Thanks John,
So far I've been successful from the info you have provided. I've
compiled a policy into a binary blob and got it loaded into a buffer and
successfully loaded this into the kernel.
Colin
On 15/12/15 00:32, John Johansen wrote:
> On 12/14/2015 07:44 AM, Colin Ian King wrote:
>> Hi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 15/12/15 18:45, Steve Beattie wrote:
> Hey Colin,
>
> On Tue, Dec 15, 2015 at 05:29:43PM +, Colin Ian King wrote:
>> So far I've been successful from the info you have provided. I've
>> compiled a policy into a binary blob and got it loaded
Hey Colin,
On Tue, Dec 15, 2015 at 05:29:43PM +, Colin Ian King wrote:
> So far I've been successful from the info you have provided. I've
> compiled a policy into a binary blob and got it loaded into a buffer and
> successfully loaded this into the kernel.
That's great!
I'm curious which
Create a simple aa-exec implementation, written in C, matching the
--help, --debug, --verbose, and --profile options present in the current
Perl implementation.
The build system is updated to honor the USE_SYSTEM make variable which
allows aa-exec to be linked against the system libapparmor
This patch set creates regression tests for aa-exec and rewrites aa-exec in C
rather than Perl. The main reason behind the rewrite is that aa-exec is
becoming a widely used utility that has its place on even the most minimal of
Linux images and Perl is falling out of favor in some of those
Add regression tests for the --profile, --namespace, and --immediate
options of aa-exec.
A new variable is added to uservars.inc to point to the in-tree or
system aa-exec depending on the presence of the USE_SYSTEM=1 make
variable at build time.
Signed-off-by: Tyler Hicks
The new C based aa-exec does not implement the --file option.
Signed-off-by: Tyler Hicks
---
utils/aa-exec.pod | 4
1 file changed, 4 deletions(-)
diff --git a/utils/aa-exec.pod b/utils/aa-exec.pod
index 58dedb2..14f0429 100644
--- a/utils/aa-exec.pod
+++
Call aa_change_profile(), instead of aa_change_onexec(), when
--immediate is passed in.
Signed-off-by: Tyler Hicks
---
utils/aa_exec.c | 18 --
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/utils/aa_exec.c b/utils/aa_exec.c
index
Remove the Perl aa-exec implementation and build aa_exec.c as aa-exec.
Note that the new C aa-exec does not implement the --file option which
was present in the Perl aa-exec. It encouraged running programs as root,
since root privileges were required to load the specified profile.
All other
On 12/15/2015 12:55 PM, Tyler Hicks wrote:
> This patch set creates regression tests for aa-exec and rewrites aa-exec in C
> rather than Perl. The main reason behind the rewrite is that aa-exec is
> becoming a widely used utility that has its place on even the most minimal of
> Linux images and
On 2015-12-15 17:37:35, Tyler Hicks wrote:
> On 2015-12-02 22:00:32, Christian Boltz wrote:
> > Hello,
> >
> > Am Dienstag, 1. Dezember 2015 schrieb Christian Boltz:
> > > Am Montag, 30. November 2015 schrieb Tyler Hicks:
> > > > A common usage of aa-easyprof is to pipe its stdout to a file
> > >
On Tue, Dec 15, 2015 at 06:41:48PM -0600, Tyler Hicks wrote:
> > + if (!quiet) {
> > + switch(err) {
> > + case ENOSYS:
> > + printf(_("No - not available on this system.\n"));
> > + break;
> > + case ECANCELED:
> > +
On 12/15/2015 12:56 PM, Tyler Hicks wrote:
> Remove the Perl aa-exec implementation and build aa_exec.c as aa-exec.
>
> Note that the new C aa-exec does not implement the --file option which
> was present in the Perl aa-exec. It encouraged running programs as root,
> since root privileges were
On 12/15/2015 12:56 PM, Tyler Hicks wrote:
> The new C based aa-exec does not implement the --file option.
>
> Signed-off-by: Tyler Hicks
Acked-by: John Johansen
> ---
> utils/aa-exec.pod | 4
> 1 file changed, 4 deletions(-)
>
> diff
Don't catch AppArmorExceptions in aa-easyprof any longer and rely on
apparmor.fail to print the exception to stderr.
Signed-off-by: Tyler Hicks
---
utils/aa-easyprof | 12 ++--
1 file changed, 2 insertions(+), 10 deletions(-)
diff --git a/utils/aa-easyprof
John asked that I take a look at this patch in order to see if my
proposed aa-exec rewrite in C should use the binutils/ dir proposed by
this patch.
On 2015-11-28 10:38:34, John Johansen wrote:
> v3
>
> change conflicting/unknown option warning message slightly
> output error string on failure
>
16 matches
Mail list logo