Hallo Leute,
Am Sonntag, 30. November 2014 schrieb Christian Boltz:
Let me warn you that your __init__() also has a regression when
compared with my set_* functions - imagine someone calls it with a
raw_rule that completely differs from the other parameters, like
cap_rule
Hello,
Am Montag, 1. Dezember 2014 schrieb Steve Beattie:
On Sat, Nov 29, 2014 at 08:10:38PM +0100, Christian Boltz wrote:
LOG_MODE_RE (used in validate_log_mode() in aamode.py) just checked
if the given parameter contains one of the possible matches. This
resulted in invalid [1] being
:52 +
@@ -33,7 +33,6 @@
/var/log/nscd.log rw,
@{PROC}/@{pid}/fd/ r,
@{PROC}/@{pid}/fd/* r,
- @{PROC}/@{pid}/maps r,
@{PROC}/@{pid}/mounts r,
# Site-specific additions and overrides. See local/README for details.
Regards,
Christian Boltz
--
ist mein sendmail was da
,
/usr/lib/man-db/man Px,
}
Regards,
Christian Boltz
--
[CR/LF] Beides sind uralte Begriffe, die noch aus der Zeit der
Schreibmaschinen stammen (das sind so komische Geräte mit denen man
Buchstaben und Zahlen auf Papier bekam, ohne das ein Computer und ein
Drucker dazwischen hing
+
# --
#
#Copyright (C) 2002-2005 Novell/SUSE
+#Copyright (C) 2014 Christian Boltz
#
#This program is free software; you can redistribute it and/or
#modify it under the terms of version 2 of the GNU General Public
@@ -8,12 +11,12
r,
/etc/postfix/main.cf r,
Regards,
Christian Boltz
--
I've chosen Suse for over 10 years, despite knowing that my computer
would be safest, enclosed in several feet of cement -- but it's really
hard to use that way... ;-) [Linda Walsh in opensuse-factory
/apparmor/profiles/extras/usr.sbin.useradd 2014-12-01 21:32:46
+
@@ -50,6 +50,7 @@
@{PROC}/filesystems r,
/usr/lib*/pwdutils/*so* mr,
/usr/sbin/adduser rmix,
+ /usr/sbin/nscd rPix,
/usr/sbin/useradd rmix,
/usr/sbin/useradd.local rmix,
/var/log/faillog rw,
Regards,
Christian
/apparmor/profiles/extras/usr.sbin.vsftpd 2014-12-01 22:45:57
+
@@ -1,6 +1,7 @@
# --
#
#Copyright (C) 2002-2005 Novell/SUSE
+#Copyright (C) 2014 Christian Boltz
#
#This program is free software; you can
Acked-by: Christian Boltz appar...@cboltz.de
Regards,
Christian Boltz
--
It is funny that most bugs people report here are KDE bugs. I have not
experienced those either with XFCE nor with GNOME3.
Perhaps that's a corollary of most openSUSE people using KDE. I haven't
seen many Windows bugs
,
Regards,
Christian Boltz
--
vi wird nie mein Freund, seine zwei Modi sind einfach nicht mein Fall.
Schade, wenn man sich erst einmal daran gewöhnt hat, kann man mit dem
Ding fliegen. [ Helga
--
Ran 24 tests in 0.005s
FAILED (failures=3)
This means we should keep this as a regex ;-)
(or, to say it more formally, NACK)
Regards,
Christian Boltz
--
Pullmail? Ein POP Connector aus der Hölle?
Reliable and inexpensive
):
if LOG_MODE_RE.search(mode):
-#if LOG_MODE_RE.search(mode):
return True
else:
return False
Regards,
Christian Boltz
--
Nö, gehackt wurde hier noch nie, soweit mir das bekannt ist.
Was ehrlichgesagt bei WordPress fast ein bisschen verblüffend ist. :-)
[fh in einem Kommentar auf
http
Hello,
Am Mittwoch, 3. Dezember 2014 schrieb Steve Beattie:
On Sun, Nov 30, 2014 at 12:45:49AM +0100, Christian Boltz wrote:
I agree with that; however, I think the difference between the two
situations (raw_rule not matching the passed cap_list versus calling
set_param() twice) is that you
)
Too much whitespace, please move the code in parse_capability() one
level to the left.
With the whitespace changed and optionally using split() in __init__()
for strings,
Acked-by: Christian Boltz appar...@cboltz.de
Needless to mention that large parts of this patch were originally
.
Originally-by: Christian Boltz appar...@cboltz.de
Signed-off-by: Steve Beattie st...@nxnw.org
+class InvalidCapabilityTest(unittest.TestCase):
+def setUp(self):
+self.maxDiff = None
+
+# XXX - these tests more properly belong in a test suite for
+# XXX
and getting a CapabilityRule instance back
- cope with move of parse_modifiers back into rule/__init__.py.
Looks good and passes a (short) manual test :-)
Acked-by: Christian Boltz appar...@cboltz.de
with the note that large parts of this patch were originally written by
me, so another
,
Regards,
Christian Boltz
--
of course, now everybody will claim how bad it is to fix bugs which
people rely on;
No, I wont claim that, in fact I would argue against keeping any bug
on which people relies on (known as backwards compatibility)
I should have excluded you from the list
/lib/dovecot/imap-login mr,
+ /{,var/}run/dovecot/anvil rw,
/{,var/}run/dovecot/login/ r,
/{,var/}run/dovecot/login/* rw,
Regards,
Christian Boltz
--
vielen Dank für den Link. Der ging ja neulich schon mal über die Liste
und ich habe die Seiten ganz schnell wieder zugemacht und mir die
Hello,
Am Mittwoch, 3. Dezember 2014 schrieb Christian Boltz:
Am Mittwoch, 3. Dezember 2014 schrieb Steve Beattie:
This patch integrated the new capability rule class into aa.py and
cleanprof.py.
Patch changes:
v5:
- merge my changes into Christian's original patches
- probably not you want to include in
this patch series.
Regards,
Christian Boltz
--
Das hätte man auch kürzer sagen können:
| Please don't use evolution anymore. It's not intended as a
| mailingprogramm, we're just riding around a little bit on our
| C-Compilers to find out how to break
should be not to expose something named *subdomain* in
libapparmor. As soft goal, I propose to get rid of *subdomain*
everywhere, even if it's only used internally.
Regards,
Christian Boltz
--
Ja, aber Popcorn over IP (PoIP) ist noch nicht so ganz ausgereift.
Ich habe schon versucht, das mit
be a good idea to add this comment also to the C code ;-)
Regards,
Christian Boltz
--
Microsoft is a cross between The Borg and the Ferengi. Unfortunately
they use Borg to do their marketing and Ferengi to do their programming.
[Simon Slavin in the SDM
(is_skippable_file('/etc/apparmor.d/')) # directory
without filename
+def test_skippable_13(self):
+self.assertTrue(is_skippable_file('README'))
+
if __name__ == '__main__':
unittest.main(verbosity=2)
Regards,
Christian Boltz
--
Wir brauchen ein postfixbuchconf-Kommando, damit
@@ -2560,14 +2560,6 @@
return True
return False
-def check_include_syntax(errors):
-# To-Do
-pass
-
-def check_profile_syntax(errors):
-# To-Do
-pass
-
def read_profiles():
try:
os.listdir(profile_dir)
Regards,
Christian Boltz
} = /home/\n@{foo} = /root/')
+
class SeverityDBTest(unittest.TestCase):
def setUp(self):
Regards,
Christian Boltz
--
Ich bekomme auch einige Würmer oder mails mit Vieren!
44
Hier noch ein paar Vieren, extra fuer dich.
[ Jan Hendrik Berlin und
/ instead of
deleting them (personally, I don't see a value in keeping them there).
Regards,
Christian Boltz
--
coolo Albrecht Dürer glich die von seinem Vater gebrauchte
Schreibweise Türer an die in Nürnberg gültige fränkische
Aussprache der harten Konsonanten
, as
it was causing the raw rules to be overly indented.
Signed-off-by: Steve Beattie st...@nxnw.org
Poke, any feedback on this? Thanks.
Looks good :-)
Acked-by: Christian Boltz appar...@cboltz.de
Regards,
Christian Boltz
--
No trees were killed in the sending of this message. However
,
- comment=comment, raw_rule=raw_rule)
+ comment=comment)
This change means you no longer set raw_rule. Please change this to
rule = CapabilityRule(..)
rule.raw_rule = raw_rule
return rule
With these details fixed,
Acked-by: Christian Boltz appar
in the current patch series, so I'll probably remind you after
you commited it ;-)
BTW: Thanks for the reply in 08/31 - having the *subdomain* function
deleted in a later patch is also a valid fix ;-)
Regards,
Christian Boltz
--
oh, wieder ein auto/pc-vergleich :-)
Ein Auto und die StVO sind
Hello,
Am Dienstag, 16. Dezember 2014 schrieb Steve Beattie:
On Tue, Dec 09, 2014 at 05:20:39PM +0100, Christian Boltz wrote:
--- a/utils/apparmor/rule/capability.py
+++ b/utils/apparmor/rule/capability.py
@@ -147,4 +144,4 @@ def parse_capability(raw_rule):
return
):
return False
-if check_audit and rule_obj.audit != self.audit:
-return False
-
-if rule_obj.audit and not self.audit:
-return False
-
# still here? - then it is covered
return True
Regards,
Christian Boltz
--
Please resolve
' | 'ax25' | 'ipx' | 'appletalk' | 'netrom' | 'bridge' |
'atmpvc' | 'x25' | 'inet6' | 'rose' | 'netbeui' | 'security' | 'key' | 'packet'
| 'ash' | 'econet' | 'atmsvc' | 'sna' | 'irda' | 'pppox' | 'wanpipe' |
'bluetooth' | 'netlink' ) ','
Regards,
Christian Boltz
--
Um es auf dein Beispiel zu
;-)
kshitij8 I vote for style b)
kshitij8 This is democratic voting right?
cboltz yes ;-)
cboltz but I still hope for an answer from sbeattie
kshitij8 send it over to ml maybe if he's away.
cboltz I'll do that if he doesn't answer in the next hours
Regards,
Christian Boltz
--
Was hat ein Revolver
rix,
++ /usr/bin/seq rix,
++ /usr/bin/tar rix,
++ /usr/bin/unzip rix,
++ /usr/bin/w3m rix,
++ /usr/bin/which rix,
++ /usr/bin/xz rix,
++
++ #include local/usr.bin.lessopen.sh
++}
Regards,
Christian Boltz
--
Äh - stehe ich auf dem Schlauch? Sehe ich das Problem eigentlich
nicht
quite sure that Tyler would love to get some feedback for his
[apparmor] [PATCH 0/31] Prepare to move cache loading functionality to
libapparmor
[apparmor] [PATCH 0/12] Move aa_{match, features, kernel_interface,
policy_cache} APIs
patch series ;-)
*SCNR*, thanks and merry X-mas!
Christian
/lib{,64}/libvirt/libvirt_leaseshelper ix,
/{,var/}run/leaseshelper.pid rwk,
# NetworkManager integration
Regards,
Christian Boltz
--
Ich habe da eine Theorie: Betriebssysteme melden Fehler und wollen,
dass sie behoben werden. Bei Systemen wie Windows 9x sind die Fehler
wesentlicher
Hello,
(CC'ing Marcus to make sure he notices the discussion)
Am Montag, 22. Dezember 2014 schrieb John Johansen:
On 12/21/2014 08:34 AM, Christian Boltz wrote:
this patch adds a profile for lessopen.sh which handles programms
automatically executed by less (for example to get a file list
Hello,
Am Montag, 22. Dezember 2014 schrieb John Johansen:
On 11/29/2014 11:19 AM, Christian Boltz wrote:
See for example
def test_sub_str_to_mode_8(self):
self.assertEqual(sub_str_to_mode('asdf42'), {'a'})
Now the question is if sub_str_to_mode shoud be non-silent
Hello,
Am Montag, 22. Dezember 2014 schrieb John Johansen:
On 12/21/2014 09:15 AM, Christian Boltz wrote:
Dear Santa,
I have some AppArmor patches that nobody reviewed since some weeks.
Since I hope and assume I wasn't too naughty in the last year [1],
can I please have some comments
Hello,
Am Montag, 22. Dezember 2014 schrieb John Johansen:
On 12/03/2014 04:24 PM, Christian Boltz wrote:
Am Dienstag, 2. Dezember 2014 schrieb Steve Beattie:
On Sat, Nov 29, 2014 at 09:26:03PM +0100, Christian Boltz wrote:
the subject says it all - make coverage should fail if one
Hello,
Am Mittwoch, 24. Dezember 2014 schrieb Kshitij Gupta:
On Sun, Dec 7, 2014 at 4:10 AM, Christian Boltz wrote:
BTW: even the comment added to VARIABLE_DEFINITIONS contributes to
the coverage ;-)
There is some code in load_variables() to handle the comments maybe
thats why.
Yes
Hello,
Am Mittwoch, 24. Dezember 2014 schrieb Kshitij Gupta:
On Sun, Dec 7, 2014 at 2:49 AM, Christian Boltz wrote:
this patch updates is_skippable_file() to match all extensions that
are listed in libapparmor _aa_is_blacklisted() - some extensions
were missing in the python code
path /var/log/apparmor/libapparmor, and loglevel set
via env vars (that's what the utils do, BTW)
- use syslog
Regards,
Christian Boltz
--
Alles wird gut. Nichts wird besser. :-)
[Ratti in fontlinge-devel]
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe
Hello,
Am Freitag, 23. Januar 2015 schrieb Steve Beattie:
On Fri, Jan 16, 2015 at 06:23:29PM +0100, Christian Boltz wrote:
So, a bit of history. When we originally organized things, it was
with the intention that individual subdirectories (parser, profiles,
utils, etc.) would get individual
Hello,
Am Montag, 2. Februar 2015 schrieb u:
Christian Boltz:
Am Montag, 2. Februar 2015 schrieb u:
While playing around with `aa-unconfined` i saw that /usr/bin/tor
is
marked as not being confined.
Does it work if you change aa-unconfined line 66? Untested
pseudo-patch
Hello,
Am Donnerstag, 25. Dezember 2014 schrieb Kshitij Gupta:
On Thu, Dec 25, 2014 at 6:02 AM, Christian Boltz wrote:
Am Mittwoch, 24. Dezember 2014 schrieb Kshitij Gupta:
On Sun, Dec 7, 2014 at 2:49 AM, Christian Boltz wrote:
big snip, scroll down for updated patch
I'd also
:
-if line.startswith(/) or line.startswith(null):
+ if line.strip() != unconfined:
Regards,
Christian Boltz
--
Was habt Ihr denn? emacs ist doch ein tolles Betriebssystem!
Das einzige was ihm fehlt, ist ein vernünftiger Editor (vim?)
[Jan Trippler in suse-linux]
--
AppArmor mailing
Hello,
Am Montag, 2. Februar 2015 schrieb John Johansen:
On 02/02/2015 07:51 AM, Christian Boltz wrote:
Does it work if you change aa-unconfined line 66? Untested
pseudo-patch:
-if line.startswith(/) or line.startswith(null):
+ if line.strip() != unconfined
Hello,
Am Montag, 19. Januar 2015 schrieb Steve Beattie:
On Mon, Jan 19, 2015 at 05:48:26PM +0100, Christian Boltz wrote:
I'm planning to release an update for openSUSE 13.2 in the next days
(it was shipped with 2.9.0, and for some strange reason didn't need
an urgent post-release patch
branch?
Regards,
Christian Boltz
--
Because we had feature freeze in January ;)
Which is why there were no new features added to YaST since January.
Hey, we only did the usual bugfixing ;)
That's a bug, not a feature. :-D
[ Christoph Thiel and houghi in opensuse]
--
AppArmor mailing list
/Version)
Regards,
Christian Boltz
--
Die fünf Sinne des C++-Programmierers:
Der Schwachsinn, der Blödsinn, der Wahnsinn, der Unsinn
und der Stumpfsinn. [Holger Veit]
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman
('kernel:\s+(\[[\d\.\s]+\]\s+)?(audit:\s+)?type=\d+\s+audit\([\d\.\:]+\):\s+apparmor=')
RE_LOG_v2_6_audit =
re.compile('type=AVC\s+(msg=)?audit\([\d\.\:]+\):\s+apparmor=')
# Used by netdomain to identify the operation types
# New socket names
Regards,
Christian Boltz
--
Please
Hello,
Am Freitag, 16. Januar 2015 schrieb Seth Arnold:
On Fri, Jan 16, 2015 at 10:40:39PM +0100, Christian Boltz wrote:
this patch updates logparser.py to support the changed syslog format
by adding (audit:\s+)? to RE_LOG_v2_6_syslog.
References: https://bugs.launchpad.net/apparmor
Hello,
Am Samstag, 17. Januar 2015 schrieb Christian Boltz:
I forgot to ask - I propose this patch also for the 2.9 branch. Any
objections?
Hmm, for some reason Steve's mail (which answers this question) was
delayed...
Regards,
Christian Boltz
--
8.1 ist nicht 9.0
Also in der Quersumme
@@
+# --
+#Copyright (C) 2013 Kshitij Gupta kgupta8...@gmail.com
+#Copyright (C) 2015 Christian Boltz appar...@cboltz.de
+#
+#This program is free software; you can redistribute it and/or
+#modify it under the terms of version 2 of the GNU General
Hello,
Am Dienstag, 13. Januar 2015 schrieb Steve Beattie:
On Fri, Dec 19, 2014 at 12:24:02AM +0100, Christian Boltz wrote:
this patch splits is_covered() in capability.py into
- is_covered_localparts() for rule-specific code
- is_covered() for common code - located in __init__.py
I'm
.
I'll probably also attend the openSUSE conference (May 01-04 in Den
Haag, Netzerlands) - however I doubt that the Ubuntu folks will be there
(feel free to prove me wrong ;-)
Regards,
Christian Boltz
--
$ fontlinge_base --previews --forcepreviews --percent /var/fontbase
[nach einiger Zeit
, just speak up. It isn't too nice,
but works ;-)
Regards,
Christian Boltz
--
Bei Mutt oder Gnus landet ohnehin jeder früher oder später,
Du kannst also abkürzen gleich damit anfangen. ;)
Nein, diese Aussage ist schlicht falsch. Denn in einem
kleinen Dorf im Nordwesten Galliens...
[ Andreas
+
+++ utils/vim/Makefile 2015-01-28 21:22:39 +
@@ -25,5 +25,5 @@
#Testing with all pythons
$(call pyalldo, create-apparmor.vim.py /dev/null)
-clean: _clean
+clean: pod_clean
rm -f apparmor.vim
Regards,
Christian Boltz
--
Naja, wer in der bekannten närrischen
;-) (one more
reason for a nice apparmor.service file ;-)
Regards,
Christian Boltz
--
Nein, mein Lieber, mir geht es prächtig. So prima sogar, daß ich
es mir leisten kann mich mit Hanseln wie dir zu beschäftigen.
Meine Eloquenz leidet gelegentlich mal eher unter Ethanoleinfluß
und Müdigkeit
Hello,
Am Dienstag, 27. Januar 2015 schrieb Steve Beattie:
On Sat, Jan 24, 2015 at 03:22:59PM +0100, Christian Boltz wrote:
O, it needs to die with fire, it does. Patch follows, that
also
converts the libapparmor/doc/ clean to get rid of the manpages on
make clean, not make
Hello,
Am Freitag, 30. Januar 2015 schrieb John Johansen:
On 01/30/2015 12:21 PM, Christian Boltz wrote:
Am Freitag, 30. Januar 2015 schrieb John Johansen:
On 01/28/2015 01:34 PM, Christian Boltz wrote:
...
No, but it seems you didn't write Makefiles for a while ;-)
well thats true
Hello,
Am Donnerstag, 6. Februar 2014 schrieb Christian Boltz:
Am Donnerstag, 6. Februar 2014 schrieb Jamie Strandboge:
= aa-sandbox_add_set-env_option.patch =
+for e in opt.setenv_vars:
+if '=' not in e:
+continue
if broken:
ignore_silently
Hello,
Am Freitag, 23. Januar 2015 schrieb Steve Beattie:
On Fri, Jan 23, 2015 at 09:53:43PM +0100, Christian Boltz wrote:
parser/Makefile is the only remaining user of DISTRO, so maybe we
should move it there in a follow-up patch.
I kind of want it to go away; it's only use
.
Regards,
Christian Boltz
--
Sind wir denn hier im Kindergarten? Kaum is Mama weg, schon haut
Ihr aufeinander rum. Nu is Mama (ich) wieder da und jetzt aber
wieder sinnig hier!! [Jessica Bleche in suse-linux]
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe
,
Christian Boltz
[1] proof-of-concept patch - fixes the problem, but I'm not sure if I
want it as final solution (opinions?)
=== modified file 'utils/apparmor/aa.py'
--- utils/apparmor/aa.py2015-02-20 20:36:55 +
+++ utils/apparmor/aa.py2015-02-20 22:48:43 +
@@ -2593,7
Hello,
Am Freitag, 20. Februar 2015 schrieb Seth Arnold:
On Fri, Feb 20, 2015 at 08:23:02PM +0100, Christian Boltz wrote:
this patch makes sure most tools (for example aa-complain) don't
error out if no logfile can be found. (For obvious reasons,
aa-logprof and aa-genprof will still
Hello,
Am Samstag, 14. März 2015 schrieb Christian Boltz:
this patch changes the write_header tests so that the
'profile_keyword' and 'header_comment' parameters can be (and are)
tested:
- add a None for both to the existing tests
- add some tests that come with the profile keyword
Hello,
Am Samstag, 14. März 2015 schrieb Christian Boltz:
this patch extends and partially rewrites write_header()
- add support for prof_data['header_comment'] (comment after '{')
and prof_data['profile_keyword'] (to force the 'profile' keyword,
even if it isn't needed) to write_header
...@gmail.com
-#Copyright (C) 2014 Christian Boltz appar...@cboltz.de
+#Copyright (C) 2014-2015 Christian Boltz appar...@cboltz.de
#
#This program is free software; you can redistribute it and/or
#modify it under the terms of version 2 of the GNU General Public
@@ -31,7 +31,7 @@
from
:35.677048807 +0100
+++ utils/apparmor/regex.py 2015-03-15 23:57:28.485404639 +0100
@@ -1,6 +1,6 @@
# --
#Copyright (C) 2013 Kshitij Gupta kgupta8...@gmail.com
-#Copyright (C) 2014 Christian Boltz appar...@cboltz.de
, 'flags': 'complain', 'comment': None }),
(' /foo (complain) { # x', { 'profile': '/foo',
'profile_keyword': False, 'plainprofile': '/foo', 'namedprofile': None,
'attachment': None, 'flags': 'complain', 'comment': '# x'}),
Regards,
Christian Boltz
--
Wenn
Hello,
Am Sonntag, 15. März 2015 schrieb Christian Boltz:
and finally...
*drumroll*
This patch implements attachment handling - aa-logprof now works with
profiles that have an attachment defined, instead of ignoring
audit.log entries for those profiles.
Changes
= matches['flags']
Regards,
Christian Boltz
--
Als Autofahrer würden die sich vergleichbar in einen PKW setzen der
nicht abschliessbar ist und kein Zündschloss besitzt, dazu noch ein
Zettel an der Tür, Fahr mich, ich stehe zur Verfügung und bin
Vollgetankt. [Thomas Templin in suse-linux über
Regards,
Christian Boltz
--
[suse-linux Statistik] Hm. Apropos: Was meint ihr, sollte ich
'ratti / Joerg' zusammenfassen? Ja, oder?
Ich denke ja schon, aber Ratti ist dagegen.
[ David Haller und Jörg Roßdeutscher aka Ratti in sl-etikette]
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
-by: Christian Boltz appar...@cboltz.de
Regards,
Christian Boltz
--
SPENDENAUFRUF
Bitte spendet fleißig für neue Glaskugeln für die hier ständig
glaskugelnden, der Verschleiß ist zwar gering, aber über die Jahre
nutzt sich eine Glaskugel doch ab ... [David Haller in opensuse-de]
--
AppArmor mailing list
)
Specifying an exec condition is useful if your profile contains ix
rules, and you want to allow the transition only if done by the
specific executable.
Feel free to adjust the text ;-)
With the above changes,
Acked-by: Christian Boltz appar...@cboltz.de
Regards,
Christian Boltz
-by: Christian Boltz appar...@cboltz.de
Regards,
Christian Boltz
--
In diesem Zusammenhang möchte ich unseren Listenowner doch mal fragen,
warum es auf den SuSE-CDs keine Bibel gibt. *flücht* SCNR
Unterliegt sie denn der GPL? *SCNRtoo*
[ Bernd Brodesser und Michael Raab in suse-linux
/apparmor.d.pod
index f54d450..ebc6490 100644
--- a/parser/apparmor.d.pod
+++ b/parser/apparmor.d.pod
...
+=head2 change_profile rules
Acked-by: Christian Boltz appar...@cboltz.de
Regards,
Christian Boltz
--
Die SLES macht ja die gleichen Zicken, dafür kann man sich aber aufgrun
der höheren Preises
patches, I'm quite sure I overlooked some issues.
I'll proofread the updated manpage after your patches are in bzr ;-)
Regards,
Christian Boltz
--
I'll be happy to fix the wording or Germanglish :D
And shift it to Netherlangish? ;)
[ Jos Poortvliet and Lars Müller in opensuse-project]
--
AppArmor
that if the hard limit is lowered that the soft limit does not
+exceed the hard limit value.
Some example rules (with different value type) would be nice ;-)
With the above typo fixed and some examples added,
Acked-by: Christian Boltz appar...@cboltz.de
My Acks in this patch series are also valid for 2.9, even
),
+]
+
+def _run_test(self, params, expected):
+self.assertEqual(is_skippable_dir(params), expected)
+
class AaTest_parse_profile_start(AATest):
def _parse(self, line, profile, hat):
return parse_profile_start(line, 'somefile', 1, profile, hat)
Regards,
Christian Boltz
/simple_tests/file/okay_audit_deny_link.sd | 9 +
parser/tst/simple_tests/file/okay_deny_link.sd | 9 +
The usual naming scheme for tests is ok_*.sd, not okay_*.sd [1]. Please
adjust the filenames to ok_*.sd.
Besides that, the added tests look good.
Regards,
Christian Boltz
[1
is superfluous.
With that changed,
Acked-by: Christian Boltz appar...@cboltz.de
Regards,
Christian Boltz
--
ist eine recht interessante rechnung:
3,5kg linux + bücher für €79,90
180g windows xp home ohne bücher €229,-
kennt jemand den feinunzenpreis von gold? er müßte kanpp unter
dem von windows
-by: Christian Boltz appar...@cboltz.de
Regards,
Christian Boltz
--
Der Pinguin ist ein gutes Logo für Linux,
denn was nicht fliegt, stürzt auch nicht ab.
Francis Kuhlen (IBM-Vice President Sales)
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https
') profile and
+subprofile ('cx', 'Cx', 'cix', 'Cix', 'cux', 'Cux') transitions
PUx/CUx instead of Pux/Cux?
Regards,
Christian Boltz
--
check up on dusted up coolers / vents etc.
That is the first thing that I did, but I can't imagine that
the amount of dust is automatically changing
.
+ /foo l,
+ l /foo,
+ link subset /foo - /**,
With or without an example for subset added,
Acked-by: Christian Boltz appar...@cboltz.de
BTW: My Acks in this patchset are also for 2.9, even if I didn't mention
it on each patch.
Regards,
Christian Boltz
--
über browser?, wie wärs mit (ISDN
,# lead 'l' link permission is equivalent to link
rules +
With FILE QUALIFIERS replaced as described in my 05/10 reply,
Acked-by: Christian Boltz appar...@cboltz.de
Regards,
Christian Boltz
--
GETOPT(3)
BUGS
This manpage is confusing.
--
AppArmor mailing list
AppArmor
Hello,
Am Mittwoch, 4. März 2015 schrieb Christian Boltz:
Am Dienstag, 3. März 2015 schrieb Christian Boltz:
this patch adds better support for looping over a tests[] array to
common_test.py:
- class AATest - a base class we can use for all tests, and that
will
probably get more
files (see is_skippable_file in aa.py).
We should get that in sync ;-) Feel free to do it as a follow-up patch
that applies on top of the patch series.
(I'm quite sure I mentioned this difference already, but since there is
no patch to do it... ;-)
Regards,
Christian Boltz
--
Die Meldung
Hello,
Am Donnerstag, 12. März 2015 schrieb John Johansen:
On 03/09/2015 05:52 PM, Christian Boltz wrote:
(I'm quite sure I mentioned this difference already, but since there
is
yes you did, multiple times, and I am sure you will continue to keep
us from letting this slip through
here?
Regards,
Christian Boltz
PS: random sig ;-))
--
got a patch?
-ENOTMYJOB
[ Markus Rueckert and Bernhard Walle in opensuse-packaging]
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
the
+# if os.path.isfile(prof_filename):
+# check and let open_file_read raise an exception
+set_profile_flags('%s/file-not-found' % self.tmpdir, '/foo', 'audit')
+
class AaTest_is_skippable_file(unittest.TestCase):
def test_not_skippable_01(self):
Regards,
Christian Boltz
--
Key Signing
Hello,
Am Donnerstag, 5. März 2015 schrieb Christian Boltz:
this patch adds various tests for set_profile_flags, and documents
various interesting[tm] things I discovered while writing the tests
(see the inline comments for details).
Here's v2 - _run_tests() is a bit longer now, but it has
Hello,
Am Freitag, 6. März 2015 schrieb Steve Beattie:
On Sat, Feb 28, 2015 at 05:57:36PM +0100, Christian Boltz wrote:
OK, here's the updated patch with
- startswith('file_') and 'xattr' moved to the list, which means
those two are matched more strict now
- 'getattr' added to the list
Hello,
Am Samstag, 7. März 2015 schrieb Steve Beattie:
On Sat, Feb 28, 2015 at 02:09:30AM +0100, Christian Boltz wrote:
BTW: Will this also override --Include (which might have
/etc/apparmor.d/abstractions as default if I get parser.conf right)
or will the parser still search
, embedded_hat,
write_flags)
self.assertEqual(result, [expected])
Regards,
Christian Boltz
--
Der IE darf bei uns auf Produktivsystem nicht verwendet werden.
Malware gehört in VMs für die Analyse, nicht auf den Host.
[thomas zu http://www.hostblogger.de/blog/archives/5748-Too-Close.html
)
Regards,
Christian Boltz
--
Please, if you use any of my code in your giant list of bad coding
practices, feel free to not attribute me. :) [Seth Arnold in apparmor]
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman
(prof_data, depth, name, embedded_hat,
write_flags)
self.assertEqual(result, [expected])
Regards,
Christian Boltz
--
Die c't schrieb mal sinngemäß auf ein Mail: Aus einem MP3-File ein
Midifile zu machen ist so, als würdest Du mit einem Wiener Wald Händle
zum Tierarzt gehen und fragen: Das
Hello,
Am Montag, 9. März 2015 schrieb Steve Beattie:
On Tue, Mar 03, 2015 at 11:43:28PM +0100, Christian Boltz wrote:
this patch splits off serialize_parse_profile_start_line() from
serialize_profile_from_old_profile() in aa.py, as a preparation to
add tests and then switch
401 - 500 of 1302 matches
Mail list logo