Hi,
Thanks a lot, John, for this detailed answer.
FTR, my take on this is thus:
- I won't upload 3.1.x to Debian sid.
- I won't upload 3.1.x to Debian experimental either:
the cost/benefit seems too high.
- Most likely Bookworm will be released with 3.0.x.
I'm prepared to revisit
Hi,
Debian testing/sid currently has AppArmor 3.0.7.
Debian testing will be frozen in February 2023,
in preparation for the Debian 12 ("Bookworm")
release.
I'm wondering whether I should upload 3.1.x to Debian.
I see no release notes for 3.1.x on the website and it's hard for me
to make sense
Hi,
Thank you all for this constructive discussion.
John Johansen (2021-09-08):
>> At the same time - if the perl bindings cause you major headaches on
>> Debian, feel free to drop --with-perl.
>
> yes, this is the immediate solution for debian. And we can take that
> as a data point for the
Hi,
As far as I can tell, in the upstream code base, aa-notify was the
only thing that depended on the Perl bindings to libapparmor.
It's been ported to Python so that's not the case anymore.
With my Debian hat on, I can say that shipping the Perl bindings
(libapparmor-perl) makes some stuff
Hi,
Alberto Mardegan (2020-04-02):
> On 02/04/20 16:48, intrigeri wrote:
>> At Tails we do ship a binary, compiled policy in our live system:
>>
>>
>> https://salsa.debian.org/tails-team/tails/-/blob/master/config/chroot_local-hooks/99-cache-AppArmor-policy
>&g
Hi,
Alberto Mardegan (2020-04-02):
> My first question is whether this is actually doable: is the binary
> format of a cached profile independent from the machine architecture in
> which it is generated?
I don't know about architecture portability.
At Tails we do ship a binary, compiled policy
John Johansen (2020-03-08):
> The next icr meeting is Tuesday Mar 10 at 18:00 UTC in #apparmor on oftc.net
Thank you for the reminder!
Unfortunately, I probably won't be able to make it :/
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
Vincas Dargis (2020-02-13):
> Thanks Otto! Really nice and clean site :)
+1
Congrats!
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
above.
> Question about Apparmor full system policy.
> I mean loading all Apparmor policy profiles, not just Init.
Now I'm confused. May I ask what you're trying to achieve?
Is it really full system policy, i.e. *all* processes are confined?
Or "only" early loading of policy?
the web interface, and then by Debian
convention /etc/cups is world-readable. But perhaps one of these could
change, e.g. does /etc/cups really have to be world-readable?
Cheers,
--
intrigeri
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.co
ups dir
I was not able to find any reference to the "trap profile" idea
in our documentation. Could you please point me in the right
direction? Thanks in advance!
Cheers,
--
intrigeri
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://
Meta: I've re-read the discussion from December 2017. If there were
messages later than this on the thread, I missed them due to suboptimal
mailing list archive presentation. Sorry if this leads me to wrong
conclusions!
I lack the skills to do the actual work I think should be done. The only
way
opkgtest CI system)
maintainers they set the 2 aforementioned options for containers used
for autopkgtests. Makes sense?
[1] https://bugs.debian.org/911806#20
Cheers,
--
intrigeri
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
and maybe shed some light upon what
options we have here, both short and long term?
Cheers,
--
intrigeri
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
Stéphane Graber:
> On Fri, Oct 26, 2018 at 2:32 PM intrigeri wrote:
>> Any chance the release branch that has this feature (presumably 3.x)
>> becomes stable by the end of the year?
> That'd be a question for Christian I think as he'd be the one doing
> maintenance on i
it to stable releases.
Any chance the release branch that has this feature (presumably 3.x)
becomes stable by the end of the year?
Cheers,
--
intrigeri
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
ets the Debian Policy standards is a doable, but non-trivial
project. Clément Hermann started to work on this a few months ago but
I doubt it'll be ready in time for Buster. So I don't see core Debian
infrastructure switching to LXD soon.
Cheers,
--
intrigeri
--
AppArmor mailing list
AppAr
:)
Cheers,
--
intrigeri
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
pull/10012
Cheers,
--
intrigeri
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
John Johansen:
> On 08/28/2018 11:11 PM, intrigeri wrote:
>> Just curious: why? Is this primarily to simplify the code or is there
>> another reason?
> Its because […]
Thanks!
Cheers,
--
intrigeri
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsu
Hi,
John Johansen:
> We are proposing deprecating attachment based profile names in the
> apparmor 3 release
Just curious: why? Is this primarily to simplify the code or is there
another reason?
Cheers,
--
intrigeri
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify se
Git, that moves the cache to /var/cache/apparmor. It should be
part of the upcoming apparmor 2.13-7 upload.
Thanks again for your feedback, much appreciated :)
Cheers,
--
intrigeri
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mail
Review: Disapprove
Superseded by https://gitlab.com/apparmor/apparmor-profiles/merge_requests/15
--
https://code.launchpad.net/~skunk/apparmor-profiles/+git/apparmor-profiles/+merge/321802
Your team AppArmor Developers is subscribed to branch
Christian Boltz:
> Am Donnerstag, 26. Juli 2018, 13:46:37 CEST schrieb intrigeri:
>> The initscript has this:
>>
>># Required-Start: $local_fs
>>
>> … so I think we should be good when pid 1 == sysvinit as well as long
>> as /var is not on a remote
intrigeri:
> The initscript has this:
># Required-Start: $local_fs
> … so I think we should be good when pid 1 == sysvinit as well as long
> as /var is not on a remote FS.
> Then I'm hesitating between:
> a) Assume this very unlikely corner-case simply won't be triggered
Hi,
Jamie Strandboge:
> On Sat, 2018-07-07 at 21:33 +0200, intrigeri wrote:
>> > It continues to be a tricky problem. I think mostly we really
>> > need to make sure the binary policy is on the same partition as
>> > the text policy.
>>
>> As you nee
The proposal to merge ~skunk/apparmor-profiles:chromium-update into
~apparmor-dev/apparmor-profiles/+git/apparmor-profiles-old:master has been
updated.
Status: Needs review => Rejected
For more details, see:
and Jamie in a single email.
Jamie Strandboge:
> On Mon, 2018-01-08 at 02:17 -0800, John Johansen wrote:
>> On 01/07/2018 07:22 AM, intrigeri wrote:
>> > Then I'd like to try moving the cache to /var/cache on Debian and
>> > Ubuntu to start with. This seems like a realist
appar...@raf.org:
>> This does not match name="/run/lock/apache2/mpm-accept-0.22001"
>>
>> What about the broader:
>>
>>/{var/,}run/lock/apache2/mpm-accept* wk,
>>
>> ?
>>
>> Cheers,
>> --
>> intrigeri
> hi
er:
/{var/,}run/lock/apache2/mpm-accept* wk,
?
Cheers,
--
intrigeri
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
bits were added to
https://wiki.debian.org/AppArmor/HowToUse
which is linked from /usr/share/doc/apparmor/README.Debian :)
It's only a start and there's lots of room for improvement,
but it's a start.
Cheers,
--
intrigeri
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings
Vincas Dargis:
> On 1/25/18 9:31 AM, John Johansen wrote:
>>> Dragon only needs to open browser (for clicking "Help -> Report a bug") and
>>> email
>>> client (when clicking translator's email button in About dialog), and
>>> that's it.
>>> So I figure that a more secure approach (by limiting
Superseded by https://gitlab.com/apparmor/apparmor/merge_requests/71. Simon,
could you please take a look?
--
https://code.launchpad.net/~intrigeri/apparmor/flatpak-exports/+merge/331056
Your team AppArmor Developers is requested to review the proposed merge of
lp:~intrigeri/apparmor/flatpak
Review: Disapprove
--
https://code.launchpad.net/~intrigeri/apparmor/flatpak-exports/+merge/331056
Your team AppArmor Developers is requested to review the proposed merge of
lp:~intrigeri/apparmor/flatpak-exports into lp:apparmor.
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify
Simon McVittie:
> On Fri, 26 Jan 2018 at 09:06:15 +0100, intrigeri wrote:
>> regardless of the exact sandboxing technology
>> that's used to confine the app, in any case we need to teach the apps
>> (or some underlying toolkit) to send IPC requests instead of executing
&
AppArmor but regardless of the exact sandboxing technology
that's used to confine the app, in any case we need to teach the apps
(or some underlying toolkit) to send IPC requests instead of executing
programs themselves.
Cheers,
--
intrigeri
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
> This was partially done. unfortunately the profiles are all missing a
/
I think that's been fixed in Debian already.
--
You received this bug notification because you are a member of AppArmor
Developers, which is subscribed to AppArmor Profiles.
https://bugs.launchpad.net/bugs/1284507
Title:
Hi,
intrigeri:
> I'll try hard to prepare by the end of the year a realistic PoC
> Vcs-Git (with upstream/2.11.x, upstream/2.12.x, debian/stretch,
> debian/master and possibly ubuntu/$something branches). I won't bother
> rewriting history to pretend we've been using this model f
John Johansen:
> On 01/08/2018 04:28 AM, Simon McVittie wrote:
>> If AppArmor created this tag itself, that might be even better, but at
>> the moment intrigeri is only asking for it to not be deleted, so that a
>> sysadmin or OS vendor can create it and have it persist.
E
intrigeri:
> intrigeri:
>> Dear upstream/parser developers, would it feel crazy to modify
>> clear_cache_cb to ignore the passed file if its basename is
>> CACHEDIR.TAG? Or should _aa_dirat_for_each get a list of excluded file
>> names as a new argument, or so
Hi,
… and sorry for the delay!
John Johansen:
> On 11/25/2017 08:16 AM, intrigeri wrote:
>> Marco d'Itri:
>>> Why are policies generally installed in /etc/ and not in
>>> /usr/share/apparmor/?
>>
> It actually depends on the distro, eg. ubuntu touch moved th
intrigeri:
> Dear upstream/parser developers, would it feel crazy to modify
> clear_cache_cb to ignore the passed file if its basename is
> CACHEDIR.TAG? Or should _aa_dirat_for_each get a list of excluded file
> names as a new argument, or something similar?
> If any of these a
Hi John,
John Johansen:
> Attached is the patch for the kernel that is currently in testing
> From 1aa96ec6d0fce613e06fa4d073c8cf3e183989da Mon Sep 17 00:00:00 2001
> From: John Johansen
> Date: Thu, 7 Dec 2017 00:28:27 -0800
> Subject: [PATCH] apparmor: fix
.14 too
Do you need more info from me or from the bug reporter (Kertesz
Laszlo, Cc'ed)?
Cheers,
--
intrigeri
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
ent, or something similar?
If any of these approaches seems acceptable, is anyone around willing
to write this patch, or should I try to find a C person elsewhere?
Thanks in advance!
Cheers,
--
intrigeri
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
ian Buster).
> How could I use variables
> _today_, without adding too much work for a package maintainer?
Apart of asking them to manually install the empty file via standard
packaging means, I don't know :/
Cheers,
--
intrigeri
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify s
r of this new/updated directive in a dedicated thread, and once
we've reached an agreement I could try to find someone to implement it?
Cheers,
--
intrigeri
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
Vincas Dargis:
> To wrap this up, I am suggesting to apply this guideline and refactor current
> profiles (and consider it while writing new ones), to use variables and some
> sort of
> tunables include, like directory:
Looks great to me!
Cheers,
--
intrigeri
--
AppArmor
r package maintainers on the Debian wiki, and once we
have enough of it and well-defined best practices, I'm happy to encode
them in a more authoritative place.
Cheers,
--
intrigeri
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
ainer and I'd like to write an
> apparmor profile for one of the binaries in my package, where do
> I start".
Some of this doc has been written by Ulrike Uhlig a few years ago:
https://wiki.debian.org/AppArmor/Contribute#Ship_an_AppArmor_profile_in_.22your.22_package
Cheers,
--
intrige
Hi,
intrigeri:
> The next upload of the linux-image packages will "Recommends: apparmor".
Done ⇒ AppArmor is now enabled by default in sid.
Let the experiment begin!
Now is time to report and fix bugs. To make sure they are on the radar
of the AppArmor team, please apply the rel
: I'll
instead focus on setting up the framework I have in mind for our
_future_ work.
Cheers,
--
intrigeri
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
hi,
Vincas Dargis:
> On 2017.11.05 13:10, intrigeri wrote:
>>> Is it possible to deny all of these file_inherit somehow?
>>
>> Probably, with a wide deny rule such as (/**).
> It it possible to select file_inherit only?
I don't think so.
> I mean, this will no
Can you please resubmit on GitLab
(https://gitlab.com/apparmor/apparmor-profiles)?
Sorry nobody looked at this yes :/
--
https://code.launchpad.net/~skunk/apparmor-profiles/+git/apparmor-profiles/+merge/321802
Your team AppArmor Developers is requested to review the proposed merge of
ake sure to edit the commit message.
> Add the necessary reviewer and acked-by lines. And I can live
> with this.
> Requiring people to do this locally via a rebase and editing each
> commit feels like too much of a barrier.
I agree with all this.
Cheers,
--
intrigeri
--
AppArmor
ours.
So I think I'll convert my own Vcs-Bzr to Git.
- Suggestions and hints welcome as I've never done bzr→Git
conversions. Steve, could you please share your scripts or notes?
Cheers,
--
intrigeri
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
h
r the gitlab tree:
Was the same done for apparmor-profiles? I've pushed changes to GitLab
today but I don't see them mirrored on Launchpad.
Cheers,
--
intrigeri
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
ial one file only,
> Thnderbird
> probably had opend much more files at the time of child is being run?
No idea.
> How this generally should be handled in child profiles, simply manually add
> denies..?
Yes.
> Is it possible to deny all of these file_inherit somehow?
Probabl
Review: Approve
It seems something went wrong: John marked this as merged but apparently it was
not, so I just merged it myself (+ applied the same change to 18.04):
https://gitlab.com/apparmor/apparmor-profiles/commit/5ecd985737ca1e1bb6954525dfc1a405f1fe16b7.
--
The proposal to merge
~sdeziel/apparmor-profiles/+git/apparmor-profiles:thunderbird-bug-880425 into
apparmor-profiles:master has been updated.
Status: Needs review => Merged
For more details, see:
https://code.launchpad.net/~sdeziel/apparmor-profiles/+git/apparmor-profiles/+merge/333081
--
Review: Approve
Thanks! Merged in GitLab:
https://gitlab.com/apparmor/apparmor-profiles/commit/5c48d9f2174c14e3fc3c8401decf1f57e8cdd3ed
--
https://code.launchpad.net/~sdeziel/apparmor-profiles/+git/apparmor-profiles/+merge/333081
Your team AppArmor Developers is subscribed to branch
intrigeri has proposed merging
~intrigeri/apparmor-profiles/+git/apparmor-profiles:totem-vs-nvidia into
apparmor-profiles:master.
Requested reviews:
AppArmor Developers (apparmor-dev)
For more details, see:
https://code.launchpad.net/~intrigeri/apparmor-profiles/+git/apparmor-profiles/+merge
> Set the status to "Rejected", like I just did ;-)
Thanks!
--
https://code.launchpad.net/~u-d/apparmor-profiles/+git/apparmor-profiles/+merge/320276
Your team AppArmor Developers is requested to review the proposed merge of
~u-d/apparmor-profiles:thunderbird/launcher into
Hi,
intrigeri:
> Chris Lamb:
>> So… in the spirit of taking (reversible!) risks, can you briefly outline
>> what's blocking us enabling this today? :)
> Thanks for asking!
> I've scheduled time on October 23-27 to:
We made good progress. Thanks a lot to Vincas
What's the best way to reject this MR in Launchpad? I see I could delete it but
it would be nice to keep this discussion archived.
--
https://code.launchpad.net/~u-d/apparmor-profiles/+git/apparmor-profiles/+merge/320276
Your team AppArmor Developers is requested to review the proposed merge of
This was superseded by
https://code.launchpad.net/~talkless/apparmor-profiles/+git/apparmor-profiles/+merge/332870
that was merged today.
--
https://code.launchpad.net/~u-d/apparmor-profiles/+git/apparmor-profiles/+merge/320276
Your team AppArmor Developers is requested to review the proposed
See also a related discussion on
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1042771.
--
You received this bug notification because you are a member of AppArmor
Developers, which is subscribed to AppArmor Profiles.
https://bugs.launchpad.net/bugs/1727993
Title:
Thunderbird profile
Public bug reported:
With the current Thunderbird profile Evince & Totem are run under
sanitized_helper, while some distros ship stricter dedicated profiles
for them. This feels wrong.
As written on https://code.launchpad.net/~talkless/apparmor-
Filed https://bugs.launchpad.net/apparmor-profiles/+bug/1727993 about the
Evince/Totem issue.
--
https://code.launchpad.net/~talkless/apparmor-profiles/+git/apparmor-profiles/+merge/332870
Your team AppArmor Developers is requested to review the proposed merge of
Review: Approve
Wrt. LibreOffice: interestingly, both Debian and Ubuntu ship a
usr.lib.libreofficeprogram.soffice.bin profile (enforced by default) but it
applies to a path that is not the one we use
(/usr/lib/libreofficeprogram/soffice.bin). That's out of scope here so let's
stick with what
Thanks Vincas for the MR & Simon for the review (that will save me quite some
time)! I'll look into this soon.
--
https://code.launchpad.net/~talkless/apparmor-profiles/+git/apparmor-profiles/+merge/332870
Your team AppArmor Developers is requested to review the proposed merge of
still, less trusted code is always good).
=> case closed.
--
https://code.launchpad.net/~intrigeri/apparmor-profiles/+git/apparmor-profiles/+merge/332769
Your team AppArmor Developers is subscribed to branch apparmor-profiles:master.
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify
it's broken.
--
https://code.launchpad.net/~intrigeri/apparmor-profiles/+git/apparmor-profiles/+merge/332769
Your team AppArmor Developers is subscribed to branch apparmor-profiles:master.
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu
Status update: Vincas is going to rebase my last patch on top of the current
profile and resubmit – thanks! :)
--
https://code.launchpad.net/~u-d/apparmor-profiles/+git/apparmor-profiles/+merge/320276
Your team AppArmor Developers is requested to review the proposed merge of
> So what are the AppArmor guidelines for these merge/separate usr exactly?
If I got Simon's explanation right: use alternations like /{usr/,}bin/xyz for
stuff that's typically shipped in /bin or /lib (in order to support
merged-/usr), and don't bother about stuff that's typically shipped in
intrigeri has proposed merging
~intrigeri/apparmor-profiles/+git/apparmor-profiles:gnome-3.26 into
apparmor-profiles:master.
Requested reviews:
AppArmor Developers (apparmor-dev)
For more details, see:
https://code.launchpad.net/~intrigeri/apparmor-profiles/+git/apparmor-profiles/+merge
Superseded by
https://code.launchpad.net/~intrigeri/apparmor-profiles/+git/apparmor-profiles/+merge/332769
=> Vincas, I suggest you close this one (and possibly review my newer MR :)
--
https://code.launchpad.net/~talkless/apparmor-profiles/+git/apparmor-profiles/+merge/332143
Your t
** Changed in: apparmor-profiles
Status: New => Fix Released
--
You received this bug notification because you are a member of AppArmor
Developers, which is subscribed to AppArmor Profiles.
https://bugs.launchpad.net/bugs/1706870
Title:
usr.bin.thunderbird denies on Debian
Status in
Review: Approve
LGTM
--
https://code.launchpad.net/~talkless/apparmor-profiles/+git/apparmor-profiles/+merge/331617
Your team AppArmor Developers is requested to review the proposed merge of
~talkless/apparmor-profiles:thunderbird-mozilla-java-plugins into
apparmor-profiles:master.
--
Review: Needs Fixing
I'll go back to the drawing board. Sorry folks for wasting your time!
--
https://code.launchpad.net/~intrigeri/apparmor/flatpak-exports/+merge/331056
Your team AppArmor Developers is requested to review the proposed merge of
lp:~intrigeri/apparmor/flatpak-exports
intrigeri has proposed merging lp:~intrigeri/apparmor/utils-logprof-python3.6
into lp:apparmor.
Requested reviews:
AppArmor Developers (apparmor-dev)
For more details, see:
https://code.launchpad.net/~intrigeri/apparmor/utils-logprof-python3.6/+merge/332637
This patch by Adam Conrad <ad
intrigeri has proposed merging lp:~intrigeri/apparmor/utils-keep-shebang into
lp:apparmor.
Requested reviews:
AppArmor Developers (apparmor-dev)
For more details, see:
https://code.launchpad.net/~intrigeri/apparmor/utils-keep-shebang/+merge/332636
This patch by Adam Conrad <ad
intrigeri has proposed merging lp:~intrigeri/apparmor/increase-test-timeout
into lp:apparmor.
Requested reviews:
AppArmor Developers (apparmor-dev)
For more details, see:
https://code.launchpad.net/~intrigeri/apparmor/increase-test-timeout/+merge/332632
We've been applying this patch
John Johansen:
> Do you have another time/day that would work for you? No promises but
> its not too late to make a change
Sure: same time (18:00 UTC) on Wednesday or Thursday.
Cheers,
--
intrigeri
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
f mine but I'll try hard to adjust them
so I can join the meeting. That's tomorrow and I had two weeks to
raise this concern, so I don't want to trigger a rescheduling. I'll be
on IRC most of the week anyway so I trust I'll be able to voice my
opinion regardless :)
Cheers,
--
intrigeri
--
AppArm
Hi,
intrigeri:
> tl;dr: if *you* can put a few hours aside to help $subject happen
> around Oct. 23-27, I will be immensely grateful and will gladly offer
> $beverage next time we meet + will put aside a Tails t-shirt for you.
> Wrt. the "enabling AppArmor by default i
Review: Approve
Looks good to me. I have other fixes in the queue for GNOME 3.26 but let's not
block on them while this MR could be merged right away.
--
https://code.launchpad.net/~talkless/apparmor-profiles/+git/apparmor-profiles/+merge/332143
Your team AppArmor Developers is requested to
Review: Needs Information
I see that abstractions/ubuntu-browsers.d/java has something about
IcedTeaPlugin.so + other potentially useful stuff like access to
/{,var/}run/user/*/icedteaplugin-*/, that I suspect we'll need for Thunderbird
as well sooner or later. So how about including this
Seth, Jamie, Tyler: thanks for the reviews and the forward looking thinking.
It's not clear to me what's a blocker or not. Are you blocking on a big
refactoring of the accessibility rules before this MR gets merged? I'm not sure
it would be fair to expect Simon to do this work right now :) How
ll be on IRC.
Cheers,
--
intrigeri
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
rs already have an
account on GitHub, and among those people some won't bother creating
a GitLab account.
Cheers,
--
intrigeri
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
requests and deal with as many of them as we can with bzr before
the switch. Count me in :)
Cheers,
--
intrigeri
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
ntegration in a way that benefits
everyone here :)
I'm sorry I am too busy right now to identify and communicate what
kind of help I may need exactly, but most likely it'll be mostly in
the LTS distro maintenance and policy areas. I'm confident nothing
will be urgently needed kernel-side.
Cheers,
--
nto my ethics.
FWIW, Debian's Git hosting will switch to GitLab soon; GNOME is
switching to GitLab as well.
Cheers,
--
intrigeri
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
John Johansen:
> On 10/03/2017 12:16 AM, intrigeri wrote:
>> Steve Beattie:
>>> On Sat, Sep 30, 2017 at 07:50:56AM +0200, intrigeri wrote:
>>>> One thing I've noticed is that the way changes are backported from
>>>> master to older branches (i.e. ton
Hi,
Steve Beattie:
> On Sat, Sep 30, 2017 at 07:50:56AM +0200, intrigeri wrote:
>> One thing I've noticed is that the way changes are backported from
>> master to older branches (i.e. tons of cherry-picks) makes history
>> hard to analyze, i.e. it's very hard to tell "wh
ence worse than it could be, and worse than it is on
more opinionated (towards Git) platforms. *I* manage to get around it
mostly thanks to browser bookmarks and history. I doubt it offers
a smooth experience for first-time and pass-by contributors.
For example:
1. On https://code.launchpad.net/~int
excited!
Thanks a lot for doing this work.
Cheers,
--
intrigeri
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
Christian Boltz:
> From the openSUSE POV, I need 2.10.x and 2.11.x. None of the maintained
> openSUSE releases uses 2.9.x anymore, and SLE12 still enjoys ;-) 2.8.x
> with quite some backported patches.
> Are there distributions that still use 2.9?
Wrt. Debian 2.11.x will be enough:
- It'll
Simon McVittie:
> I'm surprised this works. bwrap is an "adverb" like chroot/sudo/env, so
> I would expect it to want to execute the wrapped thumbnailer?
Same here! It would be awesome if someone investigated why/how exactly
Totem now uses bwrap.
Cheers,
--
intrigeri
--
AppAr
1 - 100 of 322 matches
Mail list logo