Re: [apparmor] [patch] some comments for create-apparmor.vim.py

Hello, Am Montag, 26. März 2012 schrieb Steve Beattie: > On Mon, Mar 26, 2012 at 10:22:31AM -0700, Steve Beattie wrote: > > On Sat, Mar 24, 2012 at 12:24:39AM +0100, Christian Boltz wrote: > > > +'FILENAME': r'(\/|\@\{\S*\})\S*', # just a filename > > > (taken from @@FILE@@)> > > Give

[apparmor] [Bug 965690] [NEW] mount flags do not match regular expressions/pattern matching

Public bug reported: mount options support the use of pattern matching but mount flags are not correctly intersected against specified patterns. mount options=**, should be equivalent to mount, but it is not because the flag values do not intersect the ** expression. ** Affects: apparmor

[apparmor] Bug: rcapparmor reload returns "done" even on profile syntax errors

Hello, I just noticed that rcapparmor reload returns a green "done" ($? = 0) even if a profile has syntax errors: # /etc/init.d/boot.apparmor reload x Restarting AppArmor AppArmor parser error for /etc/apparmor.d/usr.sbin.winbindd in /etc/apparmor.d/usr.sbin.winbindd at line 10: syntax error, u

Re: [apparmor] [patch] some comments for create-apparmor.vim.py

On Mon, Mar 26, 2012 at 10:22:31AM -0700, Steve Beattie wrote: > On Sat, Mar 24, 2012 at 12:24:39AM +0100, Christian Boltz wrote: > > +'FILENAME': r'(\/|\@\{\S*\})\S*', # just a filename (taken > > from @@FILE@@) > > Given the above, it's probably better to make the relation explicit,

Re: [apparmor] [patch] some comments for create-apparmor.vim.py

On Sat, Mar 24, 2012 at 12:24:39AM +0100, Christian Boltz wrote: > +'FILENAME': r'(\/|\@\{\S*\})\S*', # just a filename (taken from > @@FILE@@) Given the above, it's probably better to make the relation explicit, so that if the pattern needs to change at some point, you only need to c

Re: [apparmor] [PATCH 4/5] Update the parser to support the 'in' keyword for value lists

On 03/26/2012 09:48 AM, Steve Beattie wrote: > On Mon, Mar 26, 2012 at 06:03:56AM -0700, John Johansen wrote: >> Signed-off-by: John Johansen >> --- >> parser/parser.h|3 ++- >> parser/parser_lex.l| 17 + >> parser/parser_misc.c

Re: [apparmor] [PATCH 3/5] Fix permission mapping for change_profile onexec

On Mon, Mar 26, 2012 at 06:03:55AM -0700, John Johansen wrote: > The kernel has an extended test for change_profile when used with > onexec, that allows it to only work against set executables. > > The parser is not correctly mapping change_profile for this test > update the mapping so change_onex

Re: [apparmor] [PATCH 4/5] Update the parser to support the 'in' keyword for value lists

On Mon, Mar 26, 2012 at 06:03:56AM -0700, John Johansen wrote: > Signed-off-by: John Johansen > --- > parser/parser.h|3 ++- > parser/parser_lex.l| 17 + > parser/parser_misc.c |4 +++- > parser/parser_yacc.y

Re: [apparmor] [PATCH 2/5] Fix the changehat_wrapper regression test

On Mon, Mar 26, 2012 at 06:03:54AM -0700, John Johansen wrote: > The capabilities tests where failing in the changehat_wrapper test. This was > because > they could not the changehat_wrapper sub executable, which trying to exec a > binary > in the tmpdir. > > Specifically if the test was for sy

Re: [apparmor] [PATCH 1/5] Modifify regression test infrastructure to stop on failure when retainingtmpdir

On Mon, Mar 26, 2012 at 06:03:53AM -0700, John Johansen wrote: > The retaining of the tmpdir is used during debugging of test failures, but > currently > when a test fails, the next test is run overwritting the previous tmpdir > value. This > is a problem even when manually running individual tes

[apparmor] [PATCH 5/5] Make mount operations aware of 'in' keyword so they can affect the flags build list

Signed-off-by: John Johansen --- parser/mount.c | 28 1 files changed, 24 insertions(+), 4 deletions(-) diff --git a/parser/mount.c b/parser/mount.c index d4a5845..d446d29 100644 --- a/parser/mount.c +++ b/parser/mount.c @@ -362,15 +362,16 @@ static struct value_li

[apparmor] [PATCH 4/5] Update the parser to support the 'in' keyword for value lists

Signed-off-by: John Johansen --- parser/parser.h|3 ++- parser/parser_lex.l| 17 + parser/parser_misc.c |4 +++- parser/parser_yacc.y | 15 +-- parser/tst/simple_tests/mount/in_

[apparmor] [PATCH 2/5] Fix the changehat_wrapper regression test

The capabilities tests where failing in the changehat_wrapper test. This was because they could not the changehat_wrapper sub executable, which trying to exec a binary in the tmpdir. Specifically if the test was for syscall_ptrace. It would generate a profile with a hat for ^syscall_ptrace an

[apparmor] [PATCH 3/5] Fix permission mapping for change_profile onexec

The kernel has an extended test for change_profile when used with onexec, that allows it to only work against set executables. The parser is not correctly mapping change_profile for this test update the mapping so change_onexec will work when confined. Note: the parser does not currently support

[apparmor] [Patch 0/5] More fixes for 2.8

* A couple updates to the regression tests * Fix and regression tests for change_onexec. userspace portion of Bug #963756 * Make it easier to specify certain semantics around mount options - by adding 'in' keyword Part of the fix for Bug #959560 -- AppArmor mailing list AppArmor@lists.ubuntu.

[apparmor] [PATCH 1/5] Modifify regression test infrastructure to stop on failure when retainingtmpdir

The retaining of the tmpdir is used during debugging of test failures, but currently when a test fails, the next test is run overwritting the previous tmpdir value. This is a problem even when manually running individual test shell scripts if the failure is not the last test in the script. Inst