...@canonical.com
Acked-by: Seth Arnold seth.arn...@canonical.com
---
parser/parser_policy.c | 68
--
1 file changed, 68 deletions(-)
diff --git a/parser/parser_policy.c b/parser/parser_policy.c
index f147be7..76a65c8 100644
--- a/parser
On Sun, Jul 21, 2013 at 10:32:53PM -0700, John Johansen wrote:
Drop support for the old subdomainfs mountpoint and use the fn exported
by libapparmor.
Signed-off-by: John Johansen john.johan...@canonical.com
Acked-by: Seth Arnold seth.arn...@canonical.com
---
parser/Makefile | 3
-off-by: Steve Beattie sbeat...@ubuntu.com
Acked-by: Seth Arnold seth.arn...@canonical.com
Thanks
---
parser/parser_main.c | 12 +++-
1 file changed, 7 insertions(+), 5 deletions(-)
Index: b/parser/parser_main.c
On Sun, Jul 21, 2013 at 10:32:44PM -0700, John Johansen wrote:
- Make indenting consistent
- Move common match + fn patterns into a single shared entry with mulitstate
headers
- add names table to convert lexer state #s to state names used in the code
- Create/use macros for common patterns
On Wed, Jul 24, 2013 at 09:26:43AM -0700, John Johansen wrote:
So we have a binary (C based) version of aa-exec that just needs a little
more revision before we land it. One of the things we need to decide is
which package to put it in.
We could modify the utils packaging to handle binary
On Sun, Jul 21, 2013 at 10:32:45PM -0700, John Johansen wrote:
Signed-off-by: John Johansen john.johan...@canonical.com
Wow, another awesome looking cleanup.
Some comments inline.
---
parser/parser.h | 6 ++
parser/parser_yacc.y | 191
On Sun, Jul 21, 2013 at 10:32:46PM -0700, John Johansen wrote:
let allow be used as a prefix in place of deny. Allow is the default
and is implicit so it is not needed but some user keep tripping over
it, and it makes the language more symmetric
eg.
/foo rw,
allow /foo rw,
On Sun, Jul 21, 2013 at 10:32:47PM -0700, John Johansen wrote:
Refactor policydb entry processing so that post_process_policydb_ents is
just a driver for rule specific routines.
Signed-off-by: John Johansen john.johan...@canonical.com
Acked-by: Seth Arnold seth.arn...@canonical.com
Thanks
On Sun, Jul 21, 2013 at 10:32:48PM -0700, John Johansen wrote:
Remove use of AARE_DFA as the alternate pcre matching engine was removed
years ago.
Signed-off-by: John Johansen john.johan...@canonical.com
Acked-by: Seth Arnold seth.arn...@canonical.com
Wow, keep these cleanups coming
This exports the set of capability names as generated by the kernel
so that the policy compiler can support capability names as keywords
dynamically when the kernel picks up new capabilities.
Signed-off-by: John Johansen john.johan...@canonical.com
Acked-by: Seth Arnold seth.arn...@canonical.com
On Mon, Jul 22, 2013 at 06:52:12PM +0200, Daniel Curtis wrote:
Hi
I would like to ask what happened with the *lightdm-guest-session *
profile from */etc/apparmor.d/* directory? If I remember correctly,
this profile contains a lot of policies, rules etc. Now it looks like
this:
#
On Thu, Jul 11, 2013 at 03:53:05PM -0700, John Johansen wrote:
So this is a C based version of aa-exec to replace the perl version.
I like it better already... but... :)
---
/*
* Copyright (C) 2013 Canonical Ltd.
*
* This program is free software; you can redistribute it and/or
On Wed, Jul 10, 2013 at 01:35:35PM +0200, Ángel González wrote:
Replying to differenet mails:
now what of abstract sockets? They are the same as unix domain but
begin with \0. We could use this notation or chose an alternate way
of expressing it.
network unix name=\0foo,
or maybe
On Wed, Jul 10, 2013 at 02:18:22PM -0700, John Johansen wrote:
So it turns out we are going to need to support policy versioning (Christian
can gloat now). The question because how we support it
I'm pretty sure I've seen a matrix somewhere that described the different
mediation semantics and
On Sat, Jul 06, 2013 at 12:37:20PM -0500, Jamie Strandboge wrote:
There's a race condition here; well, maybe not -race-, but
self.template is updated before the sanity checks are performed. If
either of those exceptions gets ignored in callers, the template is
set to unsafe values.
and 2.8:
Acked-by: Seth Arnold seth.arn...@canonical.com
=== modified file 'utils/Immunix/AppArmor.pm'
--- utils/Immunix/AppArmor.pm 2013-07-05 21:12:08 +
+++ utils/Immunix/AppArmor.pm 2013-07-09 00:31:23 +
@@ -3879,8 +3879,8 @@
$newpath =~ s
On Mon, Jul 08, 2013 at 02:06:42AM -0700, John Johansen wrote:
Below is a mostly complete patch for
https://bugs.launchpad.net/apparmor/+bug/888077
It is currently missing support for link and mount rules. This patch is
done against the 2.8 branch, and the question is, is this something we
Wilk jw...@debian.org on Debian bug #714843.
Acked-by: Seth Arnold seth.arn...@canonical.com
---
profiles/apparmor.d/abstractions/fonts | 1 +
1 file changed, 1 insertion(+)
diff --git a/profiles/apparmor.d/abstractions/fonts
b/profiles/apparmor.d/abstractions/fonts
index d76b69f..f3b7f32
On Sat, Jul 06, 2013 at 10:47:45AM +0200, intrigeri+deb...@boum.org wrote:
From: intrigeri intrig...@boum.org
Debian sid's fonts-mathjax ships fonts in
/usr/share/javascript/mathjax/fonts, that are now used by default by
fontconfig-enabled software.
Acked-by: Seth Arnold seth.arn
On Sun, Jul 07, 2013 at 02:25:28PM +0200, Christian Boltz wrote:
It makes sense, even if it sounds slightly funny to explicitely mention
a perl version from 2007 ;-)
Hey, I still think of Perl 5.004 as The New Perl. :)
Thanks
signature.asc
Description: Digital signature
--
AppArmor mailing
On Mon, Jul 01, 2013 at 05:15:07PM -0500, Jamie Strandboge wrote:
+def set_template(self, template, allow_abs_path=True):
'''Set current template'''
self.template = template
+if ../ in template:
+raise AppArmorException('template %s contains ../
Here's the current Perl versions in Debian / Ubuntu world:
Ubuntu packages:
lucid: 5.10.1-8ubuntu2.3, Pocket: updates, Component: main
precise: 5.14.2-6ubuntu2.3, Pocket: updates, Component: main
quantal: 5.14.2-13ubuntu0.2, Pocket: updates, Component: main
raring: 5.14.2-21, Pocket: release,
I've checked this into trunk. I'm not sure about checking it into 2.8
though, since it introduces a requirement for Perl = 5.10.1 via the ~~
operator: http://stackoverflow.com/a/3095066/377270
** Changed in: apparmor
Assignee: Kshitij Gupta (kgupta8592) = AppArmor Developers (apparmor-dev)
Steve pointed out that I should document the Perl 5.10.1 minimum version
dependency introduced by Kshitij's de-dup patch. I took the opportunity
to broadly sketch our dependencies in our top-level README.
Thoughts?
Thanks
Signed-off-by: Seth Arnold seth.arn...@canonical.com
=== modified file
On Sun, Jun 30, 2013 at 03:07:38AM -0700, John Johansen wrote:
You've very nearly convinced me that for the various forms of on-machine
IPC pairing does not make a lot of sense and the automatic label mechanism
is a better fit.
Ha! I haven't convinced my self. That is I know we can do
On Mon, Jul 01, 2013 at 05:15:07PM -0500, Jamie Strandboge wrote:
@@ -428,6 +546,7 @@
s = %s# No read paths specified % prefix
if len(read_path) 0:
s = %s# Specified read permissions % (prefix)
+read_path.sort()
for i in read_path:
I wrote a long detailed response to your questions but realized after a
while that I was relying on some pretty huge assumptions on how the LSM
networking hooks interact with the secmark hooks.
So, rather than send a long email based on probably incorrect
assumptions, I figured I better address
acked-by
statement, if possible. :)
I'm sorry for letting this slip my mind.
For 2.8,
Acked-by: Seth Arnold seth.arn...@canonical.com
signature.asc
Description: Digital signature
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com
Impressive email, thanks.
I can't begin to address all the open questions you raised, but we have
to start somewhere, so here's my stab at what I felt was most important:
Pairing
You've very nearly convinced me that for the various forms of on-machine
IPC pairing does not make a lot of sense
On Tue, Jun 25, 2013 at 01:19:17PM -0700, Tyler Hicks wrote:
Unify aa_getprocattr_raw() and aa_getpeercon_raw() function prototypes
by hiding the len value-result parameter.
Signed-off-by: Tyler Hicks tyhi...@canonical.com
Cc: Seth Arnold seth.arn...@canonical.com
Cc: John Johansen
On Sun, Jun 23, 2013 at 04:23:14PM -0700, Tyler Hicks wrote:
From: John Johansen john.johan...@canonical.com
Return the total size of the security context on success
as documented.
Signed-off-by: John Johansen john.johan...@canonical.com
Acked-by: Seth Arnold seth.arn...@canonical.com
On Wed, Jun 26, 2013 at 07:54:46AM +0800, Aaron Lewis wrote:
Hi,
Looks like I can use rwmc altogether, am I wrong?
owner @{HOME}/.config/google-googletalkplugin/{**,} rwmc,
I can't see 'c' support in our current parser source code, not can I get
this to work in a test profile:
$ echo /t {
On Sun, Jun 23, 2013 at 04:23:13PM -0700, Tyler Hicks wrote:
From: John Johansen john.johan...@canonical.com
Protect against bugs in AppArmor's getsockopt() LSM hook from sending
aa_getpeercon() into an infinite loop.
Signed-off-by: John Johansen john.johan...@canonical.com
Acked-by: Seth
On Sun, Jun 23, 2013 at 04:23:17PM -0700, Tyler Hicks wrote:
The parameter names are slightly different in the two functions. Rename
buffer to buf and rename size to len to make the two function prototypes
look similar.
Signed-off-by: Tyler Hicks tyhi...@canonical.com
Acked-by: Seth Arnold
On Sun, Jun 23, 2013 at 04:23:16PM -0700, Tyler Hicks wrote:
The functions that return the confinement information of a peer socket
connection should parse and return the mode like the task-based
functions.
Signed-off-by: Tyler Hicks tyhi...@canonical.com
Acked-by: Seth Arnold seth.arn
The hu linguas is missing a couple of key shortcuts, which can cause
aa-logprof to fail: PromptUser: Érvénytelen gyorsbillentyű a következőhöz:
'Igen' (Invalid shortcut to following: 'Yes').
--
This looks good to me,
Acked-By: Seth Arnold seth.arn...@canonical.com
https
On Wed, Jun 12, 2013 at 10:55:50AM -0700, John Johansen wrote:
Till then, can someone help me out with the use case for the write
function of the profile tools? I'm not sure if I'm thinking in the
appropriate way. How are users expected to modify the config files?
I can understand reading
On Wed, Jun 12, 2013 at 03:42:34PM -0500, Jamie Strandboge wrote:
So, here's a first shot at Proposal #4:
[...]
/usr/bin/gnome-screensaver {
# Ignore file and accessibility bus access for this excercise
file,
dbus bus=accessibility,
# sarnold I think we could remove this
On Mon, Jun 10, 2013 at 06:44:13PM -0700, Tyler Hicks wrote:
To start us off, here's the profile using the current DBus syntax. It is
complex, but it uses all of the DBus accesses (send, receive, and
acquire) and it is representative of what a real profile may look like.
Thanks for this. These
.
Imho it would make sense to move the rule from gnome to the
fonts abstraction.
gnome includes fonts so there shouldn't be any regression.
Cheers,
Felix
Looks good to me, Thanks
Acked-by: Seth Arnold seth.arn...@canonical.com
=== modified file 'profiles/apparmor.d/abstractions/fonts
On Thu, May 30, 2013 at 08:31:31PM +0200, Christian Boltz wrote:
Correct - the only missing part is support in the utilities, which is
now on your list of wanted features ;-)
Talking about feature ideas - it would be nice to have profile
modification scriptable. I'm thinking about
On Thu, May 30, 2013 at 09:52:20AM -0700, Seth Arnold wrote:
=== modified file 'profiles/apparmor.d/abstractions/fonts'
--- profiles/apparmor.d/abstractions/fonts 2013-01-05 06:05:53 +
+++ profiles/apparmor.d/abstractions/fonts 2013-05-30 14:14:07 +
@@ -44,3 +44,6
On Wed, May 01, 2013 at 02:31:09PM -0700, John Johansen wrote:
A few comments in line..
+bool aa_update_label_name(struct aa_namespace *ns, struct aa_label *label,
+ gfp_t gfp);
+
+int aa_profile_snprint(char *str, size_t size, struct aa_namespace *ns,
+
On Wed, May 29, 2013 at 09:23:52AM -0700, John Johansen wrote:
Would you mind renaming the functions to _printf() where appropriate?
These names don't really speak to me.. (Also, are all those really
needed? :)
yes I would, because its not appropriate, non of them take a format string
On Wed, May 01, 2013 at 02:31:10PM -0700, John Johansen wrote:
Signed-off-by: John Johansen john.johan...@canonical.com
Acked-by: Seth Arnold seth.arn...@canonical.com
signature.asc
Description: Digital signature
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings
to know which namespace is in use so log
the unconfined profile and its namespace as well.
Signed-off-by: John Johansen john.johan...@canonical.com
This is nice, it anticipated a question I had from the previous patch. :)
Acked-by: Seth Arnold seth.arn...@canonical.com
signature.asc
what to do. The patch, as described, looked right
to me, but my quibble is with the intention of too-early exits. :)
So, uh, add Acked-by: Seth Arnold seth.arn...@canonical.com, but with
the hope that a future patch changes a lot of the logging logic. :)
Thanks
signature.asc
Description: Digital
On Tue, May 28, 2013 at 07:33:09PM +0530, Kshitij Gupta wrote:
I'm Kshitij Gupta from Lucknow, India. I had applied for GSoC under
openSUSE and am glad to have been accepted as a student to work on Profile
management tool for AppArmor under the guidance of Christian Boltz
(Project Mentor).
On Wed, May 01, 2013 at 02:31:08PM -0700, John Johansen wrote:
Baby step to using labels instead of profiles. Switch from using profile
refs to label refs. Note this step does not make any functional changes
Signed-off-by: John Johansen john.johan...@canonical.com
A few small comments
On Wed, May 01, 2013 at 02:31:05PM -0700, John Johansen wrote:
Signed-off-by: John Johansen john.johan...@canonical.com
---
security/apparmor/apparmorfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Acked-by: Seth Arnold seth.arn...@canonical.com
diff --git a/security/apparmor
On Wed, May 01, 2013 at 02:31:06PM -0700, John Johansen wrote:
Just add the labels to the tree to make sure insertions and deletions
into the rb tree are working.
@@ -1330,6 +1347,8 @@ ssize_t aa_remove_profiles(char *fqname, size_t size)
}
name =
;
+ error = -ENOMEM;
+ goto fail_lock;
There's a trailing space in the info = string.
With these two typos fixed,
Acked-by: Seth Arnold seth.arn...@canonical.com
Thanks
signature.asc
Description: Digital signature
--
AppArmor mailing list
AppArmor
On Sun, May 19, 2013 at 05:07:16AM -0700, John Johansen wrote:
When a profile is created the first profile it is created with is the
init profile.
- this profile is replaceable, and set as the default profile
- For the root namespace (namespace setup on boot)
- this profile is setup in the
On Wed, May 01, 2013 at 02:31:04PM -0700, John Johansen wrote:
In error conditions is possible to put a label that has not been added
to a labelset. In this case just directly free it.
Signed-off-by: John Johansen john.johan...@canonical.com
Acked-by: Seth Arnold seth.arn...@canonical.com
On Wed, May 01, 2013 at 02:31:03PM -0700, John Johansen wrote:
The labeling of files is implied by the set of rules and profiles.
Add the ability to set implicit labels on files to reduce the number
of path and rule lookups that are needed.
+static bool __aa_label_remove(struct aa_labelset
On Wed, May 15, 2013 at 05:13:15PM -0700, John Johansen wrote:
So this is a new attempt to frame the default/init/system profile discussion
Interesting. I like it.
There are several potential solutions to the problem of confining init
and its early children
1. Policy load in the
On Wed, May 01, 2013 at 02:31:00PM -0700, John Johansen wrote:
Add the dynamic profiles file to the interace, to allow load policy
introspection.
Signed-off-by: John Johansen john.johan...@canonical.com
Acked-by: Kees Cook k...@ubuntu.com
+/**
+ * __next_profile - step to the next profile
On Wed, May 01, 2013 at 02:31:02PM -0700, John Johansen wrote:
For profiles that have been replaced reuse the name string so the
old and new version of the profile share the same string. This will
make some checks/comparisons in labeling quicker.
+static void share_name(struct aa_profile
On Wed, May 01, 2013 at 02:31:03PM -0700, John Johansen wrote:
The labeling of files is implied by the set of rules and profiles.
Add the ability to set implicit labels on files to reduce the number
of path and rule lookups that are needed.
Signed-off-by: John Johansen
-to-private.patch: deny writes to upstart user sessions jobs
Oh, I meant to also nominate these for 2.8.
Acked-By: Seth Arnold seth.arn...@canonical.com for both trunk and 2.8
signature.asc
Description: Digital signature
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings
On Fri, May 10, 2013 at 11:24:46AM -0700, John Johansen wrote:
currently the override to select the default profile is
apparmor.unconfined=0 or N
and to select unconfined
apparmor.unconfined=Y
this option is fine but I'm not fond of apparmor.unconfined=0 We could
change this so that
On Thu, May 09, 2013 at 01:45:04PM -0700, Tyler Hicks wrote:
I think that we're mostly ok. We just need to think about it a little
differently. Here's the current syntax:
DBUS RULE = [ 'audit' ] [ 'deny' ] 'dbus' [ DBUS BUS ] [ ( DBUS LOCAL
CONDITIONS | - DBUS REMOTE CONDITIONS ) ] [ DBUS
On Thu, May 09, 2013 at 03:08:35PM -0700, John Johansen wrote:
it depends how you look at it. To me it is changing the meaning of -
of course I am now convinced that - is just wrong and we need different
syntax, because - just seems to have too many potential different
interpretations that
On Thu, May 09, 2013 at 03:27:24PM -0700, Tyler Hicks wrote:
dbus [address spec] acquire, # unchanged
dbus [address spec] - [address spec], # unidirectional
dbus [address spec] - [address spec], # unidirectional
dbus [address spec] - [address spec], # bidirectional
I'm all for making
On Wed, May 01, 2013 at 02:30:53PM -0700, John Johansen wrote:
--- a/security/apparmor/Kconfig
+++ b/security/apparmor/Kconfig
@@ -29,3 +29,14 @@ config SECURITY_APPARMOR_BOOTPARAM_VALUE
boot.
If you are unsure how to answer this question, answer 1.
+
+config
On Wed, May 01, 2013 at 02:30:54PM -0700, John Johansen wrote:
The default profile needs its replaced by information set as its on
the profile list and will have an fs interface (and the fs interface
files require a valid replacedby).
Signed-off-by: John Johansen john.johan...@canonical.com
On Wed, May 01, 2013 at 02:30:55PM -0700, John Johansen wrote:
Allow emulating the default profile behavior from boot, by allowing
loading of a profile in the unconfined state into a new NS.
Signed-off-by: John Johansen john.johan...@canonical.com
Acked-by: Seth Arnold seth.arn
:
line = re.sub(regex, my_repl, line.rstrip())
-print line
+sys.stdout.write('%s\n' % line)
+#print line
This comment could be deleted.
So feel free to add Skimmed-by: Seth Arnold seth.arn...@canonical.com
or whatever says I didn't spot anything wrong but I also didn't
On Fri, May 03, 2013 at 09:43:15PM +0200, Christian Boltz wrote:
Indeed - creating some profiles with genprof and logprof (and at the
same time reading the audit.log and the resulting profile) is the easier
and probably faster way to understand how genprof and logprof work.
Goal: you
On Wed, May 01, 2013 at 05:35:03PM +0200, Christian Boltz wrote:
Am Sonntag, 28. April 2013 schrieb Seth Arnold:
I don't know anything about the GSoC project or process, but it'd be
Let's change that ;-)
We (Kshitij, John and I) discussed several things in private mails,
but Kshitij's
On Tue, Apr 30, 2013 at 10:00:08PM +0200, Daniel Curtis wrote:
Since I've put a Firefox default profile in 'enforce' mode,
from some time in '/var/log/syslog' and '/var/log/kern.log'
files, I see some entries about AppArmor activity. It always
refers to one thing: '/dev/nvidiactl'.
There is
On Wed, May 01, 2013 at 02:30:46PM -0700, John Johansen wrote:
previously profiles had to be loaded one at a time, which could result
in cases where a replacement would partially succeed, and then fail
resulting in inconsitent policy.
Allow multiple profiles to replaced atomically so that
Johansen john.johan...@canonical.com
Acked-by: Seth Arnold seth.arn...@canonical.com
Thanks
signature.asc
Description: Digital signature
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
On Wed, May 01, 2013 at 02:30:52PM -0700, John Johansen wrote:
aa_put_profile causes profiles to go throw an rcu based delayed free
cycle. Discard profiles that can't be in use and hence don't need the delayed
free call free_profile directly.
This description doesn't seem to match the code,
On Wed, Apr 24, 2013 at 05:06:01PM +0530, Kshitij Gupta wrote:
I am Kshitij and I would like to work on developing a new AppArmor profile
management tool to further strengthen the AppArmor project as my Google
Summer of Code project. I have been using both C/C++ and Python for a while
and hope
On Sun, Apr 28, 2013 at 04:05:30PM +0200, Daniel Curtis wrote:
Default profile allows downloads to ~/Downloads and uploads from ~/Public,
right? So, what should I do or add to achieve this functionality. For now I
can upload and download files everywhere I want. I would like to achieve
that
-By: Seth Arnold seth.arn...@canonical.com
Thanks
signature.asc
Description: Digital signature
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
On Tue, Mar 19, 2013 at 11:37:46PM +0400, Артём Н. wrote:
Also I've added @{TORRENT_CLIENT} in tunables/global and I've granted
permissions on execution it in browser's rules.
tunables/global:
@{TORRENT_CLIENT}=/usr/bin/fatrat
This is going to lead to trouble. What we have now is
...@canonical.com
Acked-by: Seth Arnold seth.arn...@canonical.com
Thanks Tyler!
signature.asc
Description: Digital signature
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
On Mon, Mar 11, 2013 at 07:48:05PM -0700, John Johansen wrote:
Alright so we have a GSoC proposal (current text below), through opensuse
and I would like to put a couple of potential revisions to a vote.
1. Allowing for the Go language as an implementation option. I did this
to allow the
On Sat, Mar 09, 2013 at 07:46:39PM -0500, andrew barreto wrote:
is this also for questions?
On Sat, Mar 09, 2013 at 07:48:06PM -0500, andrew barreto wrote:
hi is this a alternative to AppArmor@lists.ubuntu.com
AppArmor@lists.ubuntu.com
Most email servers don't care about capitalization of
On Mon, Mar 11, 2013 at 09:12:57PM +0400, Артём Н. wrote:
I can't found profiles for some programs, which I use.
I use Debian OS and make profiles for it, but I hope, if they will be included
in ubuntu packages, one time they will migrate from ubuntu to Debian. :-)
Thanks for this :)
Probably
On Thu, Mar 07, 2013 at 03:38:17PM -0800, Tyler Hicks wrote:
It sounds like we're both on the same page.
Yes. :)
$ gcc -Wall -o query-profile query_profile.c -lapparmor
$ ldd query-profile
linux-vdso.so.1 = (0x7fffe41fe000)
libapparmor.so.1 = /usr/lib/libapparmor.so.1
On Thu, Mar 07, 2013 at 04:17:39PM -0800, Tyler Hicks wrote:
Am I just overcomplicating things?
No, it is a potentially valid use case but I'm trying to keep this
interface simple so that most applications don't have to worry about
bitwise operations of four permission masks that come from
Hicks tyhi...@canonical.com
Acked-by: Seth Arnold seth.arn...@canonical.com
Thanks Tyler! :)
signature.asc
Description: Digital signature
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
On Tue, Mar 05, 2013 at 06:38:35PM -0800, Tyler Hicks wrote:
This looks really good. A few nitpicks inline..
Allow userspace applications to query for allowed, denied, audit, and
quiet permissions using a profile name and a DFA match string. Userspace
applications that wish to enforce access
On Wed, Mar 06, 2013 at 04:39:00PM -0800, Tyler Hicks wrote:
I may have tuned out a discussion on IRC about the 'deny' flags -- at
least it feels like a conversation I've ignored :) -- but the profiles
currently communicate 'deny' through the 'quiet' flags.
Oh? I must have misunderstood
On Tue, Mar 05, 2013 at 10:44:35PM -0800, Tyler Hicks wrote:
* Setting two int return parameters to indicate allow and audit isn't a
final solution. I was thinking that I'd return a special return code
that will indicate error or allow and audit statuses. Then define some
simple macros
On Tue, Mar 05, 2013 at 07:42:26AM -0800, Tyler Hicks wrote:
Add a dbus directory to the apparmor securityfs features subdirectory to
contain a mask file with the supported D-Bus mediation rules.
Signed-off-by: Tyler Hicks tyhi...@canonical.com
Acked-by: Seth Arnold seth.arn...@canonical.com
deny capability block_suspend because nobody can imagine why it
would be needed.
References: https://bugzilla.novell.com/show_bug.cgi?id=807104
Acked-by: Seth Arnold seth.arn...@canonical.com
=== modified file 'profiles/apparmor.d/usr.sbin.nscd'
--- profiles/apparmor.d/usr.sbin.nscd 2013
@@ -546,17 +534,40 @@ static void __ns_list_release(struct list_head *head);
*/
static void destroy_namespace(struct aa_namespace *ns)
{
+ struct aa_profile *unconfined;
+
if (!ns)
return;
- write_lock(ns-lock);
+ mutex_lock(ns-lock);
/*
In the code below, the if (error) return error; near the top of the
loop feels a bit out of place -- if one policy loads fine and a second
policy fails the header check, a profile is on the list_head and never
cleaned up. (I mentioned the caller of this function in a different
email -- this is the
On Wed, Feb 27, 2013 at 10:14:00AM -0800, John Johansen wrote:
* aa_replace_profiles - replace profile(s) on the profile list
* @udata: serialized data stream (NOT NULL)
* @size: size of the serialized data stream
...
*/
ssize_t aa_replace_profiles(void *udata, size_t size, bool
On Wed, Feb 27, 2013 at 10:14:01AM -0800, John Johansen wrote:
signed-offby: John Johansen john.johan...@canonical.com
Acked-By: Seth Arnold seth.arn...@canonical.com
signature.asc
Description: Digital signature
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings
Review: Approve
Thanks, looks good to me.
--
https://code.launchpad.net/~sdeziel/apparmor-profiles/fix-for-lp1133409/+merge/150605
Your team AppArmor Developers is subscribed to branch lp:apparmor-profiles.
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
On Fri, Feb 08, 2013 at 01:00:55PM -0800, John Johansen wrote:
@@ -1091,13 +1098,13 @@ ssize_t aa_replace_profiles(void *udata, size_t size,
bool noreplace)
Again, found while reviewing this patch, but not actually changed by
_this_ patch at all. (Sorry.) My comments are out here:
Sorry this might be confusing, I had been looking at the top of your
tree for my code inspections while reading through the details of the
patch. So some of the references to profile-parent or __list_add_profile
might have been added by _future_ patches -- I was afraid I'd forget
the details if I
On Fri, Feb 08, 2013 at 01:00:55PM -0800, John Johansen wrote:
+/**
+ * aa_get_profile_rcu - increment a refcount profile that can be replaced
+ * @p: pointer to profile that can be replaced (NOT NULL)
+ *
+ * Returns: pointer to a refcounted profile.
+ * else NULL if no profile
+ */
On Fri, Feb 15, 2013 at 11:10:24AM -0600, Jamie Strandboge wrote:
+for i in range(self.timeout): # Up to self.timeout seconds to start
rc, out = cmd(['xpra', 'list'])
+
+if 'DEAD session at %s' % self.display in out:
+error(xpra session at '%s'
On Fri, Feb 08, 2013 at 01:00:55PM -0800, John Johansen wrote:
signed-offby: John Johansen john.johan...@canonical.com
---
security/apparmor/domain.c | 15 ++-
security/apparmor/include/apparmor.h |6 ++
security/apparmor/include/policy.h | 44 +++-
801 - 900 of 961 matches
Mail list logo
