Hello,
Am Dienstag, 27. Juni 2023, 18:49:04 CEST schrieb Andrea Bolognani:
> On Mon, Jun 26, 2023 at 10:46:40PM +0200, Christian Boltz wrote:
[...]
> > See above - IMHO the current upstream behaviour is not perfect, and
> > will hopefully change to not creating the local/ files by
5 apparmor.d for details.
(Since this is unrelated to local/, adding the abi lines should probably
be a separate patch.)
Regards,
Christian Boltz
[1] unrelated to AppArmor
--
File Not Found.Loading something that looks similar
signature.asc
Description: This is a digitally signed message part.
stream
> AppArmor does for its own profiles and abstractions.
See above - IMHO the current upstream behaviour is not perfect, and will
hopefully change to not creating the local/ files by default in 4.0.
Regards,
Christian Boltz
--
Social Media News: Instagram is down
Science News: Scienti
set=term
(keeping the parenthesis for consistency with other rules is also fine)
There are several signal rules with superfluous quotes in this patch,
and also one in the 2/2 patch.
(There's no need to re-send the patch for such a minor change IMHO.)
Regards,
Christian Boltz
--
I
and Ubuntu kernels support all rule
types.
Older AppArmor versions will ignore the abi line.
Adding the abi rule might mean that you'll have to add some network,
dbus or unix rules to the profiles, therefore please do some testing
instead of blindly adding the abi rule ;-)
Regards,
Christia
rt_leaseshelper child profile and
abstractions/nameservice have
/etc/libnl-3/classid r,
Note the slightly different path, git blame says it's a Debian path
added to the profile in 2016.
(I don't remember any denial for /etc/libnl/classid on openSUSE,
therefore I'm not sure if we sh
bility ipc_lock,
> + capability sys_rawio,
> + capability bpf,
> + capability perfmon,
> +
> + # Needed for vfio
> + capability sys_resource,
[...]
Just wondering - do the new profiles (in all 3 patches) reallly need
all the capabilities and the other broad rules?
(See my 0/3