The proposal to merge lp:~sdeziel/apparmor-profiles/unbound-profile into
lp:apparmor-profiles has been updated.
Status: Needs review => Merged
For more details, see:
https://code.launchpad.net/~sdeziel/apparmor-profiles/unbound-profile/+merge/86430
--
https://code.launchpad.net/~sdeziel/app
Review: Approve
Approving without 'm' for /etc/passwd and /etc/group per Kees' comment. Thanks!
--
https://code.launchpad.net/~sdeziel/apparmor-profiles/unbound-profile/+merge/86430
Your team AppArmor Developers is subscribed to branch lp:apparmor-profiles.
--
AppArmor mailing list
AppArmor@lis
The "mr" stuff means _executable_ mmap. I looks like unbound have an executable
stack. This should likely be fixed instead of adding "mr" to the abstraction,
since it is a larger problem:
# execstack -q /usr/sbin/unbound
X /usr/sbin/unbound
--
https://code.launchpad.net/~sdeziel/apparmor-profi
Simon Déziel has proposed merging lp:~sdeziel/apparmor-profiles/unbound-profile
into lp:apparmor-profiles.
Requested reviews:
AppArmor Developers (apparmor-dev)
Related bugs:
Bug #897392 in AppArmor Profiles: "[wishlist] add unbound profile"
https://bugs.launchpad.net/apparmor-profiles/+bug
Simon, at this point if we are missing fixes can you submit a new merge against
the current apparmor-profiles?
--
https://code.launchpad.net/~sdeziel/apparmor-profiles/unbound-profile/+merge/84024
Your team AppArmor Developers is subscribed to branch lp:apparmor-profiles.
--
AppArmor mailing li
Hi,
After Jamie and Felix commented I made a new merge proposal but I think
a previous one was merged. From what I see, lp:apparmor-profiles is
missing rev 80 to 82 from lp:~sdeziel/apparmor-profiles/unbound-profile
Maybe I did the proposal the wrong way, if yes please let me know how to
correct
Hi,
On Thu, Dec 15, 2011 at 10:47:09AM +0100, Christian Boltz wrote:
> Hello,
>
> Am Mittwoch, 30. November 2011 schrieb Simon Déziel:
> > === modified file 'ubuntu/12.04/usr.sbin.unbound'
> ...
> > + /etc/passwd rm,
> > + /etc/group rm,
>
> Minor nitpicking: Can someone change this to "mr" in
Hello,
Am Mittwoch, 30. November 2011 schrieb Simon Déziel:
> === modified file 'ubuntu/12.04/usr.sbin.unbound'
...
> + /etc/passwd rm,
> + /etc/group rm,
Minor nitpicking: Can someone change this to "mr" instead of "rm",
please? Then it would follow the usual order all other profiles have,
a
The proposal to merge lp:~sdeziel/apparmor-profiles/unbound-profile into
lp:apparmor-profiles has been updated.
Status: Needs review => Merged
For more details, see:
https://code.launchpad.net/~sdeziel/apparmor-profiles/unbound-profile/+merge/84024
--
https://code.launchpad.net/~sdeziel/app
Felix, you are right about the pid creation requiring the 2 capabilities. The
other errors you spotted do not show on Lucid. Thanks for testing this on
Oneiric. I'll fix the profile to work under Oneiric.
The problem with the handling of /var/lib/unbound/root.key is something I'd
like to cleanl
Simon Déziel has proposed merging lp:~sdeziel/apparmor-profiles/unbound-profile
into lp:apparmor-profiles.
Requested reviews:
Jamie Strandboge (jdstrand)
Felix Geyer (debfx)
Related bugs:
Bug #897392 in AppArmor Profiles: "[wishlist] add unbound profile"
https://bugs.launchpad.net/apparmo
Simon Déziel has proposed merging lp:~sdeziel/apparmor-profiles/unbound-profile
into lp:apparmor-profiles.
Requested reviews:
Jamie Strandboge (jdstrand)
Related bugs:
Bug #897392 in AppArmor Profiles: "[wishlist] add unbound profile"
https://bugs.launchpad.net/apparmor-profiles/+bug/897392
I dropped the 2 capabilities that were useless (dac_override and chown). The
new merge proposal is also protecting the control and server key while still
allowing automatic key update using the auto-trust-anchor-file mechanism
(RFC5011). The paths used to express the rules are now covering a reg
Review: Needs Fixing
On Ubuntu 11.10 with a mostly default unbound configuration:
Nov 30 11:15:24 felix-ka kernel: [ 4633.749580] type=1400
audit(1322648124.325:120): apparmor="DENIED" operation="file_mmap" parent=4451
profile="/usr/sbin/unbound" name="/etc/passwd" pid=4463 comm="unbound"
requ
dac_override and chown seem to be necessary to create/chown
/var/run/unbound.pid.
--
https://code.launchpad.net/~sdeziel/apparmor-profiles/unbound-profile/+merge/83892
Your team AppArmor Developers is subscribed to branch lp:apparmor-profiles.
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
The proposal to merge lp:~sdeziel/apparmor-profiles/unbound-profile into
lp:apparmor-profiles has been updated.
Status: Needs review => Merged
For more details, see:
https://code.launchpad.net/~sdeziel/apparmor-profiles/unbound-profile/+merge/83892
--
https://code.launchpad.net/~sdeziel/app
Review: Approve
I have approved this and then made the following change:
revno: 80
committer: Jamie Strandboge
branch nick: apparmor-profiles
timestamp: Wed 2011-11-30 06:57:44 -0600
message:
ubuntu/12.04/usr.sbin.unbound:
- add authorship
- break out non-chroot and chroot parts, as this is
The proposal to merge lp:~sdeziel/apparmor-profiles/unbound-profile into
lp:apparmor-profiles has been updated.
Status: Needs review => Merged
For more details, see:
https://code.launchpad.net/~sdeziel/apparmor-profiles/unbound-profile/+merge/83842
--
https://code.launchpad.net/~sdeziel/app
Can you comment why this is needed:
capability dac_override,
I added a note in the profile in the meantime.
--
https://code.launchpad.net/~sdeziel/apparmor-profiles/unbound-profile/+merge/83842
Your team AppArmor Developers is subscribed to branch lp:apparmor-profiles.
--
AppArmor mailing lis
Review: Approve
ACK. Thanks!
--
https://code.launchpad.net/~sdeziel/apparmor-profiles/unbound-profile/+merge/83842
Your team AppArmor Developers is subscribed to branch lp:apparmor-profiles.
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubu
Simon Déziel has proposed merging lp:~sdeziel/apparmor-profiles/unbound-profile
into lp:apparmor-profiles.
Requested reviews:
AppArmor Developers (apparmor-dev)
Related bugs:
Bug #897392 in AppArmor Profiles: "[wishlist] add unbound profile"
https://bugs.launchpad.net/apparmor-profiles/+bug
21 matches
Mail list logo