On Mon, Feb 02, 2015 at 07:58:58PM +0100, Christian Boltz wrote:
> Some IRC discussion brought up that it's probably better to check for
> ' (complain)' and ' (enforce)', so here's the patch:
>
>
> Fix aa-unconfined to work with profile names that don't start with / or null
>
> I propose this pa
On 02/02/2015 10:58 AM, Christian Boltz wrote:
> Hello,
>
> Am Montag, 2. Februar 2015 schrieb u:
>> Christian Boltz:
>>> Am Montag, 2. Februar 2015 schrieb u:
While playing around with `aa-unconfined` i saw that /usr/bin/tor
is
marked as not being confined.
>>>
>>> Does it work if
Hello,
Am Montag, 2. Februar 2015 schrieb John Johansen:
> On 02/02/2015 07:51 AM, Christian Boltz wrote:
> > Does it work if you change aa-unconfined line 66? Untested
> > pseudo-patch:
> > -if line.startswith("/") or line.startswith("null"):
> > + if line.strip() !
Hello,
Am Montag, 2. Februar 2015 schrieb u:
> Christian Boltz:
> > Am Montag, 2. Februar 2015 schrieb u:
> >> While playing around with `aa-unconfined` i saw that /usr/bin/tor
> >> is
> >> marked as not being confined.
> >
> > Does it work if you change aa-unconfined line 66? Untested
> > pseudo
On 02/02/2015 07:51 AM, Christian Boltz wrote:
> Hello,
>
> Am Montag, 2. Februar 2015 schrieb u:
>> While playing around with `aa-unconfined` i saw that /usr/bin/tor is
>> marked as not being confined.
>>
>> In Debian, `tor` comes with an apparmor profile which is called
>> "system_tor" and lives
Hello,
Am Montag, 2. Februar 2015 schrieb u:
> While playing around with `aa-unconfined` i saw that /usr/bin/tor is
> marked as not being confined.
>
> In Debian, `tor` comes with an apparmor profile which is called
> "system_tor" and lives in /etc/apparmor.d.
>
> `aa-unconfined` seems to ignore
Hi,
Steve Beattie:
> On Mon, Feb 02, 2015 at 10:22:27AM +, u wrote:
>> `aa-unconfined` seems to ignore this, but `aa-status` tells me that the
>> `system_tor` profile is well active.
>
> This is a bug in aa-unconfined. It's not been updated to take into
> account the possibility of profile n
On Mon, Feb 02, 2015 at 10:22:27AM +, u wrote:
> (Cc:ed Peter Palfrader (weasel), who maintains tor in Debian and the
> Debian AppArmor Packaging Team.)
>
> While playing around with `aa-unconfined` i saw that /usr/bin/tor is
> marked as not being confined.
>
> In Debian, `tor` comes with an