On 07/05/2013 07:17 PM, Seth Arnold wrote: > On Mon, Jul 01, 2013 at 05:15:07PM -0500, Jamie Strandboge wrote: > >> @@ -428,6 +546,7 @@ >> s = "%s# No read paths specified" % prefix >> if len(read_path) > 0: >> s = "%s# Specified read permissions" % (prefix) >> + read_path.sort() >> for i in read_path: >> for r in self.gen_path_rule(i, 'r'): >> s += "\n%s%s" % (prefix, r) >> @@ -438,17 +557,109 @@ >> s = "%s# No write paths specified" % prefix >> if len(write_path) > 0: >> s = "%s# Specified write permissions" % (prefix) >> + write_path.sort() >> for i in write_path: >> for r in self.gen_path_rule(i, 'rwk'): >> s += "\n%s%s" % (prefix, r) >> policy = re.sub(r' *%s' % search, s, policy) > > We may also need a way to allow profile authors to push 'k' through on > files that they'll only read. (Maybe all these cases will already be > handled via abstractions.) >
Agreed. Fixed. -- Jamie Strandboge http://www.ubuntu.com/
signature.asc
Description: OpenPGP digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
