Hello,
Am Sonntag, 24. Mai 2015 schrieb Christian Boltz:
[ 17-rank-unknown.diff ]
Here's a slightly updated version - the only changes are in test-
severity.py - I added the @{somepaths} variable and a test using it to
also have test that includes different severities for each part
) shared with aa-mergeprof
# Process all the path entries.
for path in
sorted(log_dict[aamode][profile][hat]['path'].keys()):
Regards,
Christian Boltz
--
Heute habe ich die CPU gepflegt und wollte danach
den PC starten / booten. Es gab kein Bild.
Was heißt das
Hello,
Am Montag, 25. Mai 2015 schrieb Christian Boltz:
[ 27-logprof-use-mergeprof-code-for-capability.diff ]
I should run make check more often :-/
I overlooked a self.aa. (and didn't run into it in my manual tests),
so here's v2 with this fixed.
This patch replaces the code in aa.py
%(type)s to profile') % { 'family': family, 'type': sock_type })
-
-else:
-done = False
-
def available_buttons(rule_obj):
buttons = []
Regards,
Christian Boltz
--
Adding a self-removing SuSEconfig script calling rpm -e
[profile][hat], inc)
+deleted =
delete_duplicates(self.user.aa[profile][hat], inc)
self.user.aa[profile][hat]['include'][inc]
= True
Regards,
Christian Boltz
--
Wenn ich das Ding entweder im Griff oder an die Wand genagelt
)
aaui.UI_Info(_('Adding %s to profile.') %
rule_obj.get_clean())
else:
Regards,
Christian Boltz
--
Ich selbst benutze kweather nicht (ich guck einfach aus dem Fenster).
[Hartmut Meyer in suse-linux]
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings
initialization
for rule_obj in other.aa[profile][hat][ruletype].rules:
Regards,
Christian Boltz
--
Das ist die Goldene Regel für das Performancetuning von
UNIX-Systemen: RAM ist nur durch mehr RAM zu ersetzen.
[Kristian Koehntopp in suse-linux]
--
AppArmor mailing list
+
cmd_info = cmd([apparmor.parser, '-I%s' % apparmor.profile_dir,
'--base', apparmor.profile_dir, '-r', profile])
if cmd_info[0] != 0:
Regards,
Christian Boltz
--
Are you complaining because we are lacking a time machine and are
not able to backport fixes from the future
Hello,
Am Montag, 25. Mai 2015 schrieb Christian Boltz:
[ 33-minitools-add--no-reload-parameter.diff ]
I missed aa-cleanprof (do we have too many minitools?), so here's v2:
Add --no-reload parameter to minitools
Add a --no-reload parameter to aa-audit, aa-cleanprof, aa-complain,
aa-disable
the first line (#modified line)
subprocess.check_output('sed -i 1d ./profiles/%s'%(input_file),
shell=True)
Regards,
Christian Boltz
--
For patterns and products, this is - as we now learned - wrong and
confusing. (We will probably have more such learning effects in the
future
Hello,
Am Montag, 25. Mai 2015 schrieb Christian Boltz:
[ 34-minitools_test-use-no-reload.diff ]
I accidently added a --no-reload between -d and the path in the
aa-audit test. The test still fails for another reason ;-) but
nevertheless here's v2:
Change minitools_test.py to use aa
,
Christian Boltz
--
It is the old problem of data protection vs. data security. The data
in the journal is well protected. Protected from getting used by me.
[Stefan Seyfried in opensuse-factory]
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https
)
def set_enforce(filename, program):
Regards,
Christian Boltz
--
Also, Hosen runter:
Hose*n*! Du hast nur die Hose runtergelassen und die Unterhose
anbehalten. Nix da!
[ Stefan G. Weichinger und Peer Heinlein in postfixbuch-users]
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify
Hello,
Am Montag, 25. Mai 2015 schrieb Christian Boltz:
[ 39-aa-cleanprof-use-reload_profile.diff ]
Just for completeness - this patch fixes
https://bugs.launchpad.net/apparmor/+bug/1443637
Regards,
Christian Boltz
--
Now I hope the best for my seven 1.44MB disks, oh yes, very old
, real_content, 'Failed to cleanup profile
properly')
def clean_profile_dir():
Regards,
Christian Boltz
--
Der von Ihnen vielleicht erwartete Input wird zu dem eines verstimmten
Mitarbeiters oder eines Crackers der Monate Zeit hat, oder einer Katze,
die über die Tastatur läuft in keinerlei
,
Christian Boltz
--
What are you doing?!? The message is over, GO AWAY!
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
('/'):
fq_path = apparmor.get_full_path(p).strip()
if os.path.commonprefix([apparmor.profile_dir, fq_path]) ==
apparmor.profile_dir:
program = None
Regards,
Christian Boltz
--
Was ist eine Diskette? Sind das die Dinger, die immer, wenn man sie
writing the rule
-comment = ' %s' % matches.group('comment')
+comment = parse_comment(matches)
return (audit, deny, allow_keyword, comment)
Regards,
Christian Boltz
--
For Linux an additional file permission should be invented:
Stooge-Hidden. You set this permission
Hello,
Am Dienstag, 26. Mai 2015 schrieb Christian Boltz:
$subject.
This time we only have 98% coverage (2 missing, 3 partial) because
I didn't find corner cases that raise some exceptions ;-)
(maybe we can even drop those checks if they are never hit?)
Here's the patch again, but without
--- utils/test/test-rlimit.py 2015-05-25 23:59:49.484474818 +0200
+++ utils/test/test-rlimit.py 2015-05-25 23:35:41.919727344 +0200
@@ -0,0 +1,468 @@
+#!/usr/bin/env python
+#
--
+#Copyright (C) 2015 Christian Boltz appar
+#Copyright (C) 2015 Christian Boltz appar...@cboltz.de
Hello,
Am Montag, 25. Mai 2015 schrieb Kshitij Gupta:
On Sun, May 24, 2015 at 6:11 PM, Christian Boltz wrote:
this patch renames handle_capability() to rank_capability().
How does capability_severity_value() seem as an option?
I wanted to have something that is close to rank(), so
Hello,
Am Samstag, 4. Juli 2015 schrieb Christian Boltz:
$subject.
Without this, we can run into
NameError: name 'include_name' is not defined
if a profile doesn't contain any include and the audit.log
contains an event for that profile.
[ 59-is_known_rule-init-incname.diff
Hello,
Am Montag, 6. Juli 2015 schrieb Steve Beattie:
On Sun, Jun 21, 2015 at 08:46:49PM +0200, Christian Boltz wrote:
for some (not yet known) reason, we get file_perm events without
request_mask set, which causes an aa-logprof crash.
Reproducer log entry:
Jun 19 12:00:55 piorun
Hello,
Am Montag, 6. Juli 2015 schrieb Steve Beattie:
On Mon, Jun 22, 2015 at 10:14:01PM +0200, Christian Boltz wrote:
is_known_rule() in aa.py checked only direct includes, but not
includes in the included files. As a result, aa-logprof asked about
things that are already covered
,
/usr/share/locale/** r,
/usr/share/**/locale/**r,
Regards,
Christian Boltz
--
wie jeder weiß ist Debian auf ISDN die langsamste bekannte Methode
Selbstmord zu begehen (Selbstmord durch Erosion)
[http://blog.koehntopp.de/archives/113-Debian-ist-doch-schlecht..html
' | 'netlink' | 'unix' | 'rds' | 'llc' | 'can' | 'tipc' | 'iucv' |
'rxrpc' | 'isdn' | 'phonet' | 'ieee802154' | 'caif' | 'alg' | 'nfc' | 'vsock' |
'mpls' | 'ib' ) ','
BTYPE = ( 'stream' | 'dgram' | 'seqpacket' | 'rdm' | 'raw' | 'packet' )
Regards,
Christian Boltz
--
Life used to be simpler when
the behaviour, a follow-up patch to
rename the affected tests to bad_* would be nice.
Regards,
Christian Boltz
--
Wer News über ein Webinterface liest, filmt auch die Tageszeitung,
um sie auf dem Fernseher anzuschauen.[Henning Schlottmann]
--
AppArmor mailing list
AppArmor
Acked-by: Christian Boltz appar...@cboltz.de
(did I already mention that fixing the issues listed above will need
some apparmor.* imports? ;-)
Regards,
Christian Boltz
--
I peek out at the world through a 400Kbit pin-hole right here in
Germany, less than 100km from the source. Bicycle+usb
Hello,
Am Montag, 3. August 2015 schrieb Kshitij Gupta:
On Sat, Jul 18, 2015 at 2:23 AM, Christian Boltz wrote:
...
[ 77-split-logparser-add_event_to_tree.diff ]
--- utils/apparmor/logparser.py 2015-07-17 22:43:21.977879320 +0200
+++ ./utils/apparmor/logparser.py 2015-07-17
Hello,
Am Montag, 3. August 2015 schrieb Kshitij Gupta:
On Tue, Jul 21, 2015 at 12:52 AM, Christian Boltz wrote:
for debugging, it's helpful to know which part of the code
initialized a profile_storage and for which profile and hat this
was done.
This patch adds an 'info' array
Hello,
Am Freitag, 17. Juli 2015 schrieb Christian Boltz:
when compiling for openSUSE, the build checks warn about:
I: File is compiled without RPM_OPT_FLAGS
W: apparmor no-rpm-opt-flags cmdline:parser_common.c,
parser_include.c, parser_interface.c, parser_lex.c, parser_main.c
11:55:59 +
@@ -27,6 +27,7 @@
@{HOME} r, # ???
/usr/lib/dovecot/imap mr,
/{,var/}run/dovecot/auth-master rw,
+ /{,var/}run/dovecot/mounts r,
# Site-specific additions and overrides. See local/README for details.
#include local/usr.lib.dovecot.imap
Regards,
Christian Boltz
, but that
could be fixed by an additional test if needed.
Regards,
Christian Boltz
--
Die Glaskugel möchte ich ungerne rausholen.
*Polierpaste und Microfasertuch reich*
[ Sebastian Siebert und David Haller in opensuse-de]
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings
Hello,
just as a reminder - we have an IRC meeting scheduled in 23 hours ;-)
Regards,
Christian Boltz
--
[qpopper] Jepp. Den einzurichten, dauert max. 10 Min. Und ist absolut
pflegeleicht. ;)
Hm... womit verbringst Du denn die letzten neun Minuten? Oder kommt hier
ein 286er zum Einsatz
@@
# --
#
#Copyright (C) 2002-2005 Novell/SUSE
+#Copyright (C) 2015 Christian Boltz
#
#This program is free software; you can redistribute it and/or
#modify it under the terms of version 2 of the GNU General Public
@@ -25,6 +26,8
,
owner @{PROC}/@{pid}/fd/ r,
Regards,
Christian Boltz
--
Ach was ... es geht auch nicht um irgendwelche Berufsstände! Wäre ich
Koch, dann wäre ich halt als Koch unfehlbar! Oder als Automechaniker!
Das liegt nicht an dem Berufsstand sondern das bin ICH!!! Das ihr das
immer noch nicht bemerkt habt
Hello,
Am Mittwoch, 22. Juli 2015 schrieb Seth Arnold:
On Wed, Jul 22, 2015 at 09:42:05PM +0200, Christian Boltz wrote:
This patch is the improved version - it adds a small helper function
to set $? (as handed over to aa_log_end_msg()) and then calls
rc_status -v.
This is involving a fair
- fi
- rc_status $v
+ _set_status $1
+ rc_status -v
}
usage() {
Regards,
Christian Boltz
--
A good programmer is someone who always looks both ways
before crossing a one-way street. [Doug Linder]
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings
: 1437850920
+Audit subid: 64
Regards,
Christian Boltz
--
If Linus is calling you an idiot then you probably think Could be that
he is right.. If I call you an idiot than I don't expect you to belief
me. That's ok ;) [Rüdiger Meier in opensuse-factory]
--
AppArmor mailing list
AppArmor
Hello,
Am Freitag, 24. Juli 2015 schrieb Jamie Strandboge:
profiles/apparmor.d/usr.sbin.dnsmasq: allow /bin/dash in addition to
/bin/bash
We'll see which shell we see requested next ;-)
Anyway,
Acked-by: Christian Boltz appar...@cboltz.de for trunk and 2.9
Regards,
Christian Boltz
--
I'm
+
+++ utils/apparmor/rule/capability.py 2015-07-16 22:05:12 +
@@ -1,4 +1,3 @@
-#!/usr/bin/env python
# --
#Copyright (C) 2013 Kshitij Gupta kgupta8...@gmail.com
#Copyright (C) 2014 Christian Boltz appar
)
$(AAREOBJECT):
- $(MAKE) -C $(AAREDIR) CFLAGS=$(EXTRA_CXXFLAGS)
+ $(MAKE) -C $(AAREDIR) CFLAGS=$(CFLAGS) $(EXTRA_CXXFLAGS)
.PHONY: install-rhel4
install-rhel4: install-redhat
Regards,
Christian Boltz
--
You cannot mix selections and patterns in a product - and we
will remove all
',
[profile, hat, aamode, hat])
else:
self.debug_logger.debug('UNHANDLED: %s' % e)
Regards,
Christian Boltz
--
A qualified candidate would display the following characteristics:
[...] willing to apply the rules to everybody; primary goal is to
safeguard
2015-07-19 12:53:17.887641060
+0200
+++ ./utils/test/test-libapparmor-test_multi.py 2015-07-19 12:52:46.543496744
+0200
@@ -0,0 +1,163 @@
+#! /usr/bin/env python
+# --
+#
+#Copyright (C) 2015 Christian Boltz appar...@cboltz.de
Hello,
Am Sonntag, 19. Juli 2015 schrieb Christian Boltz:
this patch maps socket_create events to 'net' events
See libapparmor test_multi testcase24.* and testcase33.* for example
logs.
I forgot to mention that I propose this patch for trunk and 2.9.
[ 78-logparser-map-socket-create.diff
):
return (prof_filename, bin_path)
-else:
-return None, None
+
+return None, None
def complain(path):
Sets the profile to complain mode if it exists
Regards,
Christian Boltz
--
kann mir jemand sagen, wie ich aus einer aktuellen WindowMaker
Hello,
Am Montag, 13. Juli 2015 schrieb Steve Beattie:
On Sat, Jul 11, 2015 at 05:54:53PM +0200, Christian Boltz wrote:
some of the include files added to simple_tests recently don't live
in one of the main include directories (includes/,
includes-preamble/ or include_tests/) which lets
', type=str, nargs='+', help=_('name of program'))
+parser.add_argument('--no-reload', dest='do_reload', action='store_false',
default=True, help=_('Do not reload the profile after modifying it'))
args = parser.parse_args()
tool = apparmor.tools.aa_tools('autodep', args)
Regards,
Christian Boltz
Hello,
Am Montag, 13. Juli 2015 schrieb Seth Arnold:
On Sun, Jul 12, 2015 at 06:51:49PM +0200, Christian Boltz wrote:
[ 74-handle_children-fix-child-init.diff ]
...
+# XXX ... = hasher() probably
superfluous, and stub_profile probably overwrites existing
, 'parse_profile_data() required_hats %s' %
file)
# End of file reached but we're stuck in a profile
if profile and not do_include:
Regards,
Christian Boltz
--
Zwei Informatikstudenten treffen sich auf dem Campus. Sagt der eine:
Hey, woher hast du das schöne neue Fahrrad?
Antwortet der andere
of the main profile
+(combine_name(p, hat), profiles[p][p]['filename'],
profile_data[p][p]['filename']))
+
profiles[p] = deepcopy(profile_data[p])
Regards,
Christian Boltz
--
Sieh an, ein Dichter und Denker, obwohl er sicherlich nicht
mehr ganz dicht
Hello,
I assume that was meant for the mailinglist ;-)
- Weitergeleitete Nachricht -
Von: Kshitij Gupta kgupta8...@gmail.com
An: Christian Boltz appar...@cboltz.de
Betreff: Re: [apparmor] [patch] Add network mpls and ib to rule/network.py and
the apparmor.d manpage
Datum
/^\#define[
\t]\+CAP_\([A-Z0-9_]\+\)[ \t]\+\([0-9xa-f]\+\)\(.*\)$$/CAP_\1/p' | LANG=C sort)
.PHONY: list_capabilities
list_capabilities: /usr/include/linux/capability.h
Regards,
Christian Boltz
--
Ansonsten: Ich sage nur Diwasserstoffmonoxid.
Ja, ein äußerst schädliches Zeugs, vor allem wenn
Hello,
Am Donnerstag, 22. Oktober 2015 schrieb Christian Boltz:
> Note: This is a proof-of-concept patch. I won't object if someone
> sends an ack, but the main goal of this mail is to get feedback if
> the way I've chosen looks sane or if I should change some things ;-)
In the
default.
We should also ship a service file that loads the whole /etc/apparmor.d/
[1] with one parser call to avoid every distribution has to re-invent
the wheel ;-)
Regards,
Christian Boltz
[1] or even multiple (configurable) profile directories, as discussed on
IRC some days ago. The confi
lse ]),
('audit signal,' , [ False , False ,
False , False ]),
('signal receive,', [ False , False ,
False , False ]),
Regards,
Christian Boltz
--
I understand, I am also sure that they would not let
usr1) peer=/sbin/baz,'),
-]
-
-
-setup_all_loops(__name__)
-if __name__ == '__main__':
-unittest.main(verbosity=2)
Regards,
Christian Boltz
--
Yes, I know how much devs hate writing documentation... I was a dev.
[Carlos E. R. in opensuse-factory]
--
AppArmor mailing list
AppArmor@lists.ubuntu
Hello,
Am Freitag, 23. Oktober 2015 schrieb Christian Boltz:
> this patch adds the SignalRule and SignalRuleset classes
> Also add a set of tests (100% coverage :-) to make sure everything
> works as expected.
> [ 07-add-SignalRule-and-SignalRuleset.diff ]
Here's a small patch on
wards, my guess was right - if not, I was wrong ;-)
Regards,
Christian Boltz
[1] For example, if you use rsync for doing your backups and run it as
root, restricted by an AppArmor profile, AppArmor will deny access
to files owned by a user with -rw--- permissions because
technically
etwork inet stream, # foo'))
+
+expected = '\n network inet stream,\n allow network
inet stream, # foo\n'
+self.assertEqual(str(obj), expected)
+
+
+
setup_all_loops(__name__)
if __name__ == '__main__':
unittest.main(verbosity=2)
Regards,
Christian Boltz
--
>
obj = BaseRule()
with self.assertRaises(AppArmorBug):
Regards,
Christian Boltz
--
> Write the code like you are going to lose your memory in six months.
Most people would say I write code like I've already lost my mind.
Is that the same thing? [Randal L. Schwartz]
--
AppArmor mailing list
AppArmor@
/rule/signal.py
--- utils/apparmor/rule/signal.py 2015-10-23 01:17:21.579245521 +0200
+++ utils/apparmor/rule/signal.py 2015-10-23 01:08:01.149132984 +0200
@@ -0,0 +1,300 @@
+# --
+#Copyright (C) 2015 Christian Boltz
nal/bad_18.sd',
-'signal/bad_19.sd',
-'signal/bad_20.sd',
-'signal/bad_21.sd',
+'signal/bad_21.sd', # invalid regex
'unix/bad_attr_1.sd',
'unix/bad_attr_2.sd',
'unix/bad_attr_3.sd',
Regards,
Christian Boltz
--
Wir brauchen ein "postfixbuchconf"-Kommando,
if e['operation'] in ['file_perm', 'file_inherit'] and
e['request_mask'] is None:
self.debug_logger.debug('UNHANDLED (missing request_mask): %s'
% e)
return None
Regards,
Christian Boltz
--
In /etc steht, was Du denkst. In /proc steht, was das OS de
mon', None)),
(' signalling,', False),
(' audit signalling,', False),
Regards,
Christian Boltz
--
If someone wants to, go ahead - I will consider that person brave,
like a viking exploring the great unknown for the first time armed
only with a sword and shield while about to unkno
'signal
send,')
def test_glob_ext(self):
-with self.assertRaises(AppArmorBug):
+with self.assertRaises(NotImplementedError):
# get_glob_ext is not available for signal rules
self.ruleset.get_glob_ext('signal send set=int,')
Regards,
Christian Bol
-unconfined
TOOLS = ${PERLTOOLS} ${PYTOOLS} aa-decode
PYSETUP = python-tools-setup.py
-PYMODULES = $(wildcard apparmor/*.py)
+PYMODULES = $(wildcard apparmor/*.py apparmor/rule/*.py)
MANPAGES = ${TOOLS:=.8} logprof.conf.5
Regards,
Christian Boltz
--
Ich verlas mich. Die Dokumentation ist devel
= apparmor.aamode.AA_BARE_FILE_MODE
if not matches.group('owner'):
Regards,
Christian Boltz
--
Natürlich kann man Bäume mit der Nagelschere fällen, und es ist
bedeutend sicherer, als, sagenwirmal, eine Kettensäge. Trotzdem
ist eine Säge das korrekte Werkzeug. [Ratti in suse-linux
Hello,
Am Donnerstag, 29. Oktober 2015 schrieb Kshitij Gupta:
> On Fri, Oct 23, 2015 at 3:31 PM, Christian Boltz wrote:
> > BTW: when I test the log entry
> >
> > Oct 22 15:57:38 NR021AA kernel: [ 69.827705] audit: type=1400
> >
> > audit(14455
Hello,
Am Dienstag, 20. Oktober 2015 schrieb John Johansen:
> On 07/20/2015 12:22 PM, Christian Boltz wrote:
> > for debugging, it's helpful to know which part of the code
> > initialized a profile_storage and for which profile and hat this
> > was done.
> >
> >
deleted += delete_path_duplicates(self.profile.aa[program][hat],
self.other.aa[program][hat], 'allow', self.same_file)
Regards,
Christian Boltz
--
:O h:, ich schmeiß mich weg. Wenn es das mit dem Quiz nicht ist, ist es
dann so ein Pyramidenschema? Bekommt man eine Prämie, wenn man
initialization
for rule_obj in other.aa[profile][hat][ruletype].rules:
Regards,
Christian Boltz
--
Schlagen. Verklagen. Z.B. bei der c't verpfeifen, auf daß es fortan
die Spatzen von den Dächern pfeifen, was für Pfeifen das bei $Firma
sind. *scnr* [David Haller in suse
r', False)
-#self._compare_obj(obj, expected)
+self._compare_obj(obj, expected)
-#self.assertEqual(obj.get_raw(1), ' signal send raw,')
+self.assertEqual(obj.get_raw(1), ' signal send set=term
peer=/usr/bin/pulseaudio///usr/lib/pulseaudio/pulse/gconf-helper
2015-10-04 23:27:26.940248676 +0200
+++ utils/apparmor/aare.py 2015-10-20 19:58:45.330137525 +0200
@@ -0,0 +1,46 @@
+# --
+#Copyright (C) 2015 Christian Boltz <appar...@cboltz.de>
+#
+#This program is free softwar
ries/libapparmor/src/.libs/
-PYTHONPATH=..
+PYTHONPATH=..:$(PYTHON_DIST_BUILD_PATH)
endif
.PHONY: __libapparmor
Regards,
Christian Boltz
--
NEVER use bad english as an excuse for anything with me :D
cuz my english SUCKED when I got involved with FOSS. Now I can give
talks to hundere
/additional-log-sockets.conf r,
Regards,
Christian Boltz
--
hallern: Seine Linux-Distri so gut beherrschen, dass man alle
sicherheitsrelevatne Patches selber vornehmen und damit die Distri auch
ohne den Distributor aktuell halten kann -> s. Haller, David ;-)))
[Michael Höhne in suse-li
boolean_bad_8.sd',
-'vars/vars_bad_1.sd',
-'vars/vars_bad_2.sd',
'vars/vars_bad_3.sd',
'vars/vars_bad_4.sd',
'vars/vars_bad_5.sd',
@@ -178,7 +176,6 @@
'vars/vars_bad_trailing_comma_2.sd',
'vars/vars_bad_trailing_comma_3.sd',
'vars/vars_bad_trailing_comma_4.sd',
-'
re defined in the
provided AppArmor policy:
Regards,
Christian Boltz
--
"The day Microsoft makes something that doesn't suck is probably
the day they start making vacuum cleaners." [Ernst Jan Plugge]
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or un
Hello,
Am Samstag, 24. Oktober 2015 schrieb Christian Boltz:
> $subject.
>
> Also adjust test-signal for AARE (it needed a change in
> _compare_obj()) and enable the regex-based tests.
Here's v2. with the following changes:
- hand over log_event when creating the AARE
Hello,
Am Samstag, 24. Oktober 2015 schrieb Christian Boltz:
> [patch] AARE class
>
> The AARE class is meant to handle the internals of path AppArmor
> regexes at various places / rule types (filename, signal peer etc.).
> The goal is to use it in rule classes to hide all
Hello,
Am Montag, 16. November 2015 schrieb Christian Boltz:
> Am Samstag, 24. Oktober 2015 schrieb Christian Boltz:
> > [patch] AARE class
> >
> > The AARE class is meant to handle the internals of path AppArmor
> > regexes at various places / rule types
ery fast in reviewing the AARE patches, I'll send the
improvements as separate patch. Otherwise expect v2 in the next days ;-)
Regards,
Christian Boltz
--
A pair of extra monkeys under Coolo's charge would probably help
more... It's clear to us that Coolo's days have now 36 hours...
[Nelson Ma
Hello,
Am Montag, 19. Oktober 2015 schrieb Kshitij Gupta:
> On Sun, Oct 18, 2015 at 8:50 PM, Christian Boltz wrote:
> > if a script contains a hashbang like
> >
> > #! /usr/bin/perl -w
> >
> > aa-autodep created a profile entry like
> >
> &
ofile][hat]['filename'] = file
flags = matches.group('flags')
Regards,
Christian Boltz
--
"Kann mir jemand seine Erfahrungen mit dem Gigaset Router schildern.
Ich möchte mit dem Gerät meine Kaffemaschine Mitropa 3000+ (SW-Stand
47.11 / HW-Rev.: 08/15) mit Ethernet-Interface fernbe
r installing
> apparmor.
Or zypper al libnotify-send ;-)
BTW: apparmor-utils also recommend net-tools (in 13.2 and leap) or
net-tools-deprecated (tumbleweed) because aa-unconfined needs netstat.
The good thing about net-tools{,-deprecated} is that it doesn't drag in
a large dependency chain, s
_OK):
-raise AppArmorException('Can\'t find ldd')
-
logger = conf.find_first_file(cfg['settings']['logger']) or '/bin/logger'
if not os.path.isfile(logger) or not os.access(logger, os.EX_OK):
raise AppArmorException('Can\'t find logger')
Regards,
Christian Boltz
--
Wenn ich eine SuSE-CD an
nd apparmor_parser')
-logger = conf.find_first_file(cfg['settings']['logger']) or '/bin/logger'
-if not os.path.isfile(logger) or not os.access(logger, os.EX_OK):
-raise AppArmorException('Can\'t find logger')
Regards,
Christian Boltz
--
Telefon
Gerät, das die Person am anderen Ende der Leitung b
not kept up with
-# advances in the apparmor policy language. Re-enable when it is
-# updated.
.PHONY: check
-check: check-parser
+check: check-parser check-logprof
.PHONY: check-parser
check-parser:
Regards,
Christian Boltz
[1] I already sent this patch in June, and it got mixed feedback
():
+if os.path.isfile(f):
+filename = f
+break
return filename
def find_first_dir(self, dir_list):
Regards,
Christian Boltz
--
Jetzt bringt das KDE schon ein eigenes shutdown mit? Ist ja ein kHammer!
(und morgen müssen wir kke
Hello,
Am Dienstag, 20. Oktober 2015 schrieb John Johansen:
> On 10/20/2015 12:50 PM, Christian Boltz wrote:
> > from my patch archive: [1]
> >
> > aa-logprof is able to parse all profiles, so there is no longer a
> > reason to skip this test.
>
> What happens
libraries/libapparmor/swig/python/test/Makefile.in
libraries/libapparmor/swig/ruby/Makefile
libraries/libapparmor/swig/ruby/Makefile.in
Regards,
Christian Boltz
--
jjohansen: we can just label it "the can't be more broken than
2.8.3 release" ;-)
cboltz: no, with a
Hello,
Am Dienstag, 20. Oktober 2015 schrieb John Johansen:
> On 10/20/2015 02:57 PM, Christian Boltz wrote:
> > Now that make -C utils needs the in-tree libapparmor, those
> > files become annoying in the bzr status output ;-)
>
> err needs? I remember a patch that pro
(self.tmpdir, 'profile', '%s {\n}\n' % profile_header)
Regards,
Christian Boltz
--
Of course, on the system *I* administrate, vi is symlinked to ed.
Emacs has been replaced by a shell script which 1) Generates a syslog
message at level LOG_EMERG; 2) reduces the user's disk quota by 100K;
and 3) RUNS
):
for hat in sorted(cfg['required_hats'][hatglob].split()):
+if not local_profile.get(hat, False):
+local_profile[hat] = profile_storage()
local_profile[hat]['flags'] = 'complain'
if not is_stub:
Regards,
Christian Boltz
--
i am
bin/python',
'abstractions/python')),
('#!/usr/bin/python2', ('/usr/bin/python2',
'abstractions/python')),
('#!/usr/bin/python2.7',('/usr/bin/python2.7',
'abstractions/python')),
Regards,
Christian Boltz
--
We voted and a big majority wanted it this way. So dont blame this
ed_flags):
file = write_file(self.tmpdir, 'profile', '%s {\n}\n' % profile_header)
Regards,
Christian Boltz
--
Disclaimer: In case you are either 1) a complete idiot; or 2) a lawyer;
or 3) both, please be aware that [...] [from fixubuntu.com]
--
AppArmor mailing list
AppArmor@lists.ub
SCRIPTION unix accept rule outside of a profile
+#=EXRESULT FAIL
+
+ unix accept,
Regards,
Christian Boltz
--
switch2nvidia:
* fixed disabling Composite extension; script replaced "Option"
with "Optioff" :-(
[Stefan Dirsch in opensuse-commit]
--
AppArmor mailing l
,bar,user,other}/bar/',
'/foo/bar/bar/' ], True),
(['/foo/{foo,bar,user,other}/bar/',
'/foo/wrong/bar/' ], False),
Regards,
Christian Boltz
--
Du bist nicht auf dem Laufenden:
Eintasten-Keyboard ist jetzt auf
Regards,
Christian Boltz
--
Lass es mich so ausdrücken, Du hast einem mutmaßlichen Anfänger auf
die Frage "Wie lasse ich ein Auto an?", mit einer Erklärung wie er
die Zündung kurzschließt geantwortet :-)
[Ralf Corsepius in suse-programming]
--
AppArmor mailing list
AppArmor@list
701 - 800 of 1302 matches
Mail list logo
