the r3634 patch des
On 04/20/2017 02:28 PM, Tyler Hicks wrote:
> Error messages shouldn't show up in build logs when the error has been
> encountered. This patch silences these shell commands from being printed
> before they're interpreted.
Typo in the first sentence above. Changed locally to:
"
target.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
---
I'm nominating this patch for 2.11 and trunk.
libraries/libapparmor/testsuite/Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libraries/libapparmor/testsuite/Makefile.am
b/libraries/libapparmor/tes
Error messages shouldn't show up in build logs when the error has been
encountered. This patch silences these shell commands from being printed
before they're interpreted.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
---
libraries/libapparmor/testsuite/Makefile.am | 4 ++--
1 file c
On 04/15/2017 05:54 PM, Christian Boltz wrote:
> Hello,
>
> Any comments or reviews on this patch?
>
> If nobody objects, I'll commit it (to trunk and 2.11) on Wednesday as
> Acked-by .
I see that the review period timed out already. That's fine by me as the
change looks correct. Sorry that
ibnotify documentation is of no help in determining what should be
normal and what should be critical:
https://developer.gnome.org/libnotify/0.7/NotifyNotification.html#NotifyUrgency
I guess that means that we need to set the urgency according to how the
popular DEs handle these notific
On 04/05/2017 06:48 PM, Steve Beattie wrote:
> On Wed, Apr 05, 2017 at 04:09:15PM -0500, Tyler Hicks wrote:
>>> +#if defined(SYS_getdents) && defined(SYS_getdents64)
>>> + if (rc != rc64) {
>>> + printf("FAIL - getdents and getdents64 retu
On 04/05/2017 01:57 PM, Steve Beattie wrote:
> On Tue, Apr 04, 2017 at 03:41:41PM -0500, Tyler Hicks wrote:
>> I didn't mean to make this simple test improvement turn into something
>> complex. I'm willing to ack your original patch if you don't see a quick
>> and easy s
On 04/04/2017 03:24 PM, Steve Beattie wrote:
> Hey Tyler,
>
> On Tue, Apr 04, 2017 at 02:03:53PM -0500, Tyler Hicks wrote:
>> On 04/04/2017 01:14 PM, Steve Beattie wrote:
>>> -int main(int argc, char *argv[])
>>> +#ifdef SYS_getdents
>>> +i
On 04/04/2017 01:14 PM, Steve Beattie wrote:
> Hey Colin,
>
> On Tue, Apr 04, 2017 at 03:16:29PM -, Colin Ian King wrote:
>> Colin Ian King has proposed merging
>> lp:~colin-king/apparmor/fix-arm64-test-builds into lp:apparmor.
>>
>> Requested reviews:
>> AppArmor Developers (apparmor-dev)
d run
>
> This patch fixes the call order in tools.py and adds a check to
> init_aa() so that it can be run only once and ignores additional calls.
>
Acked-by: Tyler Hicks <tyhi...@canonical.com>
Thanks!
>
> [ 02-fix-init_aa-regressions.diff ]
>
> === modified file .
On 03/02/2017 01:32 PM, Christian Boltz wrote:
> Hello,
>
> Am Mittwoch, 1. März 2017, 21:52:01 CET schrieb Tyler Hicks:
>> Introduce an apparmor.aa.init_aa() method and move the initialization
>> code of the apparmor.aa module into it. Note that this change will
>&g
On 03/01/2017 04:11 PM, Seth Arnold wrote:
> On Wed, Mar 01, 2017 at 08:52:06PM +0000, Tyler Hicks wrote:
>> The test-aa-easyprof.py script was attempting to do its own special
>> setup to import the in-tree easyprof module. However, this proved to be
>> very flaky and
-easyprof.py script receives the base path by checking the
__AA_BASEDIR environment variable. This environment variable is strictly
used by the test script and not any user-facing code so two leading
underscores were used.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
Acked-by: Christian Boltz
-default configuration directory path prior to calling
apparmor.aa.init_aa(). All test scripts that use apparmor.aa are updated
to call setup_aa().
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
Suggested-by: Christian Boltz <appar...@cboltz.de>
---
utils/aa-genprof
' is not user
friendly. However, I decided to preserve the name of the options from
apparmor_parser.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
Acked-by: Christian Boltz <appar...@cboltz.de>
Acked-by: Seth Arnold <seth.arn...@canonical.com>
---
utils/aa-easyprof.pod
On 02/15/2017 06:29 PM, Christian Boltz wrote:
> Hello,
>
> Am Mittwoch, 15. Februar 2017, 12:21:05 CET schrieb Tyler Hicks:
>> On 02/12/2017 12:55 PM, Christian Boltz wrote:
>>> Am Mittwoch, 8. Februar 2017, 22:01:40 CET schrieb Tyler Hicks:
>>>>
On 02/12/2017 12:55 PM, Christian Boltz wrote:
> Hello,
>
> Am Mittwoch, 8. Februar 2017, 22:01:40 CET schrieb Tyler Hicks:
>> Instead of hard-coding the location of logprof.conf and other utils
>> related configuration files to /etc/apparmor/, this patch looks for
>&g
On 02/12/2017 01:30 PM, Christian Boltz wrote:
> Hello,
>
> Am Mittwoch, 8. Februar 2017, 23:56:27 CET schrieb Tyler Hicks:
>> https://launchpad.net/bugs/1628286
>>
>> The utils were enforcing that the dbus rule attributes were strictly
>> ordered in the foll
On 02/08/2017 06:23 PM, Seth Arnold wrote:
> On Wed, Feb 08, 2017 at 10:01:45PM +0000, Tyler Hicks wrote:
>> if USE_SYSTEM is not set, the utils make check target will instruct
>> test-aa-easyprof.py to provide the path of the in-tree parser executable
>> to aa-easyprof.
>&
On 02/08/2017 06:00 PM, Seth Arnold wrote:
> On Wed, Feb 08, 2017 at 10:01:40PM +0000, Tyler Hicks wrote:
>> --- a/utils/apparmor/aa.py
>> +++ b/utils/apparmor/aa.py
>> @@ -73,7 +73,7 @@ _ = init_translation()
>> # Setup logging incase of debugging is enabled
>>
On 02/08/2017 06:22 PM, Seth Arnold wrote:
> On Wed, Feb 08, 2017 at 10:01:42PM +0000, Tyler Hicks wrote:
>> https://launchpad.net/bugs/1521031
>>
>> aa-easyprof accepts a list of abstractions to include and, by default,
>> execs apparmor_parser to verify the gene
nly the last occurrence
of the attribute will be honored by the utils.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
Cc: Christian Boltz <appar...@cboltz.de>
---
utils/apparmor/rule/dbus.py| 12 ++--
utils/test/test-dbus.py| 6 ++
utils
successfully perform a run of the utils
tests in a minimal, pristine Ubuntu Zesty chroot containing no installed
AppArmor packages.
For developers that want to continue testing against the system packages, the
USE_SYSTEM=1 make variable can be passed to the make command.
Tyler Hicks (8):
utils
-easyprof.py script receives the parser path by checking the
__AA_PARSER environment variable. This environment variable is strictly
used by the test script and not any user-facing code so two leading
underscores were used.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
Cc: Christian Boltz
in the error messages.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
Cc: Christian Boltz <appar...@cboltz.de>
---
utils/apparmor/aa.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py
index ab7f6c9..eecf8c7 100644
get to use the in-tree config file,
profiles, and parser by default. To override this behavior, the
USE_SYSTEM make variable needs to be set like so:
$ make USE_SYSTEM=1 -C utils check
The APPARMOR_PY_CONFDIR should be considered somewhat user-facing,
although undocumented at this time.
Signed-off
The merged /usr patches to the policy broke some utils tests due to a
change in the expected output.
Fixes: r3600 update lots of profiles for usrMerge
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
Cc: Christian Boltz <appar...@cboltz.de>
---
utils/test/test-aa.py | 8
option to aa-easyprof is the first step in addressing
this problem.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
Cc: Christian Boltz <appar...@cboltz.de>
Cc: Jamie Strandboge <ja...@ubuntu.com>
---
utils/aa-easyprof.pod | 6 ++
utils/apparmo
-easyprof.py script receives the base path by checking the
__AA_BASEDIR environment variable. This environment variable is strictly
used by the test script and not any user-facing code so two leading
underscores were used.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
Cc: Christian Boltz
' is not user
friendly. However, I decided to preserve the name of the options from
apparmor_parser.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
Cc: Christian Boltz <appar...@cboltz.de>
Cc: Jamie Strandboge <ja...@ubuntu.com>
---
A different approach to fixing bug 1521031 w
to the in-tree
paths. Another patch is needed to get aa.py to honor a non-hardcoded
search path for logprof.conf and other configuration files.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
Cc: Christian Boltz <appar...@cboltz.de>
---
utils/test/logprof.conf | 6 +++---
utils/test/te
On 01/20/2017 09:46 AM, intrigeri wrote:
> Tyler Hicks:
>> On 01/20/2017 02:15 AM, intrigeri wrote:
>>> note that as far the Debian packaging is concerned, I'll keep building
>>> that file from source: that's the only way to guarantee that we
>>> distri
On 01/20/2017 06:31 AM, Simon McVittie wrote:
> On Fri, 20 Jan 2017 at 04:14:53 +0000, Tyler Hicks wrote:
>> -rm -rf techdoc.aux techdoc.out techdoc.log techdoc.pdf techdoc.toc
>> techdoc.txt techdoc/
>
> If my (admittedly very rusty) memory of LaTeX is correct,
On 09/30/2016 02:28 PM, Seth Arnold wrote:
> On Fri, Sep 30, 2016 at 02:07:28PM -0500, Tyler Hicks wrote:
>> The features_struct.size variable is used to hold a buffer size and it
>> is also passed in as the size parameter to read(). It should be a size_t
>> instead of an in
because the signed value is checked for "< 0"
immediately before the casts.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
---
* Changes since v1:
- Subtract fst->buffer from fst->pos and ensure the result is not greater
than remaining before subtracting
-
On 09/29/2016 09:30 PM, Seth Arnold wrote:
> On Thu, Sep 29, 2016 at 07:32:31PM -0500, Tyler Hicks wrote:
>> +size_t remaining = fst->size - (fst->pos - fst->buffer);
>>
>> if (remaining < 0) {
>
> I'm 90% sure this doesn't do what we want.
The load_features_file() function returned an int but calculated the
value by subtracting two pointers. On 64 bit systems, that results in a
64 bit value being represented as a 32 bit type.
Coverity CID #55992
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
---
libraries/libapparm
A recent Coverity scan pointed out an integer overflow issue in libapparmor's
internal load_features_file() function. That issue is fixed in the first patch.
The second patch is a cleanup to consistently use size_t in a number of areas
dealing with buffer sizes.
Tyler
--
AppArmor mailing list
On 09/28/2016 09:45 PM, Seth Arnold wrote:
> On Wed, Sep 28, 2016 at 09:05:09PM -0500, Tyler Hicks wrote:
>> https://launchpad.net/bugs/1628745
>>
>> The following upstream kernel commit changed the semantics of the exec
>> permission check in th
anting mapping permission to the target
profile.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
---
tests/regression/apparmor/exec_stack.sh | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/tests/regression/apparmor/exec_stack.sh
b/tests/regression/apparmor/exec_st
On 09/14/2016 03:32 PM, Steve Beattie wrote:
> On Wed, Sep 14, 2016 at 02:12:35PM -0500, Tyler Hicks wrote:
>> On 09/14/2016 01:52 PM, Christian Boltz wrote:
>>> Hello,
>>>
>>> renaming LibAppArmor.py to __init__.py breaks the import path
>>> calcul
ror 1
The --force option is needed to regenerate the libtool file in
libraries/libapparmor/.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
---
libraries/libapparmor/autogen.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libraries/libapparmor/autogen.sh b/libra
On 08/23/2016 03:09 PM, Seth Arnold wrote:
> On Tue, Aug 23, 2016 at 07:37:03PM +0200, Christian Boltz wrote:
>> Hello,
>>
>> as discussed a while ago, switch the utils (including their tests) to
>> use python3 by default. While on it, drop usage of "env" to always get
>> the system python3
in parsed
rules. If an exec mode is not specified in a rule, there is no attempt
to force the usage of "safe" because older kernels do not support it.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
Acked-by: Seth Arnold <seth.arn...@canonical.com>
---
* Changes since v1:
in parsed
rules. If an exec mode is not specified in a rule, there is no attempt
to force the usage of "safe" because older kernels do not support it.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
---
utils/apparmor/regex.py| 2 +
utils/apparmor/rule/change_p
On 06/24/2016 10:24 PM, Seth Arnold wrote:
> On Fri, Jun 24, 2016 at 05:15:53PM -0500, Tyler Hicks wrote:
>> Add optional command line parameters to the transition test program that
>> can be used to verify a certain label and/or mode that should be found
>> in /proc/self/at
Add optional command line parameters to the transition test program that
can be used to verify a certain label and/or mode that should be found
in /proc/self/attr/exec.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
---
tests/regression/apparmor/transition.
is no longer needed, the signal:ALL allow rule can be dropped
from the test profile. A new allow rule is needed to grant reading of
/proc/*/attr/{current,exec} since transition must verify the contents of
these files.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
---
tests/regression/ap
From: Jamie Strandboge <ja...@ubuntu.com>
An abstraction to allow mozc clients to connect to the mozc-server.
Signed-off-by: Jamie Strandboge <ja...@ubuntu.com>
[tyhicks: Wrote commit message]
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
---
profiles/apparmor.d/abst
From: Jamie Strandboge <ja...@ubuntu.com>
Create a set of strict and non-strict abstractions, much like the
existing dbus abstractions, for connecting to the fcitx bus.
Signed-off-by: Jamie Strandboge <ja...@ubuntu.com>
[tyhicks: Wrote commit message]
Signed-off-by: Tyler
b/parser/tst/equality.sh
> @@ -461,9 +461,23 @@ verify_binary_equality "Deny of ungranted perm" \
> verify_binary_equality "change_profile == change_profile -> **" \
> "/t { change_profile, }" \
> "/t {
On 06/01/2016 03:35 PM, Christian Boltz wrote:
> Hello,
>
> $subject.
>
>
> [ apparmor.d.pod-dbus-aliases.diff ]
Acked-by: Tyler Hicks <tyhi...@canonical.com>
Thanks!
>
> --- parser/apparmor.d.pod 2016-06-01 22:32:13.886365414 +0200
> +++ parser/appa
.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
---
* Changes from v1.2:
- Create a SUB_ID_WS mode that eats whitespace and have
CHANGE_PROFILE_MODE push state their whenever it encounters an ARROW
- Drop the optional trailing {WS} and \n match following an
My mail client decided to sign and encrypt my previous reply. See what I
wrote below.
Tyler
On 05/31/2016 09:46 AM, Tyler Hicks wrote:
> On 05/31/2016 05:08 AM, John Johansen wrote:
>> On 05/28/2016 09:42 AM, Tyler Hicks wrote:
>>> https://launchpad.net/bugs/1584069
>>
.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
---
* Changes from v1.1:
- Dropped SUB_ID from the list of modes that eat whitespace
+ This was a change introduced in v1.1 and was nacked by John
- Adjusted the CHANGE_PROFILE_MODE's matching of {ARROW} to allow for
optional tr
binvstqIDBHNU.bin
Description: PGP/MIME version identification
encrypted.asc
Description: OpenPGP encrypted message
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
The gen_change_profile() function must be changed to allow the extra
condition in change_profiles rules.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
---
tests/regression/apparmor/mkprofile.pl | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tests/regression/apparmor/mkprofile
Simple tests that validate the parser's ability to handle change_profile
rules containing an exec mode.
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
---
parser/tst/simple_tests/change_profile/safe_bad_1.sd | 7 +++
parser/tst/simple_tests/change_profile/safe_bad_2.sd
1 - 100 of 779 matches
Mail list logo