- is hardcoding utf-8 a good idea?
# Again from aa-enforce, and we can discuss using utf-8 or system
locale.
Sounds like something we should discuss in the meeting later ;-)
Regards,
Christian Boltz
--
Guten Tag, ich möchte gerne einen Tisch reservieren.
Gerne, auf welchen Namen denn?
31337
AppArmorException?
Can error() be catched with try/except like an exception? For example,
we'll need this to display a nice error dialog in YaST.
(If yes, then using error() is OK.)
Regards,
Christian Boltz
--
The normal user is happy with openSUSE because: [...]
- openSUSE isn't a religion
they have to update two profiles
instead of one if they want to switch kernels.
Regards,
Christian Boltz
[1] does this name remind you to something? ;-)
[2] to be exact, cleanup of code duplication in PostfixAdmin
--
Comic Sans
Man möge mir verzeihen, aber ich möchte mich im Rahmen dieses
Hello,
the attached files contain my review notes for r17..22.
In case you miss the files for r19 and r20: that's intentional, those
commits look so good that I don't need to comment on them ;-)
Regards,
Christian Boltz
--
Jungs. Mit dem Argument kann ich kaputte Autos verkaufen und dann
Hello,
see the attachment for r23 review. The commit looks quite good, but I
found some small issues nevertheless ;-)
Regards,
Christian Boltz
--
I don't really know how nor why, but if a spellchecker is
enabled on the wiki server, the edit wiki windows do
colorize the mispelled words
Hello,
see the attachment for the r24 review.
Regards,
Christian Boltz
--
Dominian There is always room for improvement
Dominian to seek perfection is to drive yourself insane.
Dominian except suseROCKs, he's already insane.
[from #opensuse-project]
=== modified file 'apparmor/aa.py
[tm].
That said - your patch looks like something that should be backported to
the 2.8 branch (even if it isn't needed for openSUSE thanks to the
symlink).
Regards,
Christian Boltz
--
Aren't most of SUSE-employed community members part of the
ResearchDestroy department? [Sascha Peilicke
or the comment is
wrong ;-)
Regards,
Christian Boltz
--
[Grundrechte] Natürlich gibt's da auch das berühme Recht auf freie
Entfaltung. Andererseits: setzt das nicht auch zwingend vorraus,
daß man vorher auch gehörig zusammengefaltet wurde? ;-)
[Gerard Jensen in suse-linux]
=== modified file
Hello,
this week, the GSoC IRC meeting will be a day earlier than usual because
I'll be away on tuesday.
This means the meeting is on monday (= tomorrow) at 19:00 UTC.
Besides the usual topics, we'll also discuss the to-be-written mergeprof.
Regards,
Christian Boltz
--
AV is homeopathy
Hello,
the review for r30 is attached - it had lots of new code (and
interesting[tm] regexes) - therefore I have several notes about it ;-)
@John: The review contains some questions for you - can you please answer
them?
Regards,
Christian Boltz
--
My calendar shows May 12th to be a Friday
Hello,
John Johansen wrote:
On 08/01/2013 02:59 PM, Christian Boltz wrote:
### a check if the hat already exists might be useful to avoid duplicate
hat names (which might get merged on write, but I doubt that's intended
behaviour)
### interestingly, the parser does _not_ complain about
Hello,
the GSoC review for r31 is attached.
Regards,
Christian Boltz
--
My 2 cents,
tja, Stundenlohn wird nach Eignung, Leistung und Befähigung gezahlt
[ Claus Reheis und Detlef Reichelt in opensuse-de]
review-r31
Description: Binary data
--
AppArmor mailing list
AppArmor
Hello,
one more (quite harmless) review ;-)
Regards,
Christian Boltz
--
[Windows krepiert nach Update] Habt Ihr eine Idee, was ich tun könnte?
Vermutlich ein Computervirus. Besorg etwas Aciclovir aus der Apotheke,
oeffne das Rechnergehaeuse und troepfle das Mittel auf alle roten oder
Hallo,
the reviews for r35..r39 are attached.
I have no complaints about the revisions with even numbers ;-)
Regards,
Christian Boltz
--
Aus der Beschreibung entnehme ich, daß deine Fonts nach Typ 3
konvertiert werden (Finger im Hals) und deine Bilder auf Screen-
Qualität (Fuß zum Finger
Hello,
Am Samstag, 10. August 2013 schrieb Christian Boltz:
one more (quite harmless) review ;-)
I noticed two additional small issues, see the [v2] in the updated
review.
Regards,
Christian Boltz
--
dU hAsT nAtUeRlIcH rEcHt. MaN mUsS sIcH bEiM lEsEn NuR dArAn GeWoEhNeN.
mAcHt DaNn KeInEn
Hello,
the review for r40 is attached. I also included the r34 [v2] comments,
so you can skip the mail with the updated r34 review ;-)
@John: it also includes a question for you (the same I asked on IRC, but
you didn't respond yet ;-)
Regards,
Christian Boltz
--
Sagt mal ehrlich: Ist mein
a script and dont mind email spam ;)
I even prefer tiny pushes, thanks for doing it this way!
convert_regex thing regarding [^}] was useful i stumbled on a testcase
which needed it to be used. :)
;-)
Regards,
Christian Boltz
--
Was ist das, Nacht?
Das ist der Zeitraum, in dem Du effektiv
?
Regards,
Christian Boltz
--
Ich hab da nochma ne Frage! :o) Was is eigentlich en DAU? Ich mein ihr
sagt mir zwar die ganze Zeit das ich das bin, aber was das is wes ich
ni! *heul* Ich rate ganz einfach ma!;o) Die Allercoolste Userin? Isses
das? Ohhh danke danke!
Du solltest doch nicht so
user's language (so the profile would have /home/cb/Dokumente/ and
/home/english/documents/ for example) - but I know that's not really
easy to implement ;-)
Regards,
Christian Boltz
[1] I have no idea why this happens, the only thing I can imagine is
that openSUSE has some *-lang packages
Hello,
the review for r41..45 is attached (merged into one review).
BTW: Following the moved code was quite interesting[tm], but still
easier than completely reviewing the new aamode.py and logparser.py ;-)
Regards,
Christian Boltz
--
Seit einiger Zeit ist ftp://mirrors.mathematik.uni-bi*l
Hello,
see /dev/null for the r46 and r47 review.
(In other words: looks good, I don't have anything to complain ;-)
Regards,
Christian Boltz
--
cat /inhalt/der/mail | mail -s mein subject [...]
Ist der Useless Use of Cat Award diese Woche schon vergeben? ;-)
[ Andreas Feile und Martin
of files doesn't shock you too much - most of the
files are quite small ;-)
If you have questions or think some things need to be discussed, just
ask ;-)
Regards,
Christian Boltz
--
und *echte* Männer benutzen Linux -- wegen der langen Kommandozeilen
(Meine ist länger als deine!). Dann muss man
= False
I'm not sure if audit.log exists is the best way to choose the logfile
but I have to admit that I don't have a better method ;-)
Does someone have any better ideas? Or is the current way ok?
Regards,
Christian Boltz
--
But you are probably also complaining if local root exploits
=(...) in the profile has the advantage that people are used to
it, OTOH creating a symlink means we don't need to modify the profile.
Opinions?
(We'll have to contunue supporting both ways, the question is what
aa-complain, aa-audit etc. should do.)
Regards,
Christian Boltz
--
Der fünfte apokalyptische
Hello,
Am Donnerstag, 12. September 2013 schrieb Christian Boltz:
to make testing Kshitij's new tools easier, I propose to merge his
code in utils/apparmor/__init__.py - that's the only filename
conflict (at least in the 2.8 branch). If we do this, we can ship his
new tools in a testing
alternatives.
The most interesting question is if capability should be translated to
Funktion - I somehow doubt...
See the attached patch for all changes.
I propose this patch for trunk and the 2.8 tree.
Regards,
Christian Boltz
PS: Note to myself: avoid to use lokalize - it changes unmodified
Hello,
the attached file contains the review for r58 and also some bugs I found
while testing.
Regards,
Christian Boltz
--
Stell dein cron auch deine Rechneruhr? Ja?
Dann würde ich ihm nicht allzuviel mehr anvertrauen - er scheint leicht
überlastet und strebt in Riesenschritten die Rente
configuration.
we need to read openssl.cnf or starting of ntpd will fail silently(!)
Patch v2 by Christian Boltz: use abstractions/openssl instead of
allowing /etc/ssl/openssl.cnf directly
=== modified file 'profiles/apparmor.d/usr.sbin.ntpd'
--- profiles/apparmor.d/usr.sbin.ntpd 2011-08-08 20:16:06
Hello,
Am Montag, 16. September 2013 schrieb Steve Beattie:
On Mon, Sep 16, 2013 at 10:39:13PM +0200, Christian Boltz wrote:
I just received the following patch and propose it for 2.8 and
trunk:
Patch-Author: Stefan Seyfried seife+...@b1-systems.com
After this change in ntp
is that we'll get
proofreading for all texts which might also catch mistranslations from
other commits.
Opinions? Objections?
(if you want to see the patch for this proposal: bzr diff -r1224..1225,
then swap + and -)
Regards,
Christian Boltz
[1] except de.po because I fixed it already
--
Zwar sind
Hello,
Am Donnerstag, 19. September 2013 schrieb Steve Beattie:
On Thu, Sep 19, 2013 at 08:52:19PM +0200, Christian Boltz wrote:
the following patch fixes broken URLs in various utils/*.pod files.
(The broken URLs were introduced in r1582.)
I propose this patch for trunk and for the 2.8
Hello,
the review for r67 is attached. It looks big, but mostly contains minor
text changes ;-)
r66 looks good - no need for a review file.
Regards,
Christian Boltz
--
[submit-request #65647 declined by saschpe:]
description is 400 lines, too long :-)
Where is a limit documented
profile flags.)
Regards,
Christian Boltz
--
which camera is this?
Marcus, this is my bug :)
[Marcus Meissner and Stephan Kulow in
https://bugzilla.novell.com/show_bug.cgi?id=217731]
revno: 68
committer: Kshitij Gupta kgupta8...@gmail.com
;-)
The attached review-r69 (I needed a filename ;-) contains another small
bug - it's just a missing space, but causes invalid profiles ;-)
Regards,
Christian Boltz
--
Look at Debian... its stable, works on a variety of platforms and
development is racing along at the speed of a turtle with 3
Hello,
the (quite small) reviews for r70 and r72 are attached. The r70 review
also contains two bugs I noticed.
For r71, I have no reason to complain ;-)
Regards,
Christian Boltz
--
Das Autofahrersyndrom: Prüft Euren Ton.
*anschlag*
*bonk*
Stimmt, der Ton ist nicht sonderlich...
[ Peter
Hello,
the review for r75 is attached, with two bugs and a To-Do note included.
Regards,
Christian Boltz
--
you are spending too much time in web forums or with apache guys if you
are using +1 and -1 :-) [Stefan Seyfried in opensuse-factory
Hello,
the reviews for r76..79 are attached. (No complaints about r76 and r78.)
Regards,
Christian Boltz
--
Microsoft-Compatible Spongiforme Encephalitis?
Setzt das nicht Hirn voraus?
Irgendwo müssen doch all die Beschwörungsformeln hin, die man als
MCSE auswendig lernen muß. Ein
Hello,
the review for r80 is attached. Maybe I'll add some comments on the UI
later after actually testing aa-mergeprof ;-)
r81..84 look fine :-)
Regards,
Christian Boltz
--
http://www1.giga.de/gigahelp/index_gigahelp/0,3597,,00.html
| Leider scheint Euer Browser den Aufbau von Frames zu
apparmor
real0m17.250s
user0m0.000s
sys 0m0.004s
This is a server with openSUSE 13.1 beta with AppArmor 2.8.2.
Regards,
Christian Boltz
--
Hier gibt es zB eine Adress-DB für einige Leute und allein schon die
gleichzeitige Verwendung dieser DB ist eher die Ausnahme.
Wahrscheinlich
/if_inet6 r,
- @{PROC}/sys/kernel/ngroups_max r,
# allow access for when chrooted
/var/lib/ntp/@{PROC}/@{pid}/net/if_inet6 r,
Regards,
Christian Boltz
--
[GUI vs. Command-Line] Einen ähnlichen Streit wird es in 20 Jahren
auch geben, wenn die 2D-Screenfanatiker auf die VR Fans losgehen
else is just cleanup
which can go into a follow-up patch.
With dumping the binary stuff to the terminal removed, and a promise to
do the cleanups in a follow-up patch [1],
Acked-by: Christian Boltz appar...@cboltz.de
Regards,
Christian Boltz
[1] you know I'm good at reminding you
Hello,
Am Donnerstag, 10. Oktober 2013 schrieb Steve Beattie:
The README in the parser directory was woefully out of date; this
patch updates the information to contain the current mail list, wiki,
and bug tracking locations.
That was an easy one to proofread ;-)
Acked-by: Christian Boltz
Hello,
Am Donnerstag, 10. Oktober 2013 schrieb Steve Beattie:
Our simple language tests did not include any file deny rule tests.
This patch adds a few simple ones.
Acked-by: Christian Boltz appar...@cboltz.de
Regards,
Christian Boltz
--
Oder kannst du dir ein AUto vorstellen das erst mit
Hello,
Am Dienstag, 15. Oktober 2013 schrieb Steve Beattie:
On Fri, Oct 11, 2013 at 10:08:51PM +0200, Christian Boltz wrote:
We'll see if you still like this in some months...
While I reserve the right to flake out^W^W change my mind, I help
;-)
maintain and improve other codebases
Hello,
looks like the patch needs one additional line (inserted below), see
https://bugzilla.novell.com/show_bug.cgi?id=845867#c4
Am Dienstag, 15. Oktober 2013 schrieb Christian Boltz:
Am Dienstag, 15. Oktober 2013 schrieb Christian Boltz:
some samba *.dat files were moved, and a new library
Hello,
Am Mittwoch, 23. Oktober 2013 schrieb Steve Beattie:
Remove unused report value where it's not used.
Signed-off-by: Steve Beattie st...@nxnw.org
---
parser/tst/caching.py | 22 +++---
1 file changed, 11 insertions(+), 11 deletions(-)
Acked-by: Christian Boltz
it makes things easier on the programming side.
Therefore:
Acked-by: Christian Boltz appar...@cboltz.de
Regards,
Christian Boltz
[1] Things would be different if you'd test _python code_ only with py3,
even if it's written to run with py2 also
--
Ich glaube nicht, daß es je einem
Expandieren von Variablen für Profil '%s'. Fehler beim
Laden\n
#: ../parser_policy.c:481 ../parser_policy.c:486
#, c-format
Regards,
Christian Boltz
--
Wieviele Leute braucht es, um Windows zu installieren? - Sieben!
Einen, der sich die CD leisten kann, drei die ausdiskutieren, wie man
das
Hello,
(summing up an IRC discussion from some hours ago for those who missed
it)
Am Dienstag, 17. September 2013 schrieb Christian Boltz:
during the last days, we (as in: the usual people in #apparmor)
discovered that the r1225 translation update introduced _lots_ of
mistranslations
for dnsmasq
/var/lib/libvirt/dnsmasq/r,
+ /var/lib/libvirt/dnsmasq/*r,
/var/lib/libvirt/dnsmasq/*.leases rw,
- /var/lib/libvirt/dnsmasq/*.hostsfile r,
# libvirt pid files for dnsmasq
/{,var/}run/libvirt/network/ r,
Regards,
Christian Boltz
--
Die Borg sind
/ntp.drift rw,
/var/lib/ntp/drift/ntp.drift.TEMP rw,
/var/lib/ntp/etc/* r,
Regards,
Christian Boltz
--
Subscribers don't receive messages from authors,
they receive messages from listservs.
I've never seen a list server write a message :-)
[Felix Miata and jdd in opensuse-factory]
--
AppArmor
lowcase.dat, so removing
lowercase shouldn't cause any problems.
Nevertheless, I'll not remove lowercase in the 2.8 branch to be on the
safe side.
Regards,
Christian Boltz
--
.domain.intern smpt:[mx.domain.intern]
Du meinst sicher smtp und nicht smpt. :-)
Du kennst den Senseless
Hello,
Am Dienstag, 19. November 2013 schrieb Seth Arnold:
On Tue, Nov 19, 2013 at 10:28:28PM +0100, Christian Boltz wrote:
=== modified file 'profiles/apparmor.d/usr.sbin.nmbd'
--- profiles/apparmor.d/usr.sbin.nmbd 2011-08-27 18:50:42 +
+++ profiles/apparmor.d/usr.sbin.nmbd 2013
/ r,
/usr/local/share/ca-certificates/** r,
+ /var/lib/ca-certificates/ r,
+ /var/lib/ca-certificates/** r,
Regards,
Christian Boltz
--
Wenn das Teil unter Windows CE oder Pocket PC 2000 läuft, ist Synce Dein
Fall. Zu finden auf Sourceforge, wenn ich mich nicht irre, und ich irre
mich nie
= security_path_chdir(f.file-f_path);
+ if (error)
+ goto out_putf;
+
error = inode_permission(inode, MAY_EXEC | MAY_CHDIR);
Same here.
Regards,
Christian Boltz
--
Machen wir einen Club utf-8 geplagte Perl-Programmierer auf?
[Bernhard Walle in suse-programming
| MAY_ACCESS);
/* SuS v2 requires we report a read only fs too */
if (res || !(mode S_IWOTH) || special_file(inode-i_mode))
Please insert the hook _after_ checking the file/directory permissions,
not before.
Regards,
Christian Boltz
--
Ich hab letztens nen Film gesehen, in dem sich
caching minimize equality parser_sanity
GEN_TRANS_DIRS=simple_tests/generated_x/
simple_tests/generated_perms_leading/
simple_tests/generated_perms_safe/ simple_tests/generated_dbus
Acked-By: Christian Boltz appar...@cboltz.de
Regards,
Christian Boltz
--
Früher habe ich auch gerne CDs
)
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ /alpha/[]beta rw,
+}
+
Good idea!
Acked-By: Christian Boltz appar...@cboltz.de
BTW: Do we already have a similar test for empty alternations, like
/foo{}/bar rw,
?
Regards,
Christian Boltz
--
The kernel will stay the same between SUSE Linux 10.1
+++ parser/tst/simple_tests/file/owner/ok_alternations_1.sd |
7 +++ parser/tst/simple_tests/file/owner/ok_alternations_2.sd
|7 +++ 6 files changed, 42 insertions(+)
Acked-By: Christian Boltz appar...@cboltz.de
Regards,
Christian Boltz
--
Ach so, ein 64-Bit-System... Tja, es gibt
rules));
if ($2.deny)
$1-caps.deny |= $3;
Regards,
Christian Boltz
--
Am Besten wäre natürlich, den Owner von /dev/usbkabel ;-) zu
überprüfen *g*
Dieses Device ist IMHO aber erst im neuen Kernel vorgesehen. Hast
Du da etwa schon einen Patch für den
Hello,
as I already mentioned in the last IRC meeting, I won't be online on
tuesday for the monthly meeting. I'll let it up to you if we move it [1]
or if you do the meeting without me ;-)
Regards,
Christian Boltz
[1] I'm also away on wednesday and saturday
--
Nochmal: Insgesamt macht
Hello,
Am Donnerstag, 5. Dezember 2013 schrieb Seth Arnold:
On Thu, Dec 05, 2013 at 10:50:56PM +0100, Christian Boltz wrote:
as discussed on #apparmor yesterday, here's the most important patch
we've ever seen ;-)
References: https://bugzilla.novell.com/show_bug.cgi?id=853661
Ha
to
profiles/apparmor.d/ when they are finished, and also release them as
update for at least openSUSE 13.1.)
Note: some profiles don't have the #include local/... - that's on my
TODO list. Also the paperwork (copyright headers) is still missing.
Regards,
Christian Boltz
--
* mrdocs wonders when
need to be changed from w to rw? If yes, which ones?
Regards,
Christian Boltz
--
Gegen nachhaltige Zweifel, ob die SSL-Verschlüsselung in Windows
wirklich noch den erwarteten Schutz vor unerwünschten Lauschern bieten
kann, hilft damit letztlich nur der Wechsel des Betriebssystems.
[http
,
Regards,
Christian Boltz
--
Du kannst dir einen Kernel so geschwaetzig eingestellt kompilieren, dass
die HDD kaum noch mit dem loggen hinterherkommt (was wiederum Bugs im
HDD-Treiber ausloesen koennte ;)) [David Haller in suse-linux]
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify
Hello,
Am Sonntag, 22. Dezember 2013 schrieb Christian Boltz:
samba (nmbd and smbd) need to create /var/run/samba at startup
(at least on systems where /var/run is on a tmpfs)
It also needs to create /var/cache/samba/
References: https://bugzilla.novell.com/show_bug.cgi?id=856651
I
Hello,
Am Mittwoch, 25. Dezember 2013 schrieb Jonathan Davies:
On 25/12/2013 16:23, Christian Boltz wrote:
Am Mittwoch, 25. Dezember 2013 schrieb Jonathan Davies:
I have created an AppArmor profile for LibreOffice and I would like
to see it placed into the 14.04 packages.
I had
@@
/etc/ssl/openssl.cnf r,
/usr/share/ssl/openssl.cnf r,
+ @{PROC}/sys/crypto/fips_enabled r,
Regards,
Christian Boltz
--
I wonder how we ended up with baseurl and extra_url, now we are missing
one with a - like data-dir to violate consistency and the principle
of least surprise in all
enabled by default, and add an option --no-profile-reload that also
skips the root check.)
That said - feel free to test the rewritten tools available at
https://code.launchpad.net/apparmor-profile-tools
Regards,
Christian Boltz
--
Weißt Du, man soll ja eigentlich keine Leute auf öffentlichen
Hello,,
Am Donnerstag, 16. Januar 2014 schrieb Steve Beattie:
The parser was lacking language tests for rlimits. This test adds
several, one for each rlimit type.
Signed-off-by: Steve Beattie st...@nxnw.org
Acked-by: Christian Boltz appar...@cboltz.de
Regards,
Christian Boltz
--
Erstes
12/18
correctly?)
Regards,
Christian Boltz
--
[SuSE 9.1] Und utf-8 saugt tote Hamster durch Strohhalme, selbst wenn
es funktioniert. [...] Und das alles nur, damit ich Klingonisch native
verarbeiten kann in meinem Rechner.
[http://blog.koehntopp.de/archives/317_Die+schlimmste+aller+Susen.html
Hello,
Am Donnerstag, 16. Januar 2014 schrieb Steve Beattie:
Found by running pyflakes on these scripts.
Signed-off-by: Steve Beattie st...@nxnw.org
Acked-by: Christian Boltz appar...@cboltz.de
(assuming pyflakes was right - and even if not, we'll notice the
failures quickly ;-)
Regards
the regex here (first search for the difference
yourself, then have a look at [1] ;-)
(and yes, I'd like to have this un-broken even if it's only a comment)
With that fixed,
Acked-by: Christian Boltz appar...@cboltz.de
Regards,
Christian Boltz
[1] It probably becomes more obvious with the lines
Hello,
Am Donnerstag, 16. Januar 2014 schrieb Steve Beattie:
On Fri, Jan 17, 2014 at 12:45:27AM +0100, Christian Boltz wrote:
(and BTW, did you test if apparmor.vim displays all tests from 12/18
correctly?)
Apparently I missed all the incorrect highlighting vim gave me while
creating
/samba/winbindd.pid rwk,
+ /{var/,}run/samba/winbindd/ rw,
+ /{var/,}run/samba/winbindd/pipe w,
# Site-specific additions and overrides. See local/README for
details.
#include local/usr.sbin.winbindd
Regards,
Christian Boltz
--
auf meinem Rechen Suse 8.2 KDE 3.1.1, [...]
Hey, man
|| {
echo $$profile doesn't contain #include local/$$fn ; exit 1; } ; \
done; \
.PHONY: install
Regards,
Christian Boltz
--
116: Programm
Sobald eine Datei von einem Virus infiziert werden kann, ist
es ein Programm. (Markus Kuhn)
--
AppArmor mailing list
Hello,
Am Donnerstag, 23. Januar 2014 schrieb John Johansen:
On 01/19/2014 08:58 AM, Christian Boltz wrote:
this patch introduces tunables/dovecot (with @{DOVECOT_MAILSTORE})
and replaces the mail storage location in various dovecot-related
profiles with this variable.
It also adds
: will the updated mod_apparmor also need 2.8 r2111? (libapparmor:
fix aa_change_hat token format string)
That all said - how many lines are _not_ touched by your patch series?
;-)
Regards,
Christian Boltz
[1] no need to write backport - the patches should apply without
problems
.)
Regards,
Christian Boltz
--
So... Hm... ich bin etwas aufgeschmissen.
How to troubleshoot without trouble?
[Ratti in fontlinge-devel]
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
Hello,
Am Donnerstag, 23. Januar 2014 schrieb John Johansen:
On 01/23/2014 06:37 AM, Christian Boltz wrote:
Am Donnerstag, 23. Januar 2014 schrieb John Johansen:
On 01/19/2014 08:58 AM, Christian Boltz wrote:
this patch introduces tunables/dovecot (with @{DOVECOT_MAILSTORE})
and replaces
/*.cnf r,
+
/etc/dovecot/dovecot-database.conf.ext r,
/etc/dovecot/dovecot-sql.conf.ext r,
/usr/lib/dovecot/auth mr,
Regards,
Christian Boltz
--
chliEßlichle sendi emeiSt Enleut ehier mehralsdreIpo Stingsa Mtag sOd
Asesdoch et. Waserm üdentwärdenkahnimmerrattentsumÜßenw aßIrge
nDeinezUs
/}run/dovecot/ rw,
/{,var/}run/dovecot/** rw,
link /{,var/}run/dovecot/** - /var/lib/dovecot/**,
Regards,
Christian Boltz
--
Sorry, mit java kenne ich mich gar nicht aus, das ist mir einfach zu
unportabel. [Thorsten Kukuk in suse-linux]
--
AppArmor mailing list
about a patch from
me - don't waste it ;-) (In the unlikely case that you like my patch,
you can of course commit it ;-)
Regards,
Christian Boltz
--
Werbung lügt, Corporate Design sagt die Wahrheit. Naja,
alle _guten_ Komponenten der Wahrheit. :-) [Ratti]
=== modified file 'Testing
, reloading or removing profiles via
systemd?
@all:
Can someone have a look at those patches, please? (Even if it's clear
that there will be a v2 ;-)
Regards,
Christian Boltz
--
Manfred, Du solltest so spaet keine Emails mehr schreiben :-)
Danke für die Berichtigung, werd mir den Tipp hinter die
surprising ;-)
Regards,
Christian Boltz
--
Well, I guess, Stephan knows very well, what the fuzz is about: it's
about hundreds of patches, which will have to be regenerated, done as
an employment-creation measure for this lazy gang of packagers.
[Hans-Peter Jansen in opensuse-packaging
Hello,
Am Sonntag, 2. Februar 2014 schrieb Michael Scherer:
Le samedi 01 février 2014 à 18:18 +0100, Christian Boltz a écrit :
BTW: It looks like your patch requires the profiles to be loaded
already. Do you have any plans for loading, reloading or removing
profiles via systemd?
I had
,
Christian Boltz
--
Henne, did you actually test this before closing the bug as invalid?
of course i did not test it. do you think i'm bored?
[ Christian Boltz and Hendrik Vogelsang in
https://bugzilla.novell.com/show_bug.cgi?id=420972]
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify
Error: Unknown line found in
file: %s line: %s') % (file, lineno+1))
Regards,
Christian Boltz
--
cboltz jjohansen: you are making it too easy for kshitij8 ;-)
jjohansen cboltz: oops sorry, now I'll have to come up with a new task
to make him suffer :)
sarnold review the c++11
, please? (like the end of the
main profile, above the child profiles)
+profile chromium_browser_sandbox {
[...]
+# *Sigh*
+capability sys_ptrace,
Nice comment, but not too useful for the average user...
Regards,
Christian Boltz
--
Graphisch??? Wie meinen? Hast du zuviel Fleisch von
}/samba/winbindd_privileged/pipe rw,
/etc/samba/smb.conf r,
+ /etc/samba/dhcp.confr,
/usr/lib*/samba/valid.dat r,
/usr/lib*/samba/upcase.dat r,
/usr/lib*/samba/lowcase.dat r,
+ /usr/share/samba/codepages/{lowcase,upcase,valid}.dat r,
Regards,
Christian Boltz
to use the directory.
Acked-By: Christian Boltz appar...@cboltz.de
Regards,
Christian Boltz
--
Weil es sehr weit verbreitet ist, eingespielt und überall drauf.
Die weite Verbreitung ist allenfalls geeignet, die kaputte Syntax
auszugleichen, ein Erfordernis also, kein Pluspunkt.
[ Ratti und
.
#include local/usr.sbin.dnsmasq
Regards,
Christian Boltz
--
|#|Die drei wichtigsten Tugenden eines Programmierers:
|#| Faulheit, Ungeduld und Selbstüberschätzung
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com
about commit access - it would be a good idea to give you
commit access to the apparmor repo ;-)
@Steve or John: can you do that, please?
Regards,
Christian Boltz
[1] some of Steve's changes were quite big, like several whitespace
changes to make PEP8 happy. This also means you'll get
Hello,
Am Freitag, 14. Februar 2014 schrieb Steve Beattie:
On Sat, Feb 15, 2014 at 12:36:03AM +0100, Christian Boltz wrote:
I also noticed my patches
- new profile tools: preserve full initial comment
- new profile tools - handling of (F)inish
are not included yet. Can you please review
Hello,
[patch v2, see below]
Am Montag, 27. Januar 2014 schrieb Christian Boltz:
currently, selecting (F)inish in the new profile tools basically means
aborting without saving anything. However, we already have Abo(r)t
for that ;-)
(F)inish should ask the user if he wants to save
tempfile
templog = tempfile.NamedTemporaryFile('w', prefix='apparmor',
suffix='.log', delete=False)
Regards,
Christian Boltz
--
*pieps* Die Verkehrshinweise: Im Netzwerkkabel von Marc 100 MB Stau
wegen einer Vollsperrung der Ausfahrt Festplatte. Bitte warten Sie auf
dem Rasthof FTP
exists is in src/aalogparse.h. Please file bugs
using http://bugzilla.novell.com under the AppArmor product.
+What little documentation exists is in src/aalogparse.h.
+
+Please file bugs using https://bugs.launchpad.net/apparmor/+filebug
Regards,
Christian Boltz
--
By the way, it's a sign
([apparmor.parser,
'-I%s' % apparmor.profile_dir, '-R', filename])
if cmd_info[0] != 0:
raise apparmor.AppArmorException(cmd_info[1])
Acked-by: Christian Boltz appar...@cboltz.de
Regards,
Christian Boltz
--
Früher habe ich auch gerne CDs gekauft
-complain symlink is more packaging-friendly, but breaks caching
+# create_symlink('force-complain', filename)
change_profile_flags(filename, program, 'complain', True)
def set_enforce(filename, program):
Regards,
Christian Boltz
--
Ich habe ein update für 2.0.1 released, welches die
This patch was commited to 2.8 branch and trunk, and later changed to
use grep instead of ~~~.
AppArmor 2.8.3 contains the fix.
** Changed in: apparmor
Status: Fix Committed = Fix Released
--
You received this bug notification because you are a member of AppArmor
Developers, which is a
101 - 200 of 1302 matches
Mail list logo