basically means the only difference between trunk and 2.9
would be the CapabilityRule class.
Regards,
Christian Boltz
--
Wo steht der Server eigentlich? Kann den die Putzfrau treten?
Oder mal mit dem Staubsauger überfahren? Denen fallen ab und an
Gemeinheiten ein auf die ein Normalsterblicher nie
')
Makefile:347: die Regel für Ziel »Makefile.in« scheiterte
make: *** [Makefile.in] Fehler 1
Am I doing something wrong, or did I find a bug? ;-)
Regards,
Christian Boltz
--
Hmm, dbus again...
Yes, I prefer taxi ;)
[ Manfred Hollstein and Werner Flamme in opensuse-factory]
--
AppArmor
: For the second option, I'd propose 'ysdfg' ;-)
*g,dr*
Seriously: my general rule of thumb is that you should not need a
comment to explain what a variable does or contains. And I slightly ;-)
doubt dfd is self-explaining.
Regards,
Christian Boltz
--
The issue here is the one of disk space... How do
'][fam].get(typ, False):
Regards,
Christian Boltz
--
Hm, mich hat Frust in meiner Linuxanfangszeit doch eher beflügelt,
ich hab mir gedacht, dem Schrotthaufen Code zeig ich mal, wer die
Hosen anhat. Wobei, ich zappel wohl hier immer noch eher in einem
Strampelanzug herum ;) [Thorsten von Plotho
)
if not var_set[list_var] ==
write_prof_data['lvar'].get(list_var, False):
correct = False
Regards,
Christian Boltz
--
Oh, ich hatte einen ;))) vergessen. Ich liebe die Community! Denn die
bringt mir bei der Konferenz Kaffee! [Lars Müller in opensuse-de]
--
AppArmor mailing
:
+correct = False
if correct:
if not segments['path'] and True in segments.values():
Regards,
Christian Boltz
--
ein Auto funktioniert auch mit eckigen Reifen, ob ich so etwas fahren
möchte ist wieder eine andere Frage. [Björn Meier in postfixbuch-users
'
data.append('%s%s%snetwork %s %s,' % (pre, audit,
allowstr, fam, typ))
if prof_data[allow].get('netdomain', False):
data.append('')
Regards,
Christian Boltz
--
[20:21] jospoortvliet ok but IF we do that, note that you'll have to
cook for 50+ people
))
+data.append('%s%s%snetwork %s,' % (pre, audit, allowstr,
fam))
else:
for typ in
sorted(prof_data[allow]['netdomain']['rule'][fam].keys()):
if
prof_data[allow]['netdomain']['audit'][fam].get(typ, False):
Regards,
Christian
in the 2.9 branch?
- assuming the answer is yes, should it always be done or do we want
a command-line option to only change the flags of the main profile?
- if we want a command-line option, what should the default behaviour
be?
Regards,
Christian Boltz
--
Das Ziel des Trolls ist [...] der
abstractions/base
#include abstractions/nameservice
#include abstractions/openssl
Regards,
Christian Boltz
--
[diverse Fähigkeiten von Google]
Beagle2 wird google allerdings wohl auch nicht finden...
[Achim Hillenbrand in suse-linux]
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify
Hello,
Am Donnerstag, 4. Juni 2015 schrieb Steve Beattie:
On Mon, May 25, 2015 at 11:59:35PM +0200, Christian Boltz wrote:
this patch adds the RlimitRule and RlimitRuleset classes.
The class comes with the usual set of features, so I'll only mention
a special feature: the is_covered
)
+def test_default_severity(self):
+sev_db = severity.Severity('severity.db', 'unknown')
+obj = BaseRule()
+rank = obj.severity(sev_db)
+self.assertEqual(rank, sev_db.NOT_IMPLEMENTED)
setup_all_loops(__name__)
Regards,
Christian Boltz
[1] interdiff 19
Hello,
Am Mittwoch, 3. Juni 2015 schrieb Christian Boltz:
So here's the updated patch that adds a NOT_IMPLEMENTED constant to
severity.py and changes the code to use it.
See [1] for an interdiff.
Argh, I should also update the comment in rule/__init__.py ;-)
Add severity() to BaseRule
= capability_obj.severity(sev_db)
default_option = 1
options = []
newincludes = match_includes(aa[profile][hat],
'capability', capability_obj)
Regards,
Christian Boltz
--
Wann ist jemand Fortgeschrittener ( Profi )?
wenn man es
Hello,
Am Donnerstag, 4. Juni 2015 schrieb Steve Beattie:
On Fri, Jun 05, 2015 at 01:31:27AM +0200, Christian Boltz wrote:
...
I just tested a bit - the whitespace around the arrow is optional,
and the parser accepts set rlimit nice=0,. So the final of the
regex would
)
RE_PROFILE_BOOLEAN =
re.compile('^\s*(\$\{?\w*\}?)\s*=\s*(true|false)\s*,?' + RE_EOL,
flags=re.IGNORECASE)
RE_PROFILE_VARIABLE =
re.compile('^\s*(@\{?\w+\}?)\s*(\+?=)\s*(@*.+?)\s*,?' + RE_EOL)
RE_PROFILE_CONDITIONAL = re.compile('^\s*if\s+(not\s+)?(\$\{?\w*\}?)\s*\{' +
RE_EOL)
Regards,
Christian
:
+deleted +=
profile[rule_type].delete_duplicates(filelist[incname][incname][rule_type])
deleted += delete_path_duplicates(profile, incname, 'allow')
deleted += delete_path_duplicates(profile, incname, 'deny')
Regards,
Christian Boltz
--
And in those years, you have never
also add a test with @{undefined_foo} ;-)
Also, what happens when a variable is defined as empty? That might also
be worth some tests (for profile and attachment).
Regards,
Christian Boltz
--
sarnold it's been on my todo list for eight or nine years,
I'm sure I'll get around
2015-04-26 19:54:38 +
+++ utils/apparmor/cleanprofile.py 2015-06-07 17:10:07 +
@@ -13,13 +13,13 @@
#
-
- import re
-import apparmor
+import apparmor.aa as apparmor
[...]
Acked-by: Christian Boltz appar
', entry):
+if apparmor.re_match_include(rule) or
apparmor.re_match_include(entry):
continue
Acked-by: Christian Boltz appar...@cboltz.de
Regards,
Christian Boltz
--
Das hatte ich (samt Kommentar aus der /etc/postfix/transport) doch
schon in meiner letzten Mail
)
-return deleted
+return deleted
Acked-by: Christian Boltz appar...@cboltz.de for trunk and 2.9.
For the records: In the 2.9 branch this issue didn't cause crashes.
2.9 doesn't have the rule classes and therefore can't crash because of a
not-initialized rule class
RE_PROFILE_HAT_DEF.search(line):
# An embedded hat syntax definition starts
Regards,
Christian Boltz
--
Leider Gottes ist es so, daß wenn man einen Spammer zu Strecke
gebracht hat, dafür drei neue auftauchen.
Das ist wie bei den Fliegen. Schlägst Du eine Tot, kommen 40 zur
Beerdigung
{
+capability dac_override,
+
+/etc/fstab r,
+
+ }
}
/usr/bin/other/cleanprof/test/profile {
/home/*/** rw,
Regards,
Christian Boltz
--
IT is everything that is more complicated than pushing buttons in
the elevator. [from http://www.orkpiraten.de/blog/ugly-kid-jeans]
--
AppArmor mailing list
:
profile_data[profile][hat]['initial_comment'] = initial_comment
Regards,
Christian Boltz
--
I see no do in your script, so this will give you a syntax error
near unexpected token `done' after shutdown ;-))
I've been hearing funny noises after shutdown, that must be it :-)
[ Christian Boltz
Hello,
Am Samstag, 6. Juni 2015 schrieb John Johansen:
On 06/06/2015 05:17 PM, Christian Boltz wrote:
are hat declarations like
/foo {
^hat,
}
still allowed/valid? The tools accept them, but the 2.9.2 parser
errors out with unexpected TOK_END_OF_RULE, expecting TOK_OPEN
What about merging the rules for main dir and sub dir? You'll get something like
/usr/{,local/}share/applications/{*/,} r,
/usr/{,local/}share/applications/{*/,}defaults.list r,
^
--
Hello,
Am Mittwoch, 3. Juni 2015 schrieb Steve Beattie:
On Mon, May 25, 2015 at 01:36:00PM +0200, Christian Boltz wrote:
this patch adds two variable references (aa and changed) in
aa-mergeprof ask_the_questions() so that the code can use the short
name and be more in sync with aa.py
Hello,
Am Freitag, 5. Juni 2015 schrieb Steve Beattie:
On Wed, Jun 03, 2015 at 11:57:00PM +0200, Christian Boltz wrote:
[ 19-baserule-add-severity.diff ]
Acked-by: Steve Beattie st...@nxnw.org as is. Some comments:
=== modified file utils/apparmor/rule/__init__.py
+def severity
of the
patch ;-)
Regards,
Christian Boltz
--
Irgendwie habe ich bei SSL-Kram immer das Gefühl, das ich auf einer
sehr dünnen Eisschicht über dem See des Wahnsinns Schlittschuh laufe.
[Hanns Mattes in dovecot-de]
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https
**/__pycache__/
+*.orig
Regards,
Christian Boltz
--
Wenn Du so willst... make RM=rm -rf / clean
Bin ich dann für die gelöschte Festplatte verantwortlich? ;-)
Du hast gerade erkannt, warum es vorteilhaft sein kann, keine Shell/
Make-Variablen zu verwenden und Dinge stattdessen hart zu
,
Christian Boltz
[1] cd parser/tst/simple_tests
grep -r -l FAIL | xargs grep -c '}' |grep -v ':1$'
is a good start, but still includes lots of false positives.
--
Ein Computer tut ja das, was man ihm sagt, und nicht das, was
man will. Ergo muß man wissen, wie man ihm sagt, was man
;-)
On the positive side, I'm just testing a (quite intrusive, sorry) patch
that fixes it in 100% of the time :-)
Regards,
Christian Boltz
--
dvratil_ :-) this is how we fix bugs in Akonadi...
we just wait for them to disappear :P
[from #kontact]
# Last Modified: Sun Mar 15 21:58:08 2015
Hello,
Am Samstag, 6. Juni 2015 schrieb John Johansen:
On 06/06/2015 06:49 AM, Christian Boltz wrote:
Am Freitag, 5. Juni 2015 schrieb John Johansen:
Currently the cache file has its mtime set to its creation time,
but
this can lead to cache issues when a policy file is updated
Hello,
Am Donnerstag, 4. Juni 2015 schrieb Steve Beattie:
On Thu, Jun 04, 2015 at 01:45:33PM +0200, Christian Boltz wrote:
Once we had that, a possible solution would be to apply the change
above to a regex applied profile if that profile is the only one
to
apply to that binary
Hello,
Am Mittwoch, 3. Juni 2015 schrieb Steve Beattie:
On Mon, May 25, 2015 at 05:44:20PM +0200, Christian Boltz wrote:
aa-complain, aa-enforce, aa-disable and aa-audit refused to change
profiles for non-existing binaries. This patch also allows paths
starting with /. This also makes
Hello,
Am Samstag, 20. Juni 2015 schrieb Kshitij Gupta:
On Fri, Jun 5, 2015 at 7:15 PM, Christian Boltz wrote:
this patch changes aa.py delete_duplicates() to loop over the rule
classes.
That's better than doing copypaste for each added rule class ;-)
[ 45-delete_duplicates-use
definitions for hat
%(hat)s in profile %(profile)s.') % { 'hat': hat, 'profile': profile })
filelist[file]['profiles'][profile][hat] = True
Regards,
Christian Boltz
--
Der Testbug (#48) ist übrigens ein Duplikat von Bug #29 ;-)
Shit. Machst du 'nen Bugreport? :-)
[ Christian
)
rmask = e['request_mask']
rmask = rmask.replace('c', 'a')
Regards,
Christian Boltz
--
Gibt es ein Buch über das maßvolle Verwenden von Fußnoten?
Wenn ja, dann bin ich bereit, Dir ein Exemplar zu schicken.
[Thorsten Haude zu David Haller in sl-etikette]
--
AppArmor mailing
], AppArmorBug), # wrong type for
type_or_protocol
-([NetworkRule.ALL, 'stream'], AppArmorException), # stream
requires a domain
]
def _run_test(self, params, expected):
Regards,
Christian Boltz
--
[von KDE 3.0.0 auf 3.0.1 updaten]
Wenn KDE 3.0.0 noch immer startet
' | 'unix' | 'rds' | 'llc' | 'can' | 'tipc' | 'iucv' |
'rxrpc' | 'isdn' | 'phonet' | 'ieee802154' | 'caif' | 'alg' | 'nfc' | 'vsock' )
','
Regards,
Christian Boltz
--
[vordefinierte Perlvariablen $_, $, $[ usw.]
Steht eigentlich in $§ die Lizenz? ;-)))
$ perl -we 'print $§'
Use of uninitialized
,
Christian Boltz
--
Golden rule of Sourcecode: 50% are comments, and the other 50% bugs!
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
Hello,
Am Donnerstag, 18. Juni 2015 schrieb Kshitij Gupta:
On Thu, Jun 18, 2015 at 9:07 PM, Kshitij Gupta wrote:
On Sun, Jun 7, 2015 at 5:55 PM, Christian Boltz wrote:
Hat declarations (^hat,) were added in 2.3 for declaring external
hats, but in the meantime aren't supported by the parser
not in checked:
+includelist += [childinc]
+
+if len(includelist):
+incname = includelist.pop(0)
+else:
+incname = False
+
return False
def reload_base(bin_path):
Regards,
Christian Boltz
--
if anybody who broke a nightly build should pay
)
+
def test_invalid_time_to_int(self):
with self.assertRaises(AppArmorException):
self.obj.time_to_int('20mice', 'seconds')
Regards,
Christian Boltz
--
Please, if you use any of my code in your giant list of bad coding
practices, feel free to not attribute me. :) [Seth
Hello,
Am Donnerstag, 18. Juni 2015 schrieb Steve Beattie:
On Thu, Jun 18, 2015 at 05:36:38PM +0200, Christian Boltz wrote:
+++ profiles/Makefile 2015-06-18 17:31:52.838189994 +0200
-check-logprof:
+check-logprof: local
This is also true of the check-parser target.
Good catch
Hello,
Am Montag, 15. Juni 2015 schrieb Kshitij Gupta:
On Mon, Jun 15, 2015 at 12:44 AM, Christian Boltz wrote:
this patch moves re_match_include() to regex.py. The function is
basically a wrapper around a regex, so regex.py is a much better
home.
While on it, rename the regex
.
If you think the message should be improved, just send a better text ;-)
Regards,
Christian Boltz
--
Tja, und so hab ich wohl die beiden wichtigsten Dinge gelernt, die man
IMO ueber Linux lernen kann: Wie man Doku findet, liest, verarbeitet und
versteht :) Und Geduld (v.a. mit sich selbst) bzw
Hello,
Am Dienstag, 16. Juni 2015 schrieb Tyler Hicks:
On 2015-06-16 13:14:15, Christian Boltz wrote:
BTW: The function definition is
int _aa_is_blacklisted(const char *name, const char *path)
but path is never used inside the function. Is this intentional?
Nice catch
)
-
-unittest.main()
+setup_all_loops(__name__)
+if __name__ == '__main__':
+unittest.main(verbosity=2)
Regards,
Christian Boltz
--
[automatisches FAQ-Release] Die Hauptarbeit (außer der Kontrollmail)
habe ich übrigens ge'nice't, also keine Angst um den Server...
Sieht doch nett aus...
[ Christian
-logprof is disabled here because it has not kept up with
-# advances in the apparmor policy language. Re-enable when it is
-# updated.
.PHONY: check
-check: check-parser
+check: check-parser check-logprof
.PHONY: check-parser
check-parser:
Regards,
Christian Boltz
--
But does your
FAIL
+#=TODO
+# This test needs check on @{FOO} attachment having leading / post
var expansion +
+@{FOO}=bar
+@{BAR}=baz
+
+profile @{BAR} @{FOO} {
+ /does/not/exist r,
+}
Same here.
With these two fixed,
_tests_ Acked-by: Christian Boltz appar...@cboltz.de
I'll leave the review
in NOT fq name in hat rule \
Please s/ in / is / in the lines quoted above.
Regards,
Christian Boltz
--
Argh, ich wollte heute doch gar nicht mehr siggen!
[Michael Hoffmann in dag°]
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https
/not /exist@{FOO} {
+ /does/not/exist r,
+}
Oh, and please change the *_[1-9].sd filenames to *_0[1-9].sd so that
the first tests don't appear in the middle of the directory listing.
Regards,
Christian Boltz
--
Die Meldung verwirrt mich: Es sieht so aus, als würde sich Adobe um die
Sicherheit von
Hello,
Am Samstag, 13. Juni 2015 schrieb John Johansen:
On 06/12/2015 04:11 PM, John Johansen wrote:
On 06/12/2015 04:09 PM, Christian Boltz wrote:
The more interesting question is: are all apparmor.d.pod changes in
trunk also valid for 2.9? If yes, we should backport _all_
=@{profile_name}, }
A similar set of tests for subprofiles and/or hats would be nice ;-)
Regards,
Christian Boltz
--
If you need to ask stupid questions, there may be two reasons:
a) the documentation (in this case mostly the wiki) is incomplete
b) you're stupid :-)
[Dirk Stoecker inopensuse-buildservice
,
Christian Boltz
--
[Canterbury] I received mine yesterday and installed it on my new dual
quad-core machine w/ 16G of ram. what a screaming OS. Some commands even
finish _before_ I hit the enter key. [Ken Schneider in opensuse-factory]
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify
= match.groups()[0]
-new_path = self.PROF_DIR + '/' + new_path
+new_path = self.PROF_DIR + '/' + match
self.load_variables(new_path)
else:
# Remove any comments
Regards,
Christian Boltz
profiles
def test_set_flags_with_child_01(self):
self._test_set_flags('/foo', 'flags=(complain)', 'audit',
Regards,
Christian Boltz
--
Du kennst den Spruch: Nach dem Release. [Ich sage absichtlich nicht,
wie groß der Zeitabstand zum Release sein wird ;-) ]
In zeitlicher
Hello,
Am Dienstag, 26. Mai 2015 schrieb Seth Arnold:
On Sat, May 09, 2015 at 10:35:54PM +0200, Christian Boltz wrote:
Hi Christian, just some quick notes from a first read...
[ 01-add-ChangeProfileRule.diff ]
...
+
+class ChangeProfileRule(BaseRule):
+'''Class to handle
Hello,
Am Mittwoch, 27. Mai 2015 schrieb Steve Beattie:
On Sat, May 09, 2015 at 10:35:54PM +0200, Christian Boltz wrote:
this patch adds utils/apparmor/rule/change_profile.py with the
ChangeProfileRule and ChangeProfileRuleset classes. These classes
are meant to handle change_profile rules
,
Christian Boltz
--
Es gibt in Afrika einen Stamm, die stehen auf einem Bein. Das ist deren
Standart. Und weil sie immer so stehen, ist deren Standart bei denen
Standard. [Steffen Schmidt in de.comm.infosystems.www.pages.misc]
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings
Hello,
Am Donnerstag, 28. Mai 2015 schrieb Steve Beattie:
On Sun, May 17, 2015 at 10:33:47PM +0200, Christian Boltz wrote:
this patch adds writeTmpfile() to AATest to write a file into the
tmpdir. If no tmpdir exists yet, automatically create one.
createTmpdir() is a separate function
Hello,
Am Sonntag, 31. Mai 2015 schrieb Kshitij Gupta:
On Mon, May 25, 2015 at 7:31 PM, Christian Boltz wrote:
Am Montag, 25. Mai 2015 schrieb Christian Boltz:
[ 34-minitools_test-use-no-reload.diff ]
I accidently added a --no-reload between -d and the path in the
aa-audit test
Hello,
Am Sonntag, 31. Mai 2015 schrieb Kshitij Gupta:
On Mon, May 25, 2015 at 9:36 PM, Christian Boltz wrote:
this patch lets aa-audit print a warning if a profile is disabled.
Users might expect that setting a profile into audit mode also
activates it (which shouldn't happen IMHO
Hello,
Am Freitag, 29. Mai 2015 schrieb Steve Beattie:
On Sun, May 24, 2015 at 06:53:35PM +0200, Christian Boltz wrote:
Note: the != '--' check in aa-mergeprof is superfluous for
capabilities, but will become useful once this code block is used
for other rule types.
[ 21-read
, test_path), shell=True)
self.assertEqual(os.path.islink('./profiles/disable/%s'%os.path.basename(local_profilename)),
True, 'Failed to create a symlink for %s in disable'%local_profilename)
Regards,
Christian Boltz
--
Es ist Fakt, dass ein Bug ziemlich oft zwischen Stuhllehne und
Hello,
Am Freitag, 29. Mai 2015 schrieb Tyler Hicks:
On 2015-05-30 00:00:25, Christian Boltz wrote:
Am Freitag, 29. Mai 2015 schrieb Tyler Hicks:
On 2015-05-29 01:39:15, John Johansen wrote:
+int aa_query_file(uint32_t mask, const char *label, const char
*path
Hello,
Am Sonntag, 31. Mai 2015 schrieb Kshitij Gupta:
On Mon, May 25, 2015 at 7:08 PM, Christian Boltz wrote:
Am Montag, 25. Mai 2015 schrieb Christian Boltz:
[ 33-minitools-add--no-reload-parameter.diff ]
I missed aa-cleanprof (do we have too many minitools?), so here's
v2:
What
Hello,
Am Freitag, 29. Mai 2015 schrieb Steve Beattie:
On Sun, May 24, 2015 at 05:59:58PM +0200, Christian Boltz wrote:
this patch adds severity() to the BaseRule class
severity() will, surprise!, return the severity of a rule, or
'--' if a *Rule class doesn't implement the severity
() call over an option to
allow someone to hand in invalid data (and, caused by that, possibly
doing funny[tm] things) ;-)
Regards,
Christian Boltz
--
Eine Katze hat einen Schwanz mehr als keine Katze. Keine Katze hat
zwei Schwänze, also hat eine Katze drei Schwänze.
[Bernd Brodesser in suse-linux
Hello,
Am Freitag, 29. Mai 2015 schrieb Steve Beattie:
On Fri, May 29, 2015 at 11:29:14PM +0200, Christian Boltz wrote:
Am Freitag, 29. Mai 2015 schrieb Steve Beattie:
On Sun, May 24, 2015 at 03:45:13PM +0200, Christian Boltz wrote:
this patch changes rank_capability() so
to FAIL
Regards,
Christian Boltz
--
Dann siehst du nämlich ganz genau, daß der Cursor blinkt, und er
hat feuerrote tote Augen, mit denen er dich anstarrt und brüllt:
.. UND WENN DU DICH VERTIPPST, DANN FRESSE ICH DICH MITSAMT
DEINEM MAUSZEIGER[Ratti in suse-programming
Hello,
Am Freitag, 29. Mai 2015 schrieb Steve Beattie:
On Sun, May 24, 2015 at 03:45:13PM +0200, Christian Boltz wrote:
this patch changes rank_capability() so that it doesn't expect the
CAP_ prefix. This makes usage easier because callers can simply
hand over the capability name
][incname]['deny']['netdomain'], family,
sock_type):
return -1
if
netrules_access_check(include[incname][incname]['allow']['netdomain'], family,
sock_type):
Regards,
Christian Boltz
--
OmmOmm.Omm
Pendel Pendel-Pendel--
Mensch
+ '/', '')
+files.append(file_name)
+
+return files
+
def load_include(incname):
load_includeslist = [incname]
if include.get(incname, {}).get(incname, False):
Regards,
Christian Boltz
--
In Yast2-System-Editor /etc/sysconfig-Dateien in
System-Kernel-MODULES_LOADED_ON_BOOT ide-scsi
|px|pux|cx|pix|cix|Ux|Px|PUx|Cx|Pix|Cix')
+PROFILE_MODE_DENY_RE = re.compile('r|w|l|m|k|a|x')
def validate_profile_mode(mode, allow, nt_name=None):
if allow == 'deny':
Regards,
Christian Boltz
--
Linux ist ein tolles Dings.
Es zeigt mir jeden Tag wieder völlig unaufdringlich meine
]
value = matches[1]
Regards,
Christian Boltz
--
cboltz jjohansen: you are making it too easy for kshitij8 ;-)
jjohansen cboltz: oops sorry, now I'll have to come up with a new task
to make him suffer :)
sarnold review the c++11 conversion? :)
* sarnold runs
jjohansen haha
)
+matches = RE_PROFILE_BOOLEAN.search(line).groups()
if not profile:
raise AppArmorException(_('Syntax Error: Unexpected boolean
definition found in file: %(file)s line: %(line)s') % { 'file': file, 'line':
lineno + 1 })
Regards,
Christian Boltz
,
Christian Boltz
--
Auch wenn da nix sein KANN und Du lieber neue Parameter einbaust. Tust
Du MIR bitte mal den Gefallen und liest Du wenigstens EINMAL Deine
main.cf auf komische Umbrüche und Einträge hin durch? Nur mir zuliebe,
bitte. Ich weiß, ist natürlich Unsinn. Machst Du es trotzdem?
[Peer Heinlein
+' +
RE_PROFILE_PATH % 'attachment' + ')?' + ')' + # 'profile', profile name,
optionally attachment
')' +
-'\s+((flags=)?\((?Pflags.+)\)\s+)?\{' +
+'\s+((flags\s*=\s*)?\((?Pflags.+)\)\s*)?\{' +
RE_EOL)
Regards,
Christian Boltz
--
Alle bookmark.html findest Du übrigens mit
find /home
/vars_assignment_reference_1.sd 2015-07-05
10:33:01 +
@@ -1,5 +1,5 @@
#=DESCRIPTION set variable assignment using set variable as rvalue
-#=EXRESULT
+#=EXRESULT PASS
@{FOO}=bar baz
@{BAR}=${FOO} blort
Regards,
Christian Boltz
--
I run opensuse 12.3
This is opensuse-factory@, you shouldn't come here
Hello,
Am Sonntag, 5. Juli 2015 schrieb Christian Boltz:
as shown in profile/flags/flags_ok_whitespace.sd, the parser is quite
Just in case it isn't clear - I'm talking about
parser/tst/simple_tests/profile/flags/flags_ok_whitespace.sd here ;-)
Regards,
Christian Boltz
--
I'm not out
'(\s+-\s*' + RE_PROFILE_NAME % 'targetprofile' + ')?' + # optionally
'-' target profile
RE_COMMA_EOL)
Regards,
Christian Boltz
--
# bluescreen: Bluescreen-Emulator für Terminals
Ich hab es eben in ner Konsole getestet und ich Idiot habe wirklich
Strg+Alt+Entf gedrückt! Warum postest
{', { 'profile': '/foo',
'plainprofile': '/foo', 'namedprofile': None, 'leadingspace': ' ' }),
Regards,
Christian Boltz
--
install by booting the rescue-cd, partition your system manually, then
use the obs build script to populate the target file sytem, configure
everything by hand
2015-07-05 18:46:41.638636268
+0200
@@ -0,0 +1,395 @@
+#! /usr/bin/env python
+# --
+#
+#Copyright (C) 2015 Christian Boltz appar...@cboltz.de
+#
+#This program is free software; you can redistribute it and/or
+#modify
Hello,
Am Montag, 6. Juli 2015 schrieb Steve Beattie:
On Sun, Jul 05, 2015 at 03:53:20PM +0200, Christian Boltz wrote:
Also wrap the two remaining regexes in '^(...)+$' instead of doing
it inside validate_profile_mode(). This makes the code more readable
and also results in a 2
,
Christian Boltz
--
Ich verlas mich. Die Dokumentation ist devel und nicht unstable, daher
kann wohl nur ein kyrillischer Zeichensatz oder gar ein inhaltlicher
Fehler vorkommen. Obwohl... Man könnte sie unter Windows 95 lesen, damit
sie abstürzt. Das wäre aber OT. [Ferdinand Ihringer in suse-linux
)
apparmor.aa.changed[profile] = True
aaui.UI_Info(_('Denying network access
%(family)s %(type)s to profile') % { 'family': family, 'type': sock_type })
Regards,
Christian Boltz
--
Reminds me of a famous quote attributed to A'rpi (of MPlayer
.
+#Copyright (C) 2015 Christian Boltz appar...@cboltz.de
#
#This program is free software; you can redistribute it and/or
#modify it under the terms of version 2 of the GNU General Public
@@ -13,23 +14,17 @@
#GNU General Public License for more details
:
raise AppArmorException(Unexpected rank input: %s % resource)
Regards,
Christian Boltz
--
Die erprobte Strategie der Managementmotivation im Operating [ist] eine,
die ich gerne mit Teile die Schmerzen beschrieben möchte. Zum Beispiel
setzt man den Projekteigentümer auf dieselbe Alerting
)
Regards,
Christian Boltz
--
Linux sollte Linux bleiben und nicht versuchen, ein besseres Windows zu
sein. Das ist IMHO der groesste Fehler! Warte mal noch ein oder zwei
Jahre ab, da werden dann blue screens unter KDE vermutlich auch zum
Alltag werden. [Thomas Hertweck in suse-linux
),
+(['/overco@{multiarch}mmit_memory', 'r'],'unknown'),
(['@{PROC}/sys/@{TFTP_DIR}/overcommit_memory', 'r'],6),
]
Regards,
Christian Boltz
--
Ihr DNS liefert falsche IPs für unsere Domain!
Diese Domain wird gar nicht bei uns gehostet!
Ja eben, ihr Dödel! Nehmt die
)
-if __name__ == __main__:
+setup_all_loops(__name__)
+if __name__ == '__main__':
unittest.main(verbosity=2)
Regards,
Christian Boltz
--
For the simple cases, the results would be easier studied by cause and
effect, rather than code. For complicated cases, the code will be
unreadable
)
+self.assertEqual(rank, '--')
setup_all_loops(__name__)
Regards,
Christian Boltz
--
Argh, ich wollte heute doch gar nicht mehr siggen!
[Michael Hoffmann in dag°]
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman
/test/test-severity.py 2015-05-24 16:32:11.647446108 +0200
@@ -64,6 +64,7 @@
('setpcap', 9),
('UNKNOWN', 'unknown'),
('K*', 'unknown'),
+('__ALL__', 10),
]
def _run_test(self, params, expected):
Regards,
Christian Boltz
--
es ist doch ausgesprochen
][hat].get(ruletype, False): # needed until
we have proper profile initialization
for rule_obj in other.aa[profile][hat][ruletype].rules:
Regards,
Christian Boltz
--
And still I don't see the problem. Just add a GNOME2 theme to XFCE and
people will actually find they have
Hello,
Am Sonntag, 17. Mai 2015 schrieb Christian Boltz:
[ 08-mergeprof-network-rule.diff ]
While thinking about patch 26, I noticed that aa-mergeprof isn't a good
home for available_buttons(). Here's the updated patch that adds the
function to aa.py instead.
Besides moving the function
',
'CMD_ABORT',
'CMD_FINISHED']
q.headers = [_('Profile'),
combine_name(profile, hat)]
q.headers += [_('Network Family'), audit +
family]
Regards,
Christian Boltz
--
[...] sollte für
):
+obj = NetworkRule._parse(params)
+self.assertEqual(obj.logprof_header(), expected)
+
## --- tests for NetworkRuleset --- #
class NetworkRulesTest(AATest):
Regards,
Christian Boltz
--
sdfgsdfg
sind denn die Schreibmaschinenkurse an der VHS echt so
überbelegt, daß man die
':
done = True
apparmor.aa.changed[profile] = True
Regards,
Christian Boltz
--
Schlagen. Verklagen. Z.B. bei der c't verpfeifen, auf daß es fortan
die Spatzen von den Dächern pfeifen, was für Pfeifen das bei $Firma
sind. *scnr* [David Haller
601 - 700 of 1302 matches
Mail list logo