Re: [apparmor] [patch] complain flag is enough, no symlink needed

Hello, Am Montag, 24. Februar 2014 schrieb Steve Beattie: On Tue, Feb 25, 2014 at 12:20:33AM +0100, Christian Boltz wrote: Change aa-complain / set_complain() to (only) add the complain flag. We don't need to additionally create a force-complain symlink. Acked-by: Steve Beattie st

Re: [apparmor] aa chapter in suse security guide - all the received reviews implemented

generation when in a chroot environment while a file is accessed that is exernal to the chroot but within the namespace). /para /sect2 Regards, Christian Boltz -- Anyway, what does our mission statement say? Have a lot of fun... [ Per Jessen and Kreg KH in opensuse-factory

[apparmor] SLE doc / art_apparmor_quick.xml

Hello, I just found out nobody pointed me to art_apparmor_quick.xml in the SLE doc. I just accidently ;-) found it - and as always when I first touch something, it breaks into its parts ;-) For details, see the attached review patch (for SVN r12170) Regards, Christian Boltz -- Eine Sig ist

[apparmor] [patch] common.py: add recursive_print()

: +print (tabs(dpth) + '[--- empty ---]') +else: +if key: +print (tabs(dpth) + '%s = %s' % (key, src)) +else: +print (tabs(dpth) + '- %s' % src) + def cmd(command): '''Try to execute the given command.''' debug(command) Regards, Christian

Re: [apparmor] [patch] common.py: add recursive_print()

Hello, Am Donnerstag, 27. Februar 2014 schrieb Jamie Strandboge: On 02/26/2014 06:48 PM, Christian Boltz wrote: this patch adds recursive_print() to common.py. It prints a data structure in an easily readable output and is quite useful[1] for debugging. However, I don't recommend

[apparmor] [patch] fix test-aa-decode.py

/~cjwatson/blosxom/2009-07-02-python-sigpipe.html # This is needed so that the subprocesses that produce endless output Regards, Christian Boltz -- Meeting, n.: An assembly of people coming together to decide what person or department not represented in the room must solve a problem

Re: [apparmor] [patch] Post merge test fixes

. The following patch fixes them. Thanks! Acked-by: Christian Boltz appar...@cboltz.de However, I still get errors from test-aa-decode.py and test-aa-easyprof.py. Well, one thing after the other ;-) The fix for test-aa-decode.py is trivial, I'll send a patch in a minute. Regards, Christian Boltz

Re: [apparmor] [PATCH] add /var/www/html to abstractions/web-data

Hello, Am Donnerstag, 27. Februar 2014 schrieb Jamie Strandboge: This patch adds /var/www/html to abstractions/web-data, which is the path used for document root on Debian and its derivatives[1]. Nominated for 2.8. Acked-by: Christian Boltz appar...@cboltz.de for trunk and 2.8 That said

Re: [apparmor] [patch] fix test-aa-decode.py

Hello, Am Donnerstag, 27. Februar 2014 schrieb Christian Boltz: this patch fixes test-aa-decode.py - it failed all tests because the path to aa-decode was wrong. === modified file 'utils/test/test-aa-decode.py' --- utils/test/test-aa-decode.py2012-11-06 01:27:20 + +++ utils

Re: [apparmor] [patch] common.py: add recursive_print()

Hello, Am Donnerstag, 27. Februar 2014 schrieb Jamie Strandboge: On 02/27/2014 02:04 PM, Christian Boltz wrote: Am Donnerstag, 27. Februar 2014 schrieb Jamie Strandboge: On 02/26/2014 06:48 PM, Christian Boltz wrote: this patch adds recursive_print() to common.py. Is pprint

Re: [apparmor] [patch] common.py: add recursive_print()

Hello, Am Donnerstag, 27. Februar 2014 schrieb Kshitij Gupta: On Feb 27, 2014 6:18 AM, Christian Boltz appar...@cboltz.de wrote: this patch adds recursive_print() to common.py. It prints a data structure in an easily readable output and is quite Works with nested dictionaries, lists

Re: [apparmor] test-aa-easyprof.py fails because of UsrMove

Hello, Am Sonntag, 2. März 2014 schrieb Kshitij Gupta: On Sat, Mar 1, 2014 at 3:41 AM, Christian Boltz wrote: test-aa-easyprof.py depends on /bin/ls being a real binary. In practise, it is a symlink to /usr/bin/ls on some distributions. The patch below fixes this for me, but I know

Re: [apparmor] test-aa-easyprof.py fails because of UsrMove

Hello, Am Dienstag, 4. März 2014 schrieb Kshitij Gupta: On Sat, Mar 1, 2014 at 3:41 AM, Christian Boltz wrote: test-aa-easyprof.py depends on /bin/ls being a real binary. In practise, it is a symlink to /usr/bin/ls on some distributions. ... @Christian With the patch from @Steve in place I

Re: [apparmor] test-aa-easyprof.py fails because of UsrMove

Hello, Am Mittwoch, 5. März 2014 schrieb Steve Beattie: On Wed, Mar 05, 2014 at 09:27:29PM +0100, Christian Boltz wrote: I finally applied Steve's small change to preserve the tempdirs (and another one to tell me the used tempdir - BTW: is there a clean way to do this? I had to abuse

Re: [apparmor] [patch 09/11] utils: split out aa-genprof command

(program) import apparmor.cleanprofile as cleanprofile Regards, Christian Boltz -- weitere Indizien deuten ja auf KMail2: - [...] - KMail2 ist immer kaputt, warum nicht auch hier? ;) [Roman Fietze in opensuse-de] -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings

Re: [apparmor] [patch 11/11] utils: add simple parsing of multi-line rules

, audit /tmp/foo, # bar rw, # comment The expected results should be obvious, even if those testcases are a bit ;-) evil. Regards, Christian Boltz -- In case someone reads this and does not understand irony: this is not a valid solution for something you want to submit to openSUSE:Factory

Re: [apparmor] [patch 09/11] utils: split out aa-genprof command [v2]

Hello, Am Donnerstag, 6. März 2014 schrieb Steve Beattie: On Thu, Mar 06, 2014 at 09:41:02AM -0800, Steve Beattie wrote: On Thu, Mar 06, 2014 at 01:29:41PM +0100, Christian Boltz wrote: Am Mittwoch, 5. März 2014 schrieb Steve Beattie: This patch splits out the genprof tool functionality

Re: [apparmor] [patch 11/11] utils: add simple parsing of multi-line rules

Hello, Am Donnerstag, 6. März 2014 schrieb Steve Beattie: On Thu, Mar 06, 2014 at 10:10:16PM +0100, Christian Boltz wrote: Am Mittwoch, 5. März 2014 schrieb Steve Beattie: D-Bus rules in particular seem to get written as multi-line rules. This patch adds very simple hackish support

Re: [apparmor] [RFC] [patch] Makefile automatically fallback to USE_SYSTEM=1

sounds better)? That would mean people have to actively opt-in to the automatical fallback by touch'ing the file once in their bzr checkout. This would fix the surprise part. With the opt-in file added, the patch looks good to me. Regards, Christian Boltz -- Mit Java [...] werden auch oft

Re: [apparmor] Sharing profiles maintenance once they're ready for production

? Regards, Christian Boltz [1] at least for the programs I'm using regularly ;-) -- Hier gibt es zB eine Adress-DB für einige Leute und allein schon die gleichzeitige Verwendung dieser DB ist eher die Ausnahme. Wahrscheinlich verdienen die Datenbanken hier die Bezeichnung gar nicht. Wenn du willst

Re: [apparmor] [patch][utils] Fix comment writing

. Signed-off-by: Kshitij Gupta kgupta8...@gmail.com Looks good (and works) :-) Acked-by: Christian Boltz appar...@cboltz.de Regards, Christian Boltz -- Currently you get a SUSE Linux box for 60 bugs with 1 DVD, 5 CDs, Although there are actually more bugs available for SUSE LINUX 10.0, as you

[apparmor] [patch] aa-genprof: fix last_audit_entry_time()

] +if re.search('^.*msg\=audit\((\d+\.\d+\:\d+).*\).*$', out): +logmark = re.search('^.*msg\=audit\((\d+\.\d+\:\d+).*\).*$', out).groups()[0] else: logmark = '' return logmark Regards, Christian Boltz -- wie gefährlich kann der momentan umgehende Wurm Sober-C für ein Linux

Re: [apparmor] [PATCH] utils: Add very limited support for mount rules

strings wrapped in a class. Signed-off-by: Tyler Hicks tyhi...@canonical.com Looks good, thanks. I also like the testcases you added. (Maybe you can add some tests for lines with comments?) Acked-by: Christian Boltz appar...@cboltz.de Regards, Christian Boltz -- Auaauaaua, sorry, Leute, das war

Re: [apparmor] [PATCH] utils: Basic support for bare capability rules

matches[2].trim here. With the regex changed and a TODO note for duplicate removal, Acked-by: Christian Boltz appar...@cboltz.de Regards, Christian Boltz -- That release went far too smooth after we had everything together ;-) That on it's own should have set off the alarm bells :-) [ Andreas Jaeger

Re: [apparmor] [PATCH 1/3] utils: Basic support for signal rules

encountering signal rules. Signed-off-by: Tyler Hicks tyhi...@canonical.com In general, Acked-By: Christian Boltz appar...@cboltz.de However, diff --git a/utils/test/test-regex_matches.py b/utils/test/test-regex_matches.py index 0b656cc..7096a50 100644 --- a/utils/test/test-regex_matches.py

Re: [apparmor] [PATCH 2/3] utils: Basic support for ptrace rules

encountering ptrace rules. Signed-off-by: Tyler Hicks tyhi...@canonical.com Acked-By: Christian Boltz appar...@cboltz.de with similar complaints as in the signal patch: --- /dev/null +++ b/utils/test/test-ptrace_parse.py ... +class AAParsePtraceTest(unittest.TestCase): + +def

Re: [apparmor] [PATCH 3/3] utils: Basic support for pivot_root rules

when encountering pivot_root rules. Signed-off-by: Tyler Hicks tyhi...@canonical.com Acked-By: Christian Boltz appar...@cboltz.de with two conditions: - please fix the issues Steve found - please convert the tests to arrays to make the code more readable (as described in my previous mails

Re: [apparmor] [PATCH v2] utils: Basic support for file prefix in path rules

(self): As already written several times today, having all tests in an array would be a good idea ;-) Regards, Christian Boltz -- Blöde Frage: Platte/Partition voll? - df -h Tatsächlich. Erklärt mich nicht für blöd, das war auch mein 1.Gedanke, habe mich dann aber dummerweise bei der Ausgabe

[apparmor] [patch] winbindd profile update

/samba/smb_tmp_krb5.* rw, Regards, Christian Boltz -- Der Pinguin ist ein gutes Logo für Linux, denn was nicht fliegt, stürzt auch nicht ab. Francis Kuhlen (IBM-Vice President Sales) -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com

Re: [apparmor] [PATCH] parser: Document pivot_root in the apparmor.d(5) man page

) [ 'flags=(complain)' ]'{' [...] Unrelated, but: There are more flags, not only complain. The manpage should also have a section explaining what all those flags do. Are you bored enough to fix this now (I'm not, sorry), or do you prefer a bugreport? ;-) Regards, Christian Boltz -- http://www1

Re: [apparmor] [patch] winbindd profile update

Hello, Am Montag, 21. April 2014 schrieb Steve Beattie: On Fri, Apr 18, 2014 at 04:17:41PM +0200, Christian Boltz wrote: this patch updates the usr.sbin.winbindd profile - allow rw access to /var/cache/krb5rcache/ - treat passdb.tdb.tmp as passdb.tdb Patch from Lars Müller lmue

Re: [apparmor] [PATCH 1/2] utils: Fix infinite loop when converting an unrecognized mode string

|= MODE_HASH[tmp] Acked-by: Christian Boltz appar...@cboltz.de Regards, Christian Boltz -- I guess that mkinitrd has become an official victim of our attempts to move from into the /usr space. [Raymond Wooninck in https://bugzilla.novell.com/787085#c10] -- AppArmor mailing list AppArmor

Re: [apparmor] [PATCH] utils: Clean up file rule parsing

for handling bare file rules. Signed-off-by: Tyler Hicks tyhi...@canonical.com Cc: Christian Boltz appar...@cboltz.de --- This patch is meant to address the feedback from cboltz regarding the duplicated code in aa.py (not the duplicated test code): https://lists.ubuntu.com/archives/apparmor

Re: [apparmor] [PATCH 1/2] utils: Remove unnecessary regex groups

*(#. *)?$') +RE_PROFILE_PTRACE = re.compile('^\s*(audit\s+)?(allow\s+|deny\s+)?(ptrace[^#]*\s*,)\s*(#. *)?$') +RE_PROFILE_PIVOT_ROOT = re.compile('^\s*(audit\s+)?(allow\s+|deny\s+)?(pivot_root[^#]*\s*,)\s *(#.*)?$') Acked-by: Christian Boltz appar...@cboltz.de Side note: the regex for PIVOT_ROOT will also match

Re: [apparmor] [PATCH 2/2] utils: Simplify newly added test-regex_matches tests

in a classes list. The test methods are based on the regex_test() method, which performs the regex search and compares the results to the expected_result. Signed-off-by: Tyler Hicks tyhi...@canonical.com Cc: Christian Boltz appar...@cboltz.de --- This patch is meant to address feedback from cboltz

[apparmor] [patch] test the mountains and pay the dbusdriver a pivot_rootbeer

: Are you ok with $SUBJECT as commit message? ;-) (if not, please propose a better one ;-) Regards, Christian Boltz -- AFAIK they are still working on it... But you know, there are also so called human beeings, who normally do not work the weekend ;-) It rather seems to me that there are so many

[apparmor] [patch] fix regexes for pivot_root etc. to avoid pivot_rootbeer is accepted

anything that's not or #, or matching quotes with anything except quotes inside __re_no_or_quoted_hash = '([^#]|[^]*)*' Regards, Christian Boltz -- Bei Windows hat man Mailreader, der alles kann. Bei Linux hat man ein MUA, das eigentlich gar nichts kann, aber das verdammt gut. [Bernd Brodesser

Re: [apparmor] [patch] abstractions/php: allow access to conf.d/ config files

to make the rules much simpler: /etc/php5/**/ r, /etc/php5/**.ini r, Opinions? Regards, Christian Boltz -- Angesichts der offensichtlich hervorragenden Leistungen einiger Athleten bei der 35. Idiotenparade der Herren (Einzel/Mannschaft) in Nürnberg bin ich gerade mal wieder eine alte

[apparmor] [patch] aa-genprof: fix byte vs. string and wrong filename

\=audit\((\d+\.\d+\:\d+).*\).*$', out).groups()[0] else: Regards, Christian Boltz -- I'm root - if you see me laughing you better have a backup! -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor

[apparmor] [patch] fix crash in aa-genprof

][pname] = True write_profile_ui_feedback(pname) def get_profile_flags(filename, program): Regards, Christian Boltz -- Feel free to close this bug as accidently ;-) fixed... Nothing happens here by accident ;-)... [ Christian Boltz and Stephan Binner, https://bugzilla.novell.com

[apparmor] [patch] fix save_profile() by fixing some other code

is innocent because he just translated this well-hidden bug to python ;-) Regards, Christian Boltz -- Möglicherweise laufe ich sogar mit fliegenden Fahnen von Gnome zu KDE über. Jedenfalls, bis sich das Gnome-Projekt dazu entschliesst, Nautilus durch /irgendwas/ zu ersetzen. Notfalls eine Parkuhr oder

Re: [apparmor] [PATCH] utils: Handle unmount rules

,' +mount = aa.parse_mount_rule(rule) +self.assertEqual(rule, mount.serialize(), +'mount object returned %s, expected %s' % Doing this with an array and a loop is still on your TODO list, right? ;-) That said, Acked-by: Christian Boltz appar...@cboltz.de Regards

[apparmor] [patch] fix disabling printk_ratelimit in aa-genprof

-09 18:31:07 + @@ -33,7 +33,7 @@ return value def sysctl_write(path, value): -if not value: +if value is None: return with open(path, 'w') as f_out: f_out.write(str(value)) Regards, Christian Boltz -- Re. mailing lists are too hard to use, people who

Re: [apparmor] [patch] fix disabling printk_ratelimit in aa-genprof

Hello, Am Montag, 9. Juni 2014 schrieb Seth Arnold: On Mon, Jun 09, 2014 at 08:33:28PM +0200, Christian Boltz wrote: aa-genprof failed to set /proc/sys/kernel/printk_ratelimit to 0 (unlimited) because the if not value: check matches 0. This patch replaces the check with ... is None

Re: [apparmor] [patch] fix disabling printk_ratelimit in aa-genprof

Hallo Leute, Am Montag, 9. Juni 2014 schrieb Christian Boltz: However, a warning can't hurt. Slightly updated patch: Well, actually it can hurt - if you don't import the warn() function ;-) So here's v3: === modified file 'utils/aa-genprof' --- utils/aa-genprof2014-05-21 19:42:43 +

[apparmor] [patch] fix aa-complain to work with quoted profile names

noticed that aa-cleanprof (and therefore probably all python tools) adds additional quotes in file rules, so /bin/foo bar mrix, becomes /bin/foo bar mrix, and in the next run /bin/foo bar mrix, One more patch to write... Regards, Christian Boltz -- a computer without an Internet connection

[apparmor] [patch] better error messages in aa.py store_list_var()

variable operation %s for variable %s') % (var_operation, list_var)) def strip_quotes(data): Regards, Christian Boltz -- [BILD] Als langjährig tätiger Strafverteidiger (und Fan von Volker Pispers) muß ich jedoch dringend davor warnen, stinkende tote Fische in dieses Freiexemplar der

Re: [apparmor] [patch] better error messages in aa.py store_list_var()

Hello, Am Mittwoch, 18. Juni 2014 schrieb Steve Beattie: On Thu, Jun 19, 2014 at 02:41:39AM +0200, Christian Boltz wrote: this patch improves the error messages in aa.py store_list_var() to make debugging of profile syntax problems easier. This is an okay improvement as-is, but it sure

Re: [apparmor] [patch 3/3] profiles: apache2 — allow HANDLING_UNTRUSTED_INPUT access to abstractions/base

usr.sbin.apache2 and abstractions/apache2-common contain signal rules). Is this an Ubuntu patch that was not commited to bzr yet? Regards, Christian Boltz -- dragotin where is that lazy chicken btw? suseROCKs Ouch! dragotin oh - code of conduct violated? dragotin It is not allowed to call henne

Re: [apparmor] [PATCH] policy updates for ptrace and signal mediation

us Acked-by: Christian Boltz appar...@cboltz.de Regards, Christian Boltz -- [ComputerBild] Allerdings wird wahrscheinlich eher die Hölle zufrieren als das dieses Organ der Presselandschaft, deren Inhalt einer jeden Ausgabe locker auf einer Briefmarke Platz hätte, [für die Etikette] eine Spalte

[apparmor] [patch] dovecot profile update

/apparmor.d/usr.lib.dovecot.auth2014-07-07 19:55:54 + @@ -1,6 +1,7 @@ # -- # #Copyright (C) 2013 Christian Boltz +#Copyright (C) 2014 Christian Wittmer # #This program is free software; you can redistribute

[apparmor] [patch] allow /run/nscd/passwd in abstractions/nameservice

rw, - /var/{db,cache,run}/nscd/{passwd,group,services,host}r, + /{var/db,var/cache,var/run,run}/nscd/{passwd,group,services,host}r, # nscd renames and unlinks files in it's operation that clients will # have open /{,var/}run/nscd/db* rmix, Regards, Christian Boltz -- Hell

Re: [apparmor] [patch] profiles: add dovecot-common abstraction

Hello, Am Montag, 7. Juli 2014 schrieb Steve Beattie: On Tue, Jul 01, 2014 at 11:06:06PM +0200, Christian Boltz wrote: What's the reason for the /{var/,}run/dovecot/config rw, rule? None of the dovecot profiles did contain this rule before... Honestly, I'm not enough of a dovecot

Re: [apparmor] apparmor support in centos/rhel 7

the buildservice to send a submit request ;-) Regards, Christian Boltz -- My calendar shows May 12th to be a Friday, not a Thursday? I meant 11th ;-(. With all the delays, perhaps mentioning the year would also be a good idea. ;-) [ Andreas Jaeger and houghi in opensuse] -- AppArmor mailing

Re: [apparmor] AppArmor continuing to confine process after calling rcapparmor stop

reload), but the systemd magic breaks it. Regards, Christian Boltz -- Ich _habe_ einen vernünftigen Mailer! Und warum benutzt Du ihm nicht? Mach ich gerade. Komisch, bei mir wird angezeigt, daß Du KMail benutzt. [ Manfred Misch und Bernd Brodesser in suse-linux] -- AppArmor mailing list

[apparmor] [patch] move parser/rc.aaeventd.* to deprecated/

/rc.aaeventd.suse deprecated/ Regards, Christian Boltz -- Von Euch laß ich mich nirgendwo hinführen! Das machen wir ganz unauffällig, das merkst Du garnicht. Warts ab, eines Tages bist Du der größte sig-Lieferant im Usenet und weißt garnichts davon.[Moss und C. Mueller in suse-talk

[apparmor] [patch] fix LOG_MODE_RE in aamode.py

|a|x|i|u|p|c|n|I|U|P|C|N)') def str_to_mode(string): Regards, Christian Boltz -- In the beginning was the word, and the word was content-type: text/plain -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor

[apparmor] [patch] remove unused LOG_MODE_RE in logparser.py

|Ux|Px|PUx|Cx|Pix|Cix') PROFILE_MODE_DENY_RE = re.compile('r|w|l|m|k|a|x') Regards, Christian Boltz -- Wäre es nicht eine Verbesserung, wenn bei der nächsten Win Version anstatt der beängstigenden Meldung schwerer Ausnahmefehler ein beruhigendes ärgerliches Standardproblem den

[apparmor] [patch] fix crash in save_profiles()

in changed_list: +for profile_name in sorted(changed.keys()): write_profile_ui_feedback(profile_name) reload_base(profile_name) Regards, Christian Boltz -- Machen wir einen Club utf-8 geplagte Perl-Programmierer auf? [Bernhard Walle in suse

Re: [apparmor] [patch] remove unused LOG_MODE_RE in logparser.py

Hello, Am Montag, 14. Juli 2014 schrieb Seth Arnold: On Sat, Jul 12, 2014 at 09:29:14PM +0200, Christian Boltz wrote: logparser.py defines LOG_MODE_RE, but doesn't use it. LOG_MODE_RE is also defined (and used) in aamode.py. This patch removes the superfluous definition from

[apparmor] [patch] don't use system /etc/apparmor.d/ in severity_test.py

/', symlinks=True) def tearDown(self): #Wipe the local profiles from the test directory Regards, Christian Boltz -- Widerstand ist zwecklos (wenn er kleiner als 1 Ohm ist). -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com

Re: [apparmor] [patch] don't use system /etc/apparmor.d/ in severity_test.py

Hello, Am Montag, 14. Juli 2014 schrieb Christian Boltz: this patch changes severity_test.py to use the in-tree profiles instead of the system profiles in /etc/apparmor.d/ === modified file 'utils/test/severity_test.py' --- utils/test/severity_test.py 2014-02-13 00:59:27 + +++ utils

[apparmor] [patch] use in-tree python modules in all tests

@@ # # -- +import sys +sys.path.append('../') + import apparmor.aa as aa import unittest Regards, Christian Boltz -- Ansonsten: Ich sage nur Diwasserstoffmonoxid. Ja, ein äußerst schädliches Zeugs, vor allem wenn es

[apparmor] [patch] inprove runtests-py*.sh

running $file... ; python3 $file; echo; done +#!/bin/bash +# -- +# +#Copyright (C) 2014 Christian Boltz +# +#This program is free software; you can redistribute it and/or +#modify it under the terms of version 2 of the GNU

Re: [apparmor] [patch] inprove runtests-py*.sh

Hello, Am Mittwoch, 16. Juli 2014 schrieb Steve Beattie: On Wed, Jul 16, 2014 at 01:39:49PM +0200, Christian Boltz wrote: I know all tests succeeded is the expected result, and we should always have that. Indeed. I wish I could get that with make check with the distribution's python

Re: [apparmor] [Merge] lp:~intrigeri/apparmor-profiles/totem+gstreamer-1.4 into lp:apparmor-profiles

./*/.so m, doesn't look correct - I'd guess there shouldn't be a / in front of .so ;-) -- https://code.launchpad.net/~intrigeri/apparmor-profiles/totem+gstreamer-1.4/+merge/227691 Your team AppArmor Developers is requested to review the proposed merge of

Re: [apparmor] [patch] use in-tree python modules in all tests

Hello, Am Montag, 21. Juli 2014 schrieb Steve Beattie: On Mon, Jul 14, 2014 at 10:19:52PM +0200, Christian Boltz wrote: this patch changes several utils/test/*.py to use the in-tree python modules. Sorry, but I don't like this patch. The reason is that I don't want to hardcode the local

Re: [apparmor] How to confine querying of /proc to /proc/self?

automatically tighten up when we introduce a @{pid} kernel-side variable. Well, it's nearly the best ;-) You can/should also add the owner keyword which excludes reading /proc entries of processes run by other users: owner @{PROC}/@{pid}/** r, Regards, Christian Boltz -- Nur beim Account meines

[apparmor] [patch] some more globbing tests

= False + Regards, Christian Boltz -- Maybe you need to turn the chamaeleon (gecko) once more, 90 grades this time, with a silly grin and a rolling stones tongue coming out. ;-)) [Eberhard Moenkeberg in opensuse] -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings

[apparmor] cross-distribution profile repo

, Christian Boltz -- Aber immer, wenn ich nichts Böses erwarte, dann passierts. Dann hat irgend ein Hirni was geändert, was mehr Arbeit macht. Und der Hirni sitzt hinter 'nem Busch und lacht sich tot [Ernst Scott in opensuse-de] -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings

[apparmor] [patch] aa-mergeprof - fix UI_* and AA_MAY_EXEC location

%s %s to profile') % (family, sock_type)) else: done = False Regards, Christian Boltz -- mv ~/Hirn ~/Sieb [David Haller in suse-linux] -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe

Re: [apparmor] [patch] aa-mergeprof - fix UI_* and AA_MAY_EXEC location

Hello, Am Sonntag, 27. Juli 2014 schrieb Christian Boltz: I just wanted to use aa-mergeprof and it failed with funny[tm] backtraces. It turned out that it looks for UI_*() and AA_MAY_EXEC in the wrong python module. The patch fixes aa-mergeprof to - call apparmor.ui.UI_*() instead

Re: [apparmor] cross-distribution profile repo

or if the packager pulls the profile from the apparmor-profiles repo (or even both) is just a technical detail (and a nice chicken-egg problem ;-) Regards, Christian Boltz [1] For openSUSE, I could imagine to have a meta package that BuildRequires all packages containing profiles. This package could

[apparmor] [patch] aa-mergeprof: honor -d parameter

apparmor.AppArmorException(_(%s is not a directory.) %profiledir) + def main(): mergeprofiles = Merge(profiles) Regards, Christian Boltz -- Wenn derjenige hinterher herumjammert, Zwar hängt jetzt das Bild, aber ich habe ein Loch in der Wand und ein Nagel steht hervor..., dann habe ich große Zweifel daran

Re: [apparmor] [utils][patch] Enable 2-way merge in aa-mergeprof

that, Acked-by: Christian Boltz appar...@cboltz.de and commited to bzr. Regards, Christian Boltz -- [lost password] Not that i know much of encrypted FS's, but id say you are pretty lost by then. Unless you can brutecrack the encryption with some forensics software... Start looking for post

[apparmor] aa-mergeprof testing results/bugs

/home/cb/apparmor/HEAD-CLEAN/utils/apparmor/aa.py, line 4351, in write_profile changed.pop(profile) KeyError: '/usr/bin/maildrop' Regards, Christian Boltz -- [makeSUSEdvd] When it works, I will most likely hold a press conference or something, so people will be informed by CNN. :-) [houghi

Re: [apparmor] Question on script profile permissions

), and I'm surprised it's not required. permission that I can't quite articulate. Maybe the following script helps you to articulate it ;-) #!/bin/rm -r / echo Hello World! You better have a tight profile while testing this Hello World script ;-) Regards, Christian Boltz PS: the script

Re: [apparmor] [patch] aa-mergeprof: honor -d parameter

Hello, Am Montag, 4. August 2014 schrieb Kshitij Gupta: On Wed, Jul 30, 2014 at 4:01 AM, Christian Boltz wrote: Am Mittwoch, 30. Juli 2014 schrieb Kshitij Gupta: ... The current method uses all the profiles and abstractions from -d directory to process profiles. Without it the merges can

[apparmor] [patch] ui.py - when using (N)ew, set selected path as default input

= raw_input(text) +except EOFError: +string = '' +finally: +readline.set_startup_hook() else: SendDataToYast({'type': 'dialog-getstring', 'label': text, Regards, Christian Boltz -- Ich denk in Prag werd ich dann hauptsächlich

Re: [apparmor] [patch] ui.py - when using (N)ew, set selected path as default input

Hello, Am Mittwoch, 6. August 2014 schrieb Kshitij Gupta: On Wed, Aug 6, 2014 at 4:45 AM, Christian Boltz wrote: this patch sets the currently selected path as (editable) default when using (N)ew in aa-logprof or aa-genprof. Credits go to http://stackoverflow.com/questions/2533120

[apparmor] [patch] dovecout.auth profile update

, - /etc/dovecot/dovecot-database.conf.ext r, - /etc/dovecot/dovecot-sql.conf.ext r, + /etc/dovecot/* r, /usr/lib/dovecot/auth mr, # kerberos replay cache Regards, Christian Boltz -- Whoa whoa whoa that's WAY too efficient. Using tools that already exist? Instead of inventing

[apparmor] [patch] smbd: changed cachedir in openSUSE

/printing/printers.tdb mrw, + /var/{cache,lib}/samba/printing/printers.tdb mrw, /var/lib/samba/** rwk, /var/lib/sss/pubconf/kdcinfo.* r, /{,var/}run/cups/cups.sock rw, Regards, Christian Boltz -- If nothing else, the 15 years I've been online have impressed upon me the ability of people

Re: [apparmor] What's the right way to enforce program in systemd service?

initscript even with systemd. Having a systemd unit to load all profiles would be nice (and would solve some annoying problems) - is someone interested in writing one? ;-) Regards, Christian Boltz -- [Virenscanner] Stattdessen gehört auf einen Windows-Arbeitsplatz ein guter, selbstaktualisierender

Re: [apparmor] WTF changed in latest aa-enforce?!

Hello, Am Mittwoch, 13. August 2014 schrieb Seth Arnold: On Wed, Aug 13, 2014 at 01:54:30PM +0200, Christian Boltz wrote: apparmor.common.AppArmorException: Syntax Error: Missing '}' . Reached end of file /etc/apparmor.d/usr.sbin.nginx while inside profile /usr/sbin/nginx

Re: [apparmor] WTF changed in latest aa-enforce?!

, Christian Boltz -- [Passwörter] Ich suche nach einem Mittelweg zwischen maximaler Sicherheit und Zumutbarkeit für den Benutzer (ein Pferd mit Hufen, dem unsere Admin-Tastaturen viel zu klein sind :-)). [Manfred Rebentisch in suse-linux] -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify

Re: [apparmor] [patch] parser/tst/simple_tests/profile/flags/* - remove or replace #include lines

Hello, Am Dienstag, 12. August 2014 schrieb Steve Beattie: On Wed, Aug 06, 2014 at 10:45:55PM +0200, Christian Boltz wrote: the test profiles in parser/tst/simple_tests/profile/flags/* contain #include includes/base which doesn't exist. Except that it does, as parser/tst

[apparmor] Two logprof backtraces

TypeError: unsupported operand type(s) for -: 'collections.defaultdict' and 'set' BTW: Using 'c' instead of 'v' lets me view the differences without a crash. Regards, Christian Boltz -- ... wenn man schon Spams und Viren nur unvollkommen filtern, wie will man dann die Windoof Experten fo^Hiltern

[apparmor] [patch] fix crash in aa.py / check_for_LD_XXX()

: +return True +return False def fatal_error(message): # Get the traceback to the message Regards, Christian Boltz -- You cannot mix selections and patterns in a product - and we will remove all selection support now. AAARRGG. Needing to re-write makeSUSEdvd again. ;-) It looks

[apparmor] [patch] remove unused REs in logparser.py

socket names OPERATION_TYPES = {'create': 'net', Regards, Christian Boltz -- Versuch mal eine Seite für user zu erstellen die noch mit nem 486er win 95 und ie4 bzw nem alten netscape 3 durch die gegend surfen. OK, aber du hast heute auch Probleme mit Poststationen, wo du die Pferde

[apparmor] [patch] fix and cleanup logparser.py add_event_to_tree()

, aamode, e['denied_mask'], e['name'], '']) else: Regards, Christian Boltz -- _sehr_ alt: ich musste neulich wieder feststellen, dass bei einem 32bit System nach (2^^32-1)/100 Sekunden Laufzeit es nicht mehr sinnvoll möglich ist, die uptime zu ermitteln :) [Wolfgang Hamann in opensuse

[apparmor] [patch] fix Invalid mode found: AUDITING in aa-logprof / logparser.py

: 'AUDITING', + 2: 'AUDIT', 3: 'PERMITTING', 4: 'REJECTING', 5: 'HINT', Regards, Christian Boltz -- I was already 21 when color tv got introduced in Germany... Old Fart

Re: [apparmor] usr.bin.ssh and usr.bin.scp profiles

in the extras dir (profiles/apparmor/profiles/extras/usr.sbin.sshd in tarball and bzr) which does exactly that. Regards, Christian Boltz -- [ X-Mailer: Microsoft Outlook Express 6.00.2800.1106 ] Damit ist deinem Kmail der Preis für die gruseligste Halloween-Maske dieses Jahres sicher. [Andreas

[apparmor] [patch] better error message in aa.py when reaching EOF unexpectedly

, Christian Boltz -- Jetzt kriege ich es echt mit der Angst: da gibt es Zeilen in meinem Code der identisch mit dem von SCO ist, etwa ein include stdio.h oder aber auch ein hinterlistiges default:break;. [Michael Karges in suse-linux] -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify

[apparmor] [patch] aa.py / ask_the_question - simplify duplicate option prevention

glob_path(newpath): Glob the given file path if newpath[-1] == '/': Regards, Christian Boltz -- [...] if the installation of a stupid package failed, [...] AFAIK there is no package named `stupid'. [ Raphael Schillings and Michael Gross in https://bugzilla.novell.com/show_bug.cgi?id

Re: [apparmor] [Branch ~apparmor-dev/apparmor/master] Rev 2594: put the gettext define in one place

/used in network.h? (I slightly ;-) doubt...) Regards, Christian Boltz -- Persönliche Daten sind wie Plutonium. Wenn zuviele davon auf einem Haufen liegen, wird es kritisch. [Dirk Engeling, CCC] -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https

Re: [apparmor] [patch] Fix the value being set in nt_name when allowed path exist

already sent an Acked-by: Christian Boltz appar...@cboltz.de for this patch on IRC yesterday. Regards, Christian Boltz -- Erstes Gesetz WWW: Du mögest trennen die Spinnen und Indianer von den Usern und jedem sein eigen Grund und Heim zuteilen auf das der eine nicht neidisch werde auf den

Re: [apparmor] [patch 1/8] utils tests: assign regex function at test setup

-by: Christian Boltz appar...@cboltz.de Regards, Christian Boltz -- Hmmm I think I hear steve yelling something about a unit test, but he is on vacation so I'll just ignore him for now ;) [John Johansen in apparmor] -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe

Re: [apparmor] [patch 3/8] utils tests: restructure Unix Parse tests

code :-) Acked-by: Christian Boltz appar...@cboltz.de Regards, Christian Boltz -- xslt, was? Wir kombinieren das Paradigma von awk mit der sprachlichen Eleganz von Cobol und den programmiertechnischen Verrenkungen von funktionalen Sprachen unter sorgfältiger Umgehung aller möglichen Vorteile

Re: [apparmor] [patch 5/8] utils tests: restructure mount parse tests

Hello, Am Donnerstag, 28. August 2014 schrieb Steve Beattie: Convert the mount parse tests to use common AAParseTest super class in common_test.py. Signed-off-by: Steve Beattie st...@nxnw.org Acked-by: Christian Boltz appar...@cboltz.de Regards, Christian Boltz -- Gericom + Pentium IV

Re: [apparmor] [patch 6/8] utils tests: restructure pivotroot parse tests

Hello, Am Donnerstag, 28. August 2014 schrieb Steve Beattie: Convert the pivotroot parse tests to use common AAParseTest super class in common_test.py. Signed-off-by: Steve Beattie st...@nxnw.org Acked-by: Christian Boltz appar...@cboltz.de Regards, Christian Boltz -- ist mein sendmail

<    1   2   3   4   5   6   7   8   9   10   >