Hello, Am Freitag, 2. November 2012 schrieb Gregor Dschung: > Gregor Dschung has proposed merging lp:~chkpnt/apparmor/patch-ruby > into lp:apparmor. > > Requested reviews: > AppArmor Developers (apparmor-dev) > > For more details, see: > https://code.launchpad.net/~chkpnt/apparmor/patch-ruby/+merge/132723 > > - the globbing as used in /etc/apparmor.d/abstrations/ruby doesn't > work for ruby 1.9.1 - rubygems need {,32,64} in the path, too
The proposed rules will fail with 1.10 and 2.x ;-) Since this is mostly about read permissions, what about relaxing the rules a bit to make them version-independent and easier readable? I'd propose to use /usr/lib{,32,64}/ruby/1.[89]*/ or even /usr/lib{,32,64}/ruby/[1-9].[0-9]*/ to be compatible with future ruby releases up to 9.x ;-) Even if you don't want to do that: > + /usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/*.rb r, > + /usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/**/*.rb r, You can merge these two lines to /usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/**.rb r, > + /usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/*-linux/*.so mr, > + /usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/*-linux/**/*.so mr, Same here, merge to: /usr/lib{,32,64}/ruby/1.{[89],[89].[0-9]}/*-linux/**.so mr, > + /usr/lib{,32,64}/ruby/site_ruby/1.{[89],[89].[0-9]}/*.rb r, > + /usr/lib{,32,64}/ruby/site_ruby/1.{[89],[89].[0-9]}/**/*.rb r, > + /usr/lib{,32,64}/ruby/site_ruby/1.{[89],[89].[0-9]}/*-linux/*.so mr, > + /usr/lib{,32,64}/ruby/site_ruby/1.{[89],[89].[0-9]}/*-linux/**/*.so mr, Two more pairs to merge ;-) Regards, Christian Boltz -- "Bei mir" läuft KDE gar nicht. Völlig korrekt. Logisch. Aber sinnfrei. [David Haller in opensuse-de] -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor