rrent_onexec() so returning void is fine.
Reviewed-by: "Tyler Hicks (Microsoft)"
Tyler
> ---
> security/apparmor/domain.c | 2 +-
> security/apparmor/include/task.h | 2 +-
> security/apparmor/task.c | 5 +
> 3 files changed, 3 insertions(+), 6 deleti
On 2019-10-29 22:28:42, Justin Dick wrote:
> Hello all -
>
> I'm trying to enable snapd on an embedded device, and looking into getting
> apparmor support sorted out. I'm working with kernel 3.10 and AFAIK have
> everything set up properly in the config. After boot,
> /sys/module/apparmor/par
Hello, Jann Horn reported that private security bug mail for the
apparmor-profiles project on Launchpad was incorrectly made public on
the AppArmor mailing list:
https://lists.ubuntu.com/archives/apparmor/2018-November/011847.html
To fix this problem, I've unsubscribed the AppArmor mailing list
On 2018-11-06 13:55:45, Tyler Hicks wrote:
> On 2018-11-06 20:48:40, Jann Horn wrote:
> > Hi!
> >
> > I'm subscribed to apparmor@lists.ubuntu.com, and I noticed that I got
> > bug mail for https://bugs.launchpad.net/bugs/1800789 via this list
> > when the
On 2018-11-06 20:48:40, Jann Horn wrote:
> Hi!
>
> I'm subscribed to apparmor@lists.ubuntu.com, and I noticed that I got
> bug mail for https://bugs.launchpad.net/bugs/1800789 via this list
> when the bug was still marked as a security bug.
The problem looks to be in the bug subscription configur
On 05/30/2018 01:57 PM, John Johansen wrote:
> A new logo has been proposed by Noah Davis for the apparmor project to use.
> All versions of the logo under considerations are included below.
>
>
> This is an open vote, anyone in the community can participate.
>
>
> 1. Vote for the logos basic
On 05/30/2018 01:50 PM, John Johansen wrote:
>
> A new logo has been proposed by Noah Davis for the apparmor project to use.
> All versions of the logo under considerations are included below.
>
>
> This is an open vote, anyone in the community can participate.
>
>
> 1. Vote for the logos bas
Currently on the error exit path the allocated rule is not free'd
causing a memory leak. Fix this by calling aa_audit_rule_free().
Detected by CoverityScan, CID#1468966 ("Resource leaks")
Fixes: cb740f574c7b ("apparmor: modify audit rule support to support profile
stacks&qu
On 03/23/2018 05:48 PM, Tyler Hicks wrote:
> On 03/23/2018 12:10 PM, John Johansen wrote:
>> On 02/06/2018 09:29 AM, Christian Boltz wrote:
>>> Hello,
>>>
>>> Am Montag, 5. Februar 2018, 22:13:19 CET schrieb Marco d'Itri:
>>>> On Feb 05, Jamie
On 03/23/2018 12:10 PM, John Johansen wrote:
> On 02/06/2018 09:29 AM, Christian Boltz wrote:
>> Hello,
>>
>> Am Montag, 5. Februar 2018, 22:13:19 CET schrieb Marco d'Itri:
>>> On Feb 05, Jamie Strandboge wrote:
It continues to be a tricky problem. I think mostly we really need
to
m
A fix for this bug was released in AppArmor 2.12. The upstream commit is
e55583ff27308e3338b5c046de42536bbdd48120
** Changed in: apparmor-profiles
Status: New => Fix Released
--
You received this bug notification because you are a member of AppArmor
Developers, which is subscribed to AppA
On 12/06/2017 12:47 PM, Casey Schaufler wrote:
> On 12/6/2017 9:51 AM, Tyler Hicks wrote:
>> Hello - The AppArmor project would like for AppArmor audit records to be
>> supported by the audit-userspace tools, such as ausearch, but it
>> requires some coordination between the
Hello - The AppArmor project would like for AppArmor audit records to be
supported by the audit-userspace tools, such as ausearch, but it
requires some coordination between the linux-security-module and
linux-audit lists. This was raised as a feature request years ago in
Ubuntu and more recently in
licy'
>
>
> There's a total of 50 errors, all with 'Invalid policy'.
>
> git bisect tracked this down to
>
>
> 7ab65fa5f13c774088d64c3881df798c63d87a44 is the first bad commit
> commit 7ab65fa5f13c774088d64c3881df798c63d87a44
> Author: Tyler Hicks
>
& \
> (cd parser && make)
> /
> Thank you, I will try.
>
> //
> //
>
> 2017-11-17 21:06 GMT+02:00 Tyler Hicks <mailto:tyhi...@canonical.com>>:
>
> On 11/17/2017 12:57 PM, John Johansen wrote:
> > On 11/17/2017 01:33 AM, Viachesl
On 11/17/2017 12:57 PM, John Johansen wrote:
> On 11/17/2017 01:33 AM, Viacheslav Salnikov wrote:
>> Hi guys,
>>
>> I have a question about apparmor and its dependency from python.
>> I'm using it with Yocto, apparmor version is 2.11.0.
>>
>> Except*aa-easyprof*, does apparmor or its libraries and
No worries at all! You'd have to be following along closely on the
mailing list or IRC channel to know about the migration.
--
You received this bug notification because you are a member of AppArmor
Developers, which is subscribed to AppArmor Profiles.
https://bugs.launchpad.net/bugs/1732040
Tit
Hello and thanks for contacting us. We just migrated the AppArmor code
hosting from Launchpad to GitLab a week or two ago. Would it be possible
for you to create a merge request in GitLab against the apparmor-
profiles project?
https://gitlab.com/apparmor/apparmor-profiles
Here's some info from
On 11/05/2017 05:55 AM, intrigeri wrote:
> Hi!
>
> So far the Debian packaging lives in bzr and I regularly merge from
> the apparmor-ubuntu-citrain branch. I want to move it to Git ASAP.
+1
>
> Does Ubuntu have a plan wrt. packaging src:apparmor in Git?
Not at this time.
> If not, I will set
On 11/02/2017 04:08 PM, John Johansen wrote:
> On 11/02/2017 01:03 PM, Tyler Hicks wrote:
>> On 11/02/2017 03:00 PM, John Johansen wrote:
>>> ]
>>>> We walked through a merge yesterday with this merge request:
>>>>
>>>> https://gitlab.com/
On 11/02/2017 03:00 PM, John Johansen wrote:
> ]
>> We walked through a merge yesterday with this merge request:
>>
>> https://gitlab.com/apparmor/apparmor/merge_requests/1
>>
>> The audit trail of who merged the code is implicitly present in the
>> merge commit. By default, there's no informatio
On 11/02/2017 02:07 PM, Christian Boltz wrote:
> Hello,
>
> Am Mittwoch, 1. November 2017, 21:46:17 CET schrieb Tyler Hicks:
>> On 11/01/2017 02:41 PM, Christian Boltz wrote:
>
>>> Another question is if we want to continue sending patches to the
>>> mailingli
On 11/01/2017 06:36 PM, Tyler Hicks wrote:
> On 11/01/2017 06:34 PM, Seth Arnold wrote:
>> On Wed, Nov 01, 2017 at 03:46:17PM -0500, Tyler Hicks wrote:
>>> What the maintainer did for the GitHub contribution that I mentioned
>>> above was to merge my pull request into
On 11/01/2017 06:34 PM, Seth Arnold wrote:
> On Wed, Nov 01, 2017 at 03:46:17PM -0500, Tyler Hicks wrote:
>> What the maintainer did for the GitHub contribution that I mentioned
>> above was to merge my pull request into a local branch, interactive
>> rebase to add his Signed-
On 11/01/2017 05:18 PM, Steve Beattie wrote:
> On Wed, Nov 01, 2017 at 03:46:17PM -0500, Tyler Hicks wrote:
>>> Am Mittwoch, 1. November 2017, 08:27:12 CET schrieb Steve Beattie:
>>>> There more work to do to flesh out the above and standardize on some
>>>> p
On 11/01/2017 02:41 PM, Christian Boltz wrote:
> Hello,
>
> thanks for doing the migration!
>
> Am Mittwoch, 1. November 2017, 08:27:12 CET schrieb Steve Beattie:
>> There more work to do to flesh out the above and standardize on some
>> practices around git, but this should let us make progress.
On 10/03/2017 12:46 PM, intrigeri wrote:
> Hi,
>
> Steve Beattie:
>> So to be explicit, I'm not aware of anyone seriously suggesting we
>> stay with Launchpad. What I'd personally rather hear are the pros and
>> cons of maintaining a project on github vs gitlab, because I don't
>> have experience
On 09/26/2017 04:26 PM, Steve Beattie wrote:
> Hello,
>
> I've made available a test apparmor git repository at
>
> https://code.launchpad.net/~sbeattie/apparmor/+git/apparmor
>
> You can git clone it via
>
> git clone https://git.launchpad.net/~sbeattie/apparmor/+git/apparmor
>
> Please f
On 09/07/2017 06:44 PM, John Johansen wrote:
> Document the use of the features_X and requires() functions
>
> Signed-off-by: John Johansen
Thanks! I have a few typo fixes mentioned below but feel free to fix
them, add my ack, and commit.
Acked-by: Tyler Hicks
>
>
>
On 09/07/2017 05:50 PM, John Johansen wrote:
> On 09/07/2017 01:27 PM, Tyler Hicks wrote:
>> On 09/06/2017 03:09 PM, John Johansen wrote:
>>> Update the tests to test whether the kernel and parser support domain
>>> transitions on pivot_root.
>>&
On 09/06/2017 03:09 PM, John Johansen wrote:
> Update the tests to test whether the kernel and parser support domain
> transitions on pivot_root.
>
> Signed-off-by: John Johansen
> ---
> tests/regression/apparmor/pivot_root.sh | 68
> ++---
> tests/regression/apparmo
On 08/04/2017 06:56 AM, intrigeri wrote:
> Michael Biebl:
>> One suggestion: I just tried to run "debcheckout apparmor" which failed
>> because I didn't have bzr installed. I think you'd make apparmor more
>> approachable for other maintainers if the repo was using git.
>
> Sure (and it would make
I noticed a few things that could be cleaned up in the aa-enabled and aa-status
man pages while reviewing Jamie's aa-status syntax fix. I'm only nominating
these for master as these don't fix build failures or anything along those
lines.
Tyler
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Create an EXIT STATUS header and place the BUGS section after the EXIT
STATUS section to match the style in aa-enabled.pod.
Signed-off-by: Tyler Hicks
---
utils/aa-status.pod | 14 --
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/utils/aa-status.pod b/utils/aa
Make the possible exit status values bold to match the style used in
aa-status.pod as of r3680.
Signed-off-by: Tyler Hicks
---
binutils/aa-enabled.pod | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/binutils/aa-enabled.pod b/binutils/aa-enabled.pod
index bc9603e
On 07/25/2017 06:00 PM, Casey Schaufler wrote:
> What is the best place to get the AppArmor kernel test suite?
> I haven't found an obvious source.
Hey Casey - They're in the AppArmor userspace project. Here's a link to
the README:
http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/view/h
x27;t be opened for reading, etc.
Signed-off-by: Tyler Hicks
Tested-by: Christian Boltz
Acked-by: John Johansen
---
parser/lib.c | 3 +++
parser/parser_main.c | 2 ++
2 files changed, 5 insertions(+)
diff --git a/parser/lib.c b/parser/lib.c
index 11c2210..053765e 100644
--- a/parser/
On 05/11/2017 04:39 PM, Tyler Hicks wrote:
> Christian reported that `apparmor_parser -r /file/not/found` returns 0
> indicating that the profile was loaded as expected even though
> /file/not/found does not exist in the filesystem. This patch ensures
> that a non-zero error code is r
On 05/11/2017 04:39 PM, Tyler Hicks wrote:
> Christian reported that `apparmor_parser -r /file/not/found` returns 0
> indicating that the profile was loaded as expected even though
> /file/not/found does not exist in the filesystem. This patch ensures
> that a non-zero error code is r
, readable, etc.
Signed-off-by: Tyler Hicks
Tested-by: Christian Boltz
Acked-by: John Johansen
---
parser/lib.c | 3 +++
parser/parser_main.c | 2 ++
2 files changed, 5 insertions(+)
diff --git a/parser/lib.c b/parser/lib.c
index 11c2210..053765e 100644
--- a/parser/lib.c
+++ b/parser/lib.c
On 05/10/2017 05:28 AM, Klaus Frick wrote:
> Hello,
>
> i am using ubuntu16.04 (uname -r 4.8.0-51-generic). I have problems with
> a DVB-T2 usb-driver on ubuntu16.10. So I went back to 16.04 and checked
> syslog. I don`t think this is my problem, but it shuld be fixed.
>
> the file is in list, bu
On 04/01/2017 10:51 PM, John Johansen wrote:
> There has been work upstream to bring generic LSM stacking to the
> Linux kernel. If this happens it will require changes to apparmor,
> specifically around the proc//attr interfaces that apparmor
> shares with other lsms. Currently only a single LSM c
On 04/20/2017 02:23 PM, Tyler Hicks wrote:
> On 04/15/2017 05:54 PM, Christian Boltz wrote:
>> Am Samstag, 25. März 2017, 21:53:21 CEST schrieb Christian Boltz:
>>> since r3634, the tools allow any order of dbus conditionals.
>>>
>>> Quoting the r3634 patch des
On 04/20/2017 02:28 PM, Tyler Hicks wrote:
> Error messages shouldn't show up in build logs when the error has been
> encountered. This patch silences these shell commands from being printed
> before they're interpreted.
Typo in the first sentence above. Changed locally t
target.
Signed-off-by: Tyler Hicks
---
I'm nominating this patch for 2.11 and trunk.
libraries/libapparmor/testsuite/Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libraries/libapparmor/testsuite/Makefile.am
b/libraries/libapparmor/testsuite/Makefile.am
Error messages shouldn't show up in build logs when the error has been
encountered. This patch silences these shell commands from being printed
before they're interpreted.
Signed-off-by: Tyler Hicks
---
libraries/libapparmor/testsuite/Makefile.am | 4 ++--
1 file changed, 2 insert
On 04/15/2017 05:54 PM, Christian Boltz wrote:
> Hello,
>
> Any comments or reviews on this patch?
>
> If nobody objects, I'll commit it (to trunk and 2.11) on Wednesday as
> Acked-by .
I see that the review period timed out already. That's fine by me as the
change looks correct. Sorry that nob
bnotify documentation is of no help in determining what should be
normal and what should be critical:
https://developer.gnome.org/libnotify/0.7/NotifyNotification.html#NotifyUrgency
I guess that means that we need to set the urgency according to how the
popular DEs handle these notifications.
Ack
On 04/05/2017 06:48 PM, Steve Beattie wrote:
> On Wed, Apr 05, 2017 at 04:09:15PM -0500, Tyler Hicks wrote:
>>> +#if defined(SYS_getdents) && defined(SYS_getdents64)
>>> + if (rc != rc64) {
>>> + printf("FAIL - getdents and getdents64 retu
On 04/05/2017 01:57 PM, Steve Beattie wrote:
> On Tue, Apr 04, 2017 at 03:41:41PM -0500, Tyler Hicks wrote:
>> I didn't mean to make this simple test improvement turn into something
>> complex. I'm willing to ack your original patch if you don't see a quick
>
On 04/04/2017 03:24 PM, Steve Beattie wrote:
> Hey Tyler,
>
> On Tue, Apr 04, 2017 at 02:03:53PM -0500, Tyler Hicks wrote:
>> On 04/04/2017 01:14 PM, Steve Beattie wrote:
>>> -int main(int argc, char *argv[])
>>> +#ifdef SYS_getdents
>>> +i
On 04/04/2017 01:14 PM, Steve Beattie wrote:
> Hey Colin,
>
> On Tue, Apr 04, 2017 at 03:16:29PM -, Colin Ian King wrote:
>> Colin Ian King has proposed merging
>> lp:~colin-king/apparmor/fix-arm64-test-builds into lp:apparmor.
>>
>> Requested reviews:
>> AppArmor Developers (apparmor-dev)
Review: Resubmit
Hi Olivier - Thanks for the merge proposal.
Since this change affects the upstream AppArmor project, can you resubmit
against lp:apparmor? It will likely help to get a few more eyes on the merge
proposal, as well.
FYI, I have an upcoming apparmor bug fix upload for zesty and c
d run
>
> This patch fixes the call order in tools.py and adds a check to
> init_aa() so that it can be run only once and ignores additional calls.
>
Acked-by: Tyler Hicks
Thanks!
>
> [ 02-fix-init_aa-regressions.diff ]
>
> === modified file ./utils/apparmor/aa.py
>
On 03/02/2017 01:32 PM, Christian Boltz wrote:
> Hello,
>
> Am Mittwoch, 1. März 2017, 21:52:01 CET schrieb Tyler Hicks:
>> Introduce an apparmor.aa.init_aa() method and move the initialization
>> code of the apparmor.aa module into it. Note that this change will
>>
On 03/01/2017 04:11 PM, Seth Arnold wrote:
> On Wed, Mar 01, 2017 at 08:52:06PM +0000, Tyler Hicks wrote:
>> The test-aa-easyprof.py script was attempting to do its own special
>> setup to import the in-tree easyprof module. However, this proved to be
>> very flaky and
flakiness by trusting that PYTHONPATH is set up
appropriately before the test script is ran. PYTHONPATH is already
initialized appropriately by utils/test/Makefile according to the
USE_SYSTEM make variable.
Signed-off-by: Tyler Hicks
Cc: Christian Boltz
---
utils/test/test-aa-easyprof.py | 26
-easyprof.py script receives the base path by checking the
__AA_BASEDIR environment variable. This environment variable is strictly
used by the test script and not any user-facing code so two leading
underscores were used.
Signed-off-by: Tyler Hicks
Acked-by: Christian Boltz
Acked-by: Seth Arnold
arser option to aa-easyprof is the first step in addressing
this problem.
Signed-off-by: Tyler Hicks
Acked-by: Christian Boltz
Acked-by: Seth Arnold
---
utils/aa-easyprof.pod | 6 ++
utils/apparmor/easyprof.py | 25 +
2 files changed, 23 insertions(+), 8 dele
-default configuration directory path prior to calling
apparmor.aa.init_aa(). All test scripts that use apparmor.aa are updated
to call setup_aa().
Signed-off-by: Tyler Hicks
Suggested-by: Christian Boltz
---
utils/aa-genprof | 1 +
utils/aa-logprof
the in-tree
paths. Another patch is needed to get aa.py to honor a non-hardcoded
search path for logprof.conf and other configuration files.
Signed-off-by: Tyler Hicks
Acked-by: Christian Boltz
Acked-by: Seth Arnold
---
utils/test/logprof.conf | 6 +++---
utils/test/test-config.py | 2 +-
2
e
paths in the error messages.
Signed-off-by: Tyler Hicks
Acked-by: Christian Boltz
Acked-by: Seth Arnold
---
utils/apparmor/aa.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py
index ab7f6c9..eecf8c7 100644
--- a/utils/appa
-easyprof.py script receives the parser path by checking the
__AA_PARSER environment variable. This environment variable is strictly
used by the test script and not any user-facing code so two leading
underscores were used.
Signed-off-by: Tyler Hicks
Acked-by: Christian Boltz
Acked-by: Seth Arnold
d the capital 'I' is not user
friendly. However, I decided to preserve the name of the options from
apparmor_parser.
Signed-off-by: Tyler Hicks
Acked-by: Christian Boltz
Acked-by: Seth Arnold
---
utils/aa-easyprof.pod | 10 +
utils/apparmor/easyprof.py | 43 +++
nd dropped it from this patch set.
- Wrapped the changes to the aa-easyprof man page at 80 chars
- Added a new patch to the series, patch 8, which fixes flaky test results in
test-aa-easyprof.py
Tyler
Tyler Hicks (8):
utils: Improve error messages when profiles/parser is not found
uti
On 02/15/2017 06:29 PM, Christian Boltz wrote:
> Hello,
>
> Am Mittwoch, 15. Februar 2017, 12:21:05 CET schrieb Tyler Hicks:
>> On 02/12/2017 12:55 PM, Christian Boltz wrote:
>>> Am Mittwoch, 8. Februar 2017, 22:01:40 CET schrieb Tyler Hicks:
>>>> In
On 02/12/2017 12:55 PM, Christian Boltz wrote:
> Hello,
>
> Am Mittwoch, 8. Februar 2017, 22:01:40 CET schrieb Tyler Hicks:
>> Instead of hard-coding the location of logprof.conf and other utils
>> related configuration files to /etc/apparmor/, this patch looks for
>&g
On 02/12/2017 01:30 PM, Christian Boltz wrote:
> Hello,
>
> Am Mittwoch, 8. Februar 2017, 23:56:27 CET schrieb Tyler Hicks:
>> https://launchpad.net/bugs/1628286
>>
>> The utils were enforcing that the dbus rule attributes were strictly
>> ordered in the foll
On 02/08/2017 06:23 PM, Seth Arnold wrote:
> On Wed, Feb 08, 2017 at 10:01:45PM +0000, Tyler Hicks wrote:
>> if USE_SYSTEM is not set, the utils make check target will instruct
>> test-aa-easyprof.py to provide the path of the in-tree parser executable
>> to aa-easyprof.
>&
On 02/08/2017 06:00 PM, Seth Arnold wrote:
> On Wed, Feb 08, 2017 at 10:01:40PM +0000, Tyler Hicks wrote:
>> --- a/utils/apparmor/aa.py
>> +++ b/utils/apparmor/aa.py
>> @@ -73,7 +73,7 @@ _ = init_translation()
>> # Setup logging incase of debugging is enabled
>>
On 02/08/2017 06:22 PM, Seth Arnold wrote:
> On Wed, Feb 08, 2017 at 10:01:42PM +0000, Tyler Hicks wrote:
>> https://launchpad.net/bugs/1521031
>>
>> aa-easyprof accepts a list of abstractions to include and, by default,
>> execs apparmor_parser to verify the gene
nly the last occurrence
of the attribute will be honored by the utils.
Signed-off-by: Tyler Hicks
Cc: Christian Boltz
---
utils/apparmor/rule/dbus.py| 12 ++--
utils/test/test-dbus.py| 6 ++
utils/test/test-parser-simple-tests.py | 8 +++-
3 files
-easyprof.py script receives the parser path by checking the
__AA_PARSER environment variable. This environment variable is strictly
used by the test script and not any user-facing code so two leading
underscores were used.
Signed-off-by: Tyler Hicks
Cc: Christian Boltz
Cc: Jamie Strandboge
---
utils
successfully perform a run of the utils
tests in a minimal, pristine Ubuntu Zesty chroot containing no installed
AppArmor packages.
For developers that want to continue testing against the system packages, the
USE_SYSTEM=1 make variable can be passed to the make command.
Tyler Hicks (8):
utils
e
paths in the error messages.
Signed-off-by: Tyler Hicks
Cc: Christian Boltz
---
utils/apparmor/aa.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py
index ab7f6c9..eecf8c7 100644
--- a/utils/apparmor/aa.py
+++ b/utils/appa
use the in-tree config file,
profiles, and parser by default. To override this behavior, the
USE_SYSTEM make variable needs to be set like so:
$ make USE_SYSTEM=1 -C utils check
The APPARMOR_PY_CONFDIR should be considered somewhat user-facing,
although undocumented at this time.
Signed-off
The merged /usr patches to the policy broke some utils tests due to a
change in the expected output.
Fixes: r3600 update lots of profiles for usrMerge
Signed-off-by: Tyler Hicks
Cc: Christian Boltz
---
utils/test/test-aa.py | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff
arser option to aa-easyprof is the first step in addressing
this problem.
Signed-off-by: Tyler Hicks
Cc: Christian Boltz
Cc: Jamie Strandboge
---
utils/aa-easyprof.pod | 6 ++
utils/apparmor/easyprof.py | 25 +
2 files changed, 23 insertions(+), 8 deletions(-)
-easyprof.py script receives the base path by checking the
__AA_BASEDIR environment variable. This environment variable is strictly
used by the test script and not any user-facing code so two leading
underscores were used.
Signed-off-by: Tyler Hicks
Cc: Christian Boltz
Cc: Jamie Strandboge
---
utils/test
d the capital 'I' is not user
friendly. However, I decided to preserve the name of the options from
apparmor_parser.
Signed-off-by: Tyler Hicks
Cc: Christian Boltz
Cc: Jamie Strandboge
---
A different approach to fixing bug 1521031 was previously sent to the list for
discussion:
htt
the in-tree
paths. Another patch is needed to get aa.py to honor a non-hardcoded
search path for logprof.conf and other configuration files.
Signed-off-by: Tyler Hicks
Cc: Christian Boltz
---
utils/test/logprof.conf | 6 +++---
utils/test/test-config.py | 2 +-
2 files changed, 4 insertions
On 01/20/2017 09:46 AM, intrigeri wrote:
> Tyler Hicks:
>> On 01/20/2017 02:15 AM, intrigeri wrote:
>>> note that as far the Debian packaging is concerned, I'll keep building
>>> that file from source: that's the only way to guarantee that we
>>> dis
On 01/20/2017 02:15 AM, intrigeri wrote:
> Hi,
>
> note that as far the Debian packaging is concerned, I'll keep building
> that file from source: that's the only way to guarantee that we
> distribute the source "code" corresponding to the binary artifacts
> included in our binary packages. This d
On 01/20/2017 06:31 AM, Simon McVittie wrote:
> On Fri, 20 Jan 2017 at 04:14:53 +0000, Tyler Hicks wrote:
>> -rm -rf techdoc.aux techdoc.out techdoc.log techdoc.pdf techdoc.toc
>> techdoc.txt techdoc/
>
> If my (admittedly very rusty) memory of LaTeX is correct, sho
files that should only be generated when a
release is being made and, if needed, the AppArmor maintainers can use
the VCS for cleaning untracked files. The maintainer-clean targets would
be very rarely used and would needlessly complicate the Makefiles.
Signed-off-by: Tyler Hicks
---
parser/Makefile
ntpd) will have
full access to the D-Bus system bus once this change is applied to the
nameservice abstraction.
Signed-off-by: Tyler Hicks
---
profiles/apparmor.d/abstractions/nameservice | 19 +++
1 file changed, 19 insertions(+)
diff --git a/profiles/apparmor.d/abstractions
On 10/05/2016 02:46 AM, John Johansen wrote:
> On 10/04/2016 07:32 PM, Tyler Hicks wrote:
>> On 10/04/2016 06:31 PM, John Johansen wrote:
>>> exec_stack picked up a fix to address a semantic change introduced in
>>> 4.8 kernels. However this breaks the exec_stack test f
On 10/04/2016 06:31 PM, John Johansen wrote:
> exec_stack picked up a fix to address a semantic change introduced in
> 4.8 kernels. However this breaks the exec_stack test for kernel pre
> 4.8. This patch uses an apparmor kernel flag to detect whether the
> semantic change is present and adjusts th
On 09/30/2016 02:28 PM, Seth Arnold wrote:
> On Fri, Sep 30, 2016 at 02:07:28PM -0500, Tyler Hicks wrote:
>> The features_struct.size variable is used to hold a buffer size and it
>> is also passed in as the size parameter to read(). It should be a size_t
>> instead of an in
because the signed value is checked for "< 0"
immediately before the casts.
Signed-off-by: Tyler Hicks
---
* Changes since v1:
- Subtract fst->buffer from fst->pos and ensure the result is not greater
than remaining before subtracting
- Move the remaining buffer calcul
On 09/29/2016 09:30 PM, Seth Arnold wrote:
> On Thu, Sep 29, 2016 at 07:32:31PM -0500, Tyler Hicks wrote:
>> +size_t remaining = fst->size - (fst->pos - fst->buffer);
>>
>> if (remaining < 0) {
>
> I'm 90% sure this doesn't do what
well as
the features_struct.size change described above.
Signed-off-by: Tyler Hicks
---
libraries/libapparmor/src/features.c | 9 +
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/libraries/libapparmor/src/features.c
b/libraries/libapparmor/src/features.c
index 088c4ea
The load_features_file() function returned an int but calculated the
value by subtracting two pointers. On 64 bit systems, that results in a
64 bit value being represented as a 32 bit type.
Coverity CID #55992
Signed-off-by: Tyler Hicks
---
libraries/libapparmor/src/features.c | 12
A recent Coverity scan pointed out an integer overflow issue in libapparmor's
internal load_features_file() function. That issue is fixed in the first patch.
The second patch is a cleanup to consistently use size_t in a number of areas
dealing with buffer sizes.
Tyler
--
AppArmor mailing list
A
On 09/28/2016 09:45 PM, Seth Arnold wrote:
> On Wed, Sep 28, 2016 at 09:05:09PM -0500, Tyler Hicks wrote:
>> https://launchpad.net/bugs/1628745
>>
>> The following upstream kernel commit changed the semantics of the exec
>> permission check in th
profile.
Signed-off-by: Tyler Hicks
---
tests/regression/apparmor/exec_stack.sh | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/tests/regression/apparmor/exec_stack.sh
b/tests/regression/apparmor/exec_stack.sh
index 2423dea..069e658 100755
--- a/tests/regression
On 09/14/2016 04:58 PM, Steve Beattie wrote:
> On Wed, Sep 14, 2016 at 04:26:07PM -0500, Tyler Hicks wrote:
>> On 09/14/2016 04:05 PM, Tyler Hicks wrote:
>>> On 09/14/2016 03:32 PM, Steve Beattie wrote:
>>>> On Wed, Sep 14, 2016 at 02:12:35PM -0500, Tyler Hicks wrote
On 09/14/2016 04:05 PM, Tyler Hicks wrote:
> On 09/14/2016 03:32 PM, Steve Beattie wrote:
>> On Wed, Sep 14, 2016 at 02:12:35PM -0500, Tyler Hicks wrote:
>>> On 09/14/2016 01:52 PM, Christian Boltz wrote:
>>>> Hello,
>>>>
>>>> renamin
On 09/14/2016 03:32 PM, Steve Beattie wrote:
> On Wed, Sep 14, 2016 at 02:12:35PM -0500, Tyler Hicks wrote:
>> On 09/14/2016 01:52 PM, Christian Boltz wrote:
>>> Hello,
>>>
>>> renaming LibAppArmor.py to __init__.py breaks the import path
>>> calcul
adjust .bzrignore for this change.
>
>
>
> I propose this patch for trunk and 2.10.
> I'm undecided about 2.9 - technically it shares this bug, but I'd expect
> that 2.9 users don't use the latest swig ;-) - opinions?
Acked-by: Tyler Hicks
Please apply to 2.9,
1 - 100 of 963 matches
Mail list logo