Hello,
Am Montag, 26. März 2012 schrieb Steve Beattie:
> On Mon, Mar 26, 2012 at 10:22:31AM -0700, Steve Beattie wrote:
> > On Sat, Mar 24, 2012 at 12:24:39AM +0100, Christian Boltz wrote:
> > > +'FILENAME': r'(\/|\@\{\S*\})\S*', # just a filename
> > > (taken from @@FILE@@)>
> > Give
Public bug reported:
mount options support the use of pattern matching but mount flags are
not correctly intersected against specified patterns.
mount options=**,
should be equivalent to
mount,
but it is not because the flag values do not intersect the **
expression.
** Affects: apparmor
Hello,
I just noticed that rcapparmor reload returns a green "done" ($? = 0)
even if a profile has syntax errors:
# /etc/init.d/boot.apparmor reload x
Restarting AppArmor AppArmor parser error for /etc/apparmor.d/usr.sbin.winbindd
in /etc/apparmor.d/usr.sbin.winbindd at line 10: syntax error, u
On Mon, Mar 26, 2012 at 10:22:31AM -0700, Steve Beattie wrote:
> On Sat, Mar 24, 2012 at 12:24:39AM +0100, Christian Boltz wrote:
> > +'FILENAME': r'(\/|\@\{\S*\})\S*', # just a filename (taken
> > from @@FILE@@)
>
> Given the above, it's probably better to make the relation explicit,
On Sat, Mar 24, 2012 at 12:24:39AM +0100, Christian Boltz wrote:
> +'FILENAME': r'(\/|\@\{\S*\})\S*', # just a filename (taken from
> @@FILE@@)
Given the above, it's probably better to make the relation explicit,
so that if the pattern needs to change at some point, you only need
to c
On 03/26/2012 09:48 AM, Steve Beattie wrote:
> On Mon, Mar 26, 2012 at 06:03:56AM -0700, John Johansen wrote:
>> Signed-off-by: John Johansen
>> ---
>> parser/parser.h|3 ++-
>> parser/parser_lex.l| 17 +
>> parser/parser_misc.c
On Mon, Mar 26, 2012 at 06:03:55AM -0700, John Johansen wrote:
> The kernel has an extended test for change_profile when used with
> onexec, that allows it to only work against set executables.
>
> The parser is not correctly mapping change_profile for this test
> update the mapping so change_onex
On Mon, Mar 26, 2012 at 06:03:56AM -0700, John Johansen wrote:
> Signed-off-by: John Johansen
> ---
> parser/parser.h|3 ++-
> parser/parser_lex.l| 17 +
> parser/parser_misc.c |4 +++-
> parser/parser_yacc.y
On Mon, Mar 26, 2012 at 06:03:54AM -0700, John Johansen wrote:
> The capabilities tests where failing in the changehat_wrapper test. This was
> because
> they could not the changehat_wrapper sub executable, which trying to exec a
> binary
> in the tmpdir.
>
> Specifically if the test was for sy
On Mon, Mar 26, 2012 at 06:03:53AM -0700, John Johansen wrote:
> The retaining of the tmpdir is used during debugging of test failures, but
> currently
> when a test fails, the next test is run overwritting the previous tmpdir
> value. This
> is a problem even when manually running individual tes
Signed-off-by: John Johansen
---
parser/mount.c | 28
1 files changed, 24 insertions(+), 4 deletions(-)
diff --git a/parser/mount.c b/parser/mount.c
index d4a5845..d446d29 100644
--- a/parser/mount.c
+++ b/parser/mount.c
@@ -362,15 +362,16 @@ static struct value_li
Signed-off-by: John Johansen
---
parser/parser.h|3 ++-
parser/parser_lex.l| 17 +
parser/parser_misc.c |4 +++-
parser/parser_yacc.y | 15 +--
parser/tst/simple_tests/mount/in_
The capabilities tests where failing in the changehat_wrapper test. This was
because
they could not the changehat_wrapper sub executable, which trying to exec a
binary
in the tmpdir.
Specifically if the test was for syscall_ptrace. It would generate a profile
with
a hat for ^syscall_ptrace an
The kernel has an extended test for change_profile when used with
onexec, that allows it to only work against set executables.
The parser is not correctly mapping change_profile for this test
update the mapping so change_onexec will work when confined.
Note: the parser does not currently support
* A couple updates to the regression tests
* Fix and regression tests for change_onexec. userspace portion of Bug #963756
* Make it easier to specify certain semantics around mount options - by adding
'in' keyword
Part of the fix for Bug #959560
--
AppArmor mailing list
AppArmor@lists.ubuntu.
The retaining of the tmpdir is used during debugging of test failures, but
currently
when a test fails, the next test is run overwritting the previous tmpdir value.
This
is a problem even when manually running individual test shell scripts if the
failure
is not the last test in the script.
Inst
16 matches
Mail list logo