Hello,
Am Freitag, 24. Februar 2012 schrieb John Johansen:
> On 02/15/2012 03:01 AM, Christian Boltz wrote:
> > Am Dienstag, 14. Februar 2012 schrieb John Johansen:
> >> Allow the capability rule to be bare to represent all
> >> capabilities
> >> similar to ho
)inish
/ (O)pts
-
I pressed "d" (deny) here.
The profile ended up with
deny /usr/lib64/python2.7/ssl.pyc w,
instead of the path I entered.
Bug?
Regards,
Christian Boltz
--
Meine allerste Festplatte hatte 30 MB, u
,
Christian Boltz
--
[Re: Wie krieg ich meinen Ratti in mutt zurueck?]
In der procmail einfach angeben:
formail -I From: ra...@gesindel.de (Ratti)
Dann sind _ALLE_ Mails von Ratti.
[Ratti (welcher denn? ;-) in suse-linux]
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or
Hallo,
Am Montag, 5. März 2012 schrieb John Johansen:
> On 03/04/2012 06:19 AM, Christian Boltz wrote:
> > another funny problem (genprof this time, AppArmor 2.7.2 again)
> >
> >
> > Profile:/sbin/rsyslogd
> > Capability: syslog
> > Severity: unexp
ount". That would be
unexpected behaviour IMHO.
Regards,
Christian Boltz
--
>So, Helm aufsetz und auf Steine wart ...
*werf*
*Steine! Flache Steine! Runde Steine! Grosse Steine! Kleine Steine!*
*Wer will noch mal, wer hat noch nicht?*
[> Manfred Tremmel und David Haller in sus
n your "2.8 syntax changes" mail?)
Regards,
Christian Boltz
[1] The profile is specific to my setup, therefore I doubt it's useful
for the broad audience.
--
New scheduler deployed on friday was buggy, we learn not to deploy
larger changes on fridays anymore ;)
[Adrian
Hello,
Am Montag, 12. März 2012 schrieb John Johansen:
> On 03/12/2012 03:42 PM, Christian Boltz wrote:
> > Am Samstag, 10. März 2012 schrieb John Johansen:
> >> * profiles have been defaulted to chroot relative instead of
> >> namespace relative
> >
&g
Hello,
Am Mittwoch, 14. März 2012 schrieb John Johansen:
> On 03/13/2012 01:39 PM, Christian Boltz wrote:
> > Am Montag, 12. März 2012 schrieb John Johansen:
> >> On 03/12/2012 03:42 PM, Christian Boltz wrote:
> >>> Am Samstag, 10. März 2012 schrieb John Johanse
h reminds me that apparmor.vim should also get an autogenerated (or
at least auto-checked) capability list...
(Would it make sense to put this into a small helper script
"capabilities_list" to avoid duplicate code? Or do you have a better
idea for apparmor.vim?)
Regards,
Christian
requested hat, however
I don't see any error message reporting something like that.
The apache profile and all its hats are in complain mode.
I use one hat per vhost, my apache config is:
AADefaultHatName vhost_something
[...]
Same question as last time: Do you have any i
Hello,
Am Sonntag, 18. März 2012 schrieb John Johansen:
> On 03/17/2012 01:36 PM, Christian Boltz wrote:
> > I reported this some time ago with old versions, but now I've seen
> > it on a server with openSUSE 12.1 and AppArmor 2.7.2 again:
> >
> > The HANDL
to similar fights as in the vi vs. emacs war ;-) [1]
Regards,
Christian Boltz
[1] Needless to say that vi is better - it comes with syntax
highlighting for apparmor profiles ;-)
--
> Mich nervt es tierisch an, wenn ich am Tag mehr Meldungen des Typs
> "Sie haben eine Virus-Mai
t_fcap
sys_admin sys_module sys_rawio"
Regards,
Christian Boltz
--
DAS kenne ich! Learning by carrying of annoying heavy hardware.
So'nen Strafmonitor habe ich hier auch. Wenn ich mal wieder meinen
kleinen Server an die Wand gefahren hab, müssen 40 kg/21" den Flur
hochgewuchtet werd
for cap in ${CAPABILITIES} ; do \
Would then be
check_severity_db: capability_list severity.db
RC=0 ; for cap in `cat capability_list` ; do \
AF_NAMES shares this problem and should also be implemented with a file
instead of using a make variable.
Note that everything above is untested
f version 2 of the GNU General Public
> +#License published by the Free Software Foundation.
> +#
> +#Written by Steve Beattie , based on work by
> +#Christian Boltz
> +
> +import os
> +import re
> +import subprocess
> +import sys
> +
> +# dangerous capabi
, even if it's
> one that won't get automatically used by anything.
It can't break anything ;-)
Acked-By: Christian Boltz
Regards,
Christian Boltz
--
This is like searching for a needle in a haystack in 20km distance
with the naked eye...
[Matthias Hopf in https://bugzilla
S*\})\S*',
-'EOL': r'\s*,(\s*$|(\s*#.*$)\@=)',
+'FILENAME': r'(\/|\@\{\S*\})\S*', # just a filename (taken from
@@FILE@@)
+'EOL': r'\s*,(\s*$|(\s*#.*$)\@=)', # End of a line
(whitespace_?_, comma
temd/systemctl.
With systemctl, only the exitcode is honored and the output hidden -
which means the profile is not loaded, but nobody sees an error message.
Expected result: a red "failed" and $? != 0
(AppArmor 2.7.2 on openSUSE 12.1 - but I'm quite sure trunk shares this
bug.)
Regard
Hello,
Am Montag, 26. März 2012 schrieb Steve Beattie:
> On Mon, Mar 26, 2012 at 10:22:31AM -0700, Steve Beattie wrote:
> > On Sat, Mar 24, 2012 at 12:24:39AM +0100, Christian Boltz wrote:
> > > +'FILENAME': r'(\/|\@\{\S*\})\S*', # ju
other valuable information for speakers.
[1] http://bit.ly/HiXb2X
[2] http://bit.ly/HmIqwJ
[3] http://bit.ly/HiXydO
-----
Regards,
Christian Boltz
--
If Microsoft is the solution, I want my problems back.
--
AppArmor mailing list
AppArmor@lists.ubuntu.
Hello,
Am Montag, 2. April 2012 schrieb John Johansen:
> On 03/31/2012 02:00 AM, Christian Boltz wrote:
> > maybe you have already heard that the openSUSE Summit will take
> > place from September 21-23, 2012 in Orlando Florida.
>
> Christian out of curiousity what kind o
This also affects logprof, see
https://bugzilla.novell.com/show_bug.cgi?id=755923
** Bug watch added: Novell/SUSE Bugzilla #755923
https://bugzilla.novell.com/show_bug.cgi?id=755923
--
You received this bug notification because you are a member of AppArmor
Developers, which is the registrant
Public bug reported:
- AppArmor 2.7.2 on openSUSE 12.1
- httpd2-prefork profile in complain mode
- using mod_apparmor with one hat per vhost (specified with AADefaultHatName)
mod_apparmor doesn't print/log any error message if the hat specified
with AADefaultHatName does not exist. Instead, I get
so handle IPv6 or is there a separate version?
Fortunately most profiles get network access via abstractions, which
already include support for IPv4 and IPv6.
Regards,
Christian Boltz
--
Aber genauso können mir ja auch die Grünen leid tuen.
Da bin ich doch lieber blau ...
[Konrad Neitzel in sus
apparmor.d/usr.lib.dovecot.imap-login
+++ profiles/apparmor.d/usr.lib.dovecot.imap-login
@@ -11,6 +11,7 @@
capability sys_chroot,
network inet stream,
+ network inet6 stream,
/usr/lib/dovecot/imap-login mr,
/{,var/}run/dovecot/login/ r,
Regards,
Christian Boltz
--
Ich habe n
Hello,
Am Donnerstag, 5. April 2012 schrieb Steve Beattie:
> On Tue, Mar 27, 2012 at 12:58:54AM +0200, Christian Boltz wrote:
> > > > +filename=r'(\/|\@\{\S*\})\S*'
> >
> > I'd prefer to have this near the definition of aa_regex_map - right
> >
; break current semantics in that it could be said that new namespaces
> inherit their parents unconfined profile (which just can't be
> replaced currently).
Are you talking about "really unconfined" or "default_profile" here?
Regards,
Christian Boltz
--
"Wouldn
ME for
details.
#include
}
Regards,
Christian Boltz
--
Meine Katze hat zu der Maus auch gesagt: "Kannst ganz beruhigt sein,
ich tu Dir nichts!" Und vom Fressen hat die Katze kein Ton gesagt.
[Rolf-Hubert Pobloth in suse-linux]
--
AppArmor mailing list
AppArmor@lists.ubun
uot;execute" - and also to "take the dog for a walk" ;-) (besides that,
the world has seen enough cat content already ;-)
> >>>> On 03/31/2012 02:00 AM, Christian Boltz wrote:
> >>> #!/bin/bash
> >>> echo "Hello World!" > /tmp/hello.tx
Hello,
Am Donnerstag, 5. April 2012 schrieb John Johansen:
> On 04/05/2012 03:31 PM, Christian Boltz wrote:
> > Am Mittwoch, 4. April 2012 schrieb John Johansen:
> >> A bit of history, and where we are at now
> >
> > Thanks for the history lesson!
> > Can you
Hello,
Am Freitag, 6. April 2012 schrieb Steve Beattie:
> On Fri, Apr 06, 2012 at 03:21:39PM +0200, Christian Boltz wrote:
> > If tftp server for dnsmasq is configured it won't serve the boot
> > file. This patch adds read permissions for /srv/tftpboot/
> &
making that fatal is easy:
pod2main --stderr [... other options ...] 2>pod2man-errors
test ! -s pod2man-errors || { cat pod2man-errors ; exit 1 ; }
I'll let it up to you to implement this in the Makefile.
Don't forget to delete pod2man-errors in make clean ;-)
Regards,
Christian
openSUSE package) shows it fixes the bug in the 2.7 branch.
Regards,
Christian Boltz
--
[...] bis zur Erwähnung des gesuchten Punktes sind es nur ein paar
"Bild-down"s. Wenn Du mir erzählen willst, dass das schwer zu finden
ist, mache ich ab Morgen eine Linux-Kindergarten-Mailingliste
Hello,
I could just commit the patch below based on the "nobody complained
within a week" rule, but some sort of reply would be better ;-)
Am Samstag, 7. April 2012 schrieb Christian Boltz:
> Am Freitag, 6. April 2012 schrieb Steve Beattie:
> > On Fri, Apr 06, 2012
ng objection to it going in.
You are too late anyway - it's commited ;-)
Regards,
Christian Boltz
--
>>Mir sind genug NT - Admins mit Gehaeltern ab 150 KDM bekannt, die
>>weniger von NT wissen als ich - und das ist _sehr_ wenig.
>NT-Admins werden wie Bundestagsabgeordne
ke...
Another question - what is the target version for changing the build
system? Do you want to include it in 2.8?
Regards,
Christian Boltz
--
[Re: Wie krieg ich meinen Ratti in mutt zurueck?]
In der procmail einfach angeben:
formail -I From: ra...@gesindel.de (Ratti)
Dann sin
Hello,
Am Sonntag, 6. Mai 2012 schrieb Kees Cook:
> On Sun, May 06, 2012 at 01:46:30AM +0200, Christian Boltz wrote:
> > I prefer hand-written Makefiles - but that might be a matter of
> > personal taste ;-) (and, in my case, missing knownledge about
> > automake)
>
&g
-)
Signed-Off-By: Christian Boltz
And now let me explain why bzr blame is named bzr _blame_ ;-))
# bzr blame parser/Makefile |grep techdor
1522 kees.co | 60 rm -rf techdoc.aux techdoc.log techdoc.pdf
techdoc.toc techdor.txt techdoc/
#
Hello,
Am Dienstag, 8. Mai 2012 schrieb Kees Cook:
> On Tue, May 08, 2012 at 09:59:11PM +0200, Christian Boltz wrote:
> > - don't include build date on first page of the PDF
>
> Oh good -- this had been bothering me.
I was thinking about inserting the correct date, but tha
n optional parameter, defaulting to 0 (or false,
whatever you prefer).
The function result should be merged into the content of apparmor.vim.in
(appending should work, no need to insert it in the middle of the file).
This should happen _before_ replacing all the @@WHATEVER@@ parts.
Steve, can you im
e-specific additions and overrides. See local/README for details.
#include
}
Regards,
Christian Boltz
--
> Ich habe immer so Bißspuren in meiner Tastatur!
> Weiß jemand wieso?
Ist Deine Maus hungrig?
[> Bernd Brodesser und Hannes Vogelmann in suse-linux]
--
AppArmor mailing l
files
probably aren't final yet. Nevertheless I'm open for feedback ;-)
Regards,
Christian Boltz
--
[...] aber letzten Endes ist er mein Chef, und wenn er karierte
Maiglöckchen haben will, dann soll er sie kriegen, sofern ich
diese beschaffen kann. [Martin Mewes in suse-linux]
--
A
vg r,
/proc/uptime r,
/usr/bin/uptime mr,
/var/run/utmp rwk,
}
Regards,
Christian Boltz
--
> Wie zaehlt man eine Person zu seiner Freundin?
Ist doch ganz einfach:
Freundin
+ Person
--
FrÜØ×àÚµ [Henning Sponbiel und
Ich frage mich nur,
the page ;-)
BTW: The wiki user "Jj" is probably John.
Regards,
Christian Boltz
--
And if the majority here feels mlmmj should respond in Klingon,
that's what we should consider. As long as it uses proper MIME
headers, of course. ;-)[Gerald Pfeifer in opensuse-project]
--
the livestream, then you are right :-/
Lots of background noise, and the "interesting" speakers should be
louder. Are you afraid of microphones because you stay on distance? ;-)
BTW: is the livestream setup described somewhere? (It could be useful
for the openSUSE conference.)
Regards,
C
Hello,
Am Mittwoch, 9. Mai 2012 schrieb Christian Boltz:
> as mentioned in the UDS chat, I'd like to have a create_file_rule
> function in create-apparmor.vim.py.
>
> Unfortunately Python is not one of the P* languages I "speak", which
> means I can't implem
Hello,
Am Sonntag, 27. Mai 2012 schrieb John Johansen:
> On 05/25/2012 04:21 PM, Christian Boltz wrote:
> > The attached patch moves the generation of file rules from
> > apparmor.vim.in to create-apparmor.vim.py. It also adds support for
> > - filenames in quotes
** Attachment added: "hackish script to add a hat to the apache profile"
https://bugs.launchpad.net/bugs/1014298/+attachment/3193605/+files/create-apparmor.conf
--
You received this bug notification because you are a member of AppArmor
Developers, which is the registrant for AppArmor.
https:/
Public bug reported:
I'm using a script to add hats for each vhost in my apache profile
(attached for reference).
This works, but it uses some ugly sed tricks (for example, it removes
^}$ from the profile) to work. This also means that it might break a
manually edited profile if someone removed t
** Attachment added: "profile for the test script (after running genprof AND
logprof)"
https://bugs.launchpad.net/apparmor/+bug/1014304/+attachment/3193612/+files/home.cb.linuxtag.apparmor.scripts.hello
--
You received this bug notification because you are a member of AppArmor
Developers, wh
Public bug reported:
Take this little demo script:
#!/bin/bash
echo "Hello World!" > /tmp/hello.txt
cat /tmp/hello.txt
rm /tmp/hello.txt
I created a profile for it using genprof. Most important point: select
"child" for executing /bin/rm, see attached screendump.txt for details.
When I run logp
** Attachment added: "screendump.txt of genprof and logprof"
https://bugs.launchpad.net/bugs/1014304/+attachment/3193610/+files/screendump.txt
--
You received this bug notification because you are a member of AppArmor
Developers, which is the registrant for AppArmor.
https://bugs.launchpad.ne
** Attachment added: "audit.log"
https://bugs.launchpad.net/apparmor/+bug/1014304/+attachment/3193611/+files/audit.log
--
You received this bug notification because you are a member of AppArmor
Developers, which is the registrant for AppArmor.
https://bugs.launchpad.net/bugs/1014304
Title:
the \n because without it, you'll get your prompt
mixed up if you cat the file.
> The child profiles and hats directory is currently created regardless
> of whether child profiles or hats are present. Should this directory
> only be created if the profile has children?
For shell s
ing ugly is much
better than breaking tools that read /sys/ ;-)
That all said - what do you think how the /sys/ entry/directory for the
/** profile should be named?
Regards,
Christian Boltz
--
Bash ist zwar nur trocken Brot und Wasser,
aber Tcl ist Nutella mit Maggi ;)
[Christian Perle in d.
-01 11:05:38 +
@@ -10,7 +10,7 @@
# --
#include
-/bin/ping {
+/{usr/,}bin/ping {
#include
#include
#include
Regards,
Christian Boltz
--
Ein Experte ist ein Mensch, den man in letzter Minute hinzuzieht,
um einen Mitschuldigen zu h
Public bug reported:
(copy&paste from my mail on the apparmor ML)
Just curious - how would that profile name look as filename for
/etc/apparmor.d/ ? Hmm, let's try...
# aa-genprof '/**'
/** does not exist, please double-check the path.
OK, I'm feeling adventurous ;-)
# touch '/**'
# aa-genpro
Hello,
Am Freitag, 6. Juli 2012 schrieb John Johansen:
> On 07/06/2012 03:18 PM, Christian Boltz wrote:
> > Am Donnerstag, 5. Juli 2012 schrieb John Johansen:
> >> The best it could do is apply the same mapping to the tools apply.
> >
> > Sounds like a good idea, b
liver
Expected behaviour IMHO: update the cache and the .features file.
Any idea what is wrong? (A patch would be even better ;-)
Regards,
Christian Boltz
--
"Wirklich praxisnah wären Münzen zu EUR 0,99."
[Wolfgang Schwanke in de.etc.sprache.deutsch]
--
AppArmor mailing list
AppArmo
2.8.0 (= r2047) still has this bug.
Looks like the patch doesn't do what it should :-(
Regards,
Christian Boltz
--
"And 1.1.81 is officially BugFree(tm), so if you receive any bug-reports
on it, you know they are just evil lies." [Linus Torvalds]
--
AppArmor
.d/abstractions/bash 2012-08-05 15:46:47 +
@@ -40,5 +40,5 @@
# run out of /etc/bash.bashrc
/etc/DIR_COLORS r,
- /bin/ls mix,
+ /{usr/,}bin/ls mix,
/usr/bin/dircolors mix,
Regards,
Christian Boltz
--
>
how to delete all files in a
directory ;-)
Regards,
Christian Boltz
[1] oh, now I remember:
rule 22 - "invent new ways to make your program slow"
;-)
[2] aa-enable is more important IMHO because it needs to
a) delete a symlink
b) load the profile
--
Ich selbst benutze kw
012 schrieb John Johansen:
> On 08/07/2012 01:34 PM, Christian Boltz wrote:
> > John, thanks for honoring the golden rules of bad programming in
> > your
> > patch! I'm especially talking about rule 18 - "take great care in
> > setting bad defaults" ;-)
>
ain :-)
(tested with the patch you sent me off-list this, well, morning - I
didn't compare it to the v2 patch on the ML)
Regards,
Christian Boltz
--
soviel zu Win. Was hat Dich denn da geritten? Auf Win-
Fehlermeldungen würde ich nix geben. Wenn das OS konsequent wäre,
würde es sich selbst l
Hello,
# aa-exec
#
I'd expect an error message about missing parameters in this case...
Regards,
Christian Boltz
--
> In case someone reads this and does not understand irony: this is not
> a valid solution for something you want to submit to openSUSE:Factory
OF course Im awar
| egrep -q "^[0-9A-F]+$" ; then
echo "String should only contain hex characters (0-9, a-f, A-F)"
- return
+exit 1
fi
d=`decode $e`
Regards,
Christian Boltz
--
> ich mochte gerne fur eine unbestimte Zeit Linux von meiner
> Festplatt
ything else. I wouldn't call this expected behaviour, but
at least it matches --help ("convert _any hex-encoded_ AppArmor log
entries and display them on standard output.")
This shouldn't be too hard to fix/change, but that's a different
issue ;-)
Regards,
Christian B
have a symlink
/etc/apparmor/profiles/extras -> /usr/share/apparmor/extra-profiles/
for backward compability, you'll have to create it yourself (for example
in the .spec file)
This also fixes https://bugzilla.novell.com/show_bug.cgi?id=713647
Regards,
Christian Boltz
--
[Fontl
ints lines that do not contain an encoded filename (instead of
grepping them away)
In other words: you can pipe your audit.log through aa-decode, and the
only difference to the raw audit.log is that filenames are decoded.
Signed-Off-By: Christian Boltz
=== modified file 'utils/aa-decod
Hello,
Am Dienstag, 9. Oktober 2012 schrieb Steve Beattie:
> On Wed, Oct 03, 2012 at 02:00:34AM +0200, Christian Boltz wrote:
> > the attached patch fixes aa-decode stdin handling.
> Realistically, this ought to be converted to one of the P* languages,
> given the difficulties aro
nts failures if
I break aa-decode intentionally - or just use the version from 2.8.0 ;-)
Therefore, based on my testing (without reading the code):
Acked-By: Christian Boltz
Regards,
Christian Boltz
--
If Linus is calling you an idiot then you probably think "Could be that
he is righ
ture in openSUSE too ;-)
And a final question that is somewhat unrelated: I remember that using
etckeeper was discussed at the last(?) UDS. Did this happen in the
meantime? If yes, how good does it work?
Regards,
Christian Boltz
--
Linux just isn't user-friendly when it comes to virus
le)=[0-9a-fA-F] ]]; then
# cut the encoded filename/profile name out of the line and decode it
ne=`echo "$line" | sed 's/.* name=\([^ ]*\).*$/\\1/g'`
Regards,
Christian Boltz
--
I wonder how we ended up with baseurl and extra_url, now we are missing
one wit
bash's built-in regular expression comparison operator "=~".
I'd assume that's old enough to be available on everyone's system ;-)
Regards,
Christian Boltz
--
> I forgot to mention: The default language will of course be English!
In UTF-8 or la
gt; access to desktop settings.
IMHO the filepicker is the most important thing - basically it's the
only missing part needed to provide secure and non-annoying[1] profiles
for web browsers - and also other desktop applications
(but maybe I underestimate on how many places dbus is used
,[89].[0-9]}/*-linux/*.so
mr,
> + /usr/lib{,32,64}/ruby/site_ruby/1.{[89],[89].[0-9]}/*-linux/**/*.so
mr,
Two more pairs to merge ;-)
Regards,
Christian Boltz
--
"Bei mir" läuft KDE gar nicht.
Völlig korrekt. Logisch. Aber sinnfrei.
[David Haller in opensuse-de]
--
AppArmo
Hello,
Am Montag, 5. November 2012 schrieb John Johansen:
> On 11/01/2012 11:06 AM, Christian Boltz wrote:
> > here's a patch that speeds up aa-decode - in my case from 1.9s to
> > 0.3s (test log with about 900 lines, with 16 encoded lines)
> >
> > The trick is to
n the permissions, and a quite strict validation/
error highlighting
BTW: Feel free to steal my AppArmor slides (or some content from them)
from blog.cboltz.de ;-) (LibreOffice files available on request)
Regards,
Christian Boltz
--
But you are probably also complaining if local root exploits
rride a deny from an abstraction.
BTW: does your patch detect conflicting rules like
allow deny /foo rw,
as an error?
Regards,
Christian Boltz
--
Dabei müsste er nur seine Entern-Taste gangbar bekommen, Debian
lauffähig im Grundgerüst bekommt man ja beinahe automatisiert
installiert, wenn ma
Hello,
Am Mittwoch, 7. November 2012 schrieb John Johansen:
> On 11/07/2012 02:44 PM, Christian Boltz wrote:
> > Am Mittwoch, 7. November 2012 schrieb John Johansen:
> >> let allow be used as a prefix in place of deny. Allow is the
> >> default
> >> and is i
removes the MAY_EXEC permission when trying to execute
/bin/foo. Will /bin/bar still be allowed to be executed?
(And, as Steve already wrote, please add a comment to the code
explaining why you modify perms.allow.)
Regards,
Christian Boltz
--
2 min spaeter... "Hach, so sind sie mein
2.8
branch is a bit tricky because it depends on the kernel version and
unfortunately the parser seems to bail out with "Invalid capability" if
the kernel doesn't support it :-((tested with "capability foo" ;-)
Regards,
Christian Boltz
--
We work *with* SUSE, but not
a program really needs unmodified environment
variables).
Regards,
Christian Boltz
--
Please don't ruin a perfectly good argument with facts!
[James Knott in opensuse-factory]
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
DME
Not backported (= remaining differences):
- move extra profiles to /usr/share/apparmor/extra-profiles/
(I doubt we should do this in a minor release)
- capability block_suspend for usr.sbin.nscd (because the 2.8 parser
doesn't support it - which is a problem on its own)
Regards,
C
a separate KDE abstraction?
> - @{HOME}/.kde/share/config/kioslaverc r,
> + owner @{HOME}/.kde/share/config/kioslaverc r,
KDE on openSUSE uses ~/.kde4/ - what about
owner @{HOME}/.kde{4,}/share/config/kioslaverc r,
(Note: I don't know if skype is clever enough to check ~/.kde4 ;-)
backport them.
Regards,
Christian Boltz
--
"Microsoft spel chekar worgs grate!"
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
s exactly what might have hit you -
the log line you showed is the result of executing another program.
Fortunately aa-logprof usually works better. Does it work if you do the
following? (/usr/bin/virtualbox is just a guess - replace as needed)
aa-complain /usr/bin/virtualbox # [1]
# start
de in
2.8 and trunk ;-)
Any objections?
Regards,
Christian Boltz
--
ohh.. and ensure that you dont use phpBB, I repeat, dont use phpBB or
you will regret it !! my dog writes better code than that :-P
[Cristian Rodríguez in opensuse-project]
--
AppArmor mailing list
AppArmor@lists.ubuntu.co
Hello,
Am Dienstag, 1. Januar 2013 schrieb John Johansen:
> On 01/01/2013 02:35 AM, Christian Boltz wrote:
> > I'd like to request backporting aa-decode to the 2.8 branch.
> > Well, "backporting" is a too big word because I'd simply replace the
> > totally
file syntax
would be useful IMHO to
a) clarify that it's intentional / not a Makefile bug
b) have a hint that it needs to be re-added when logprof is updated
With such a comment added (I don't care about the exact wording),
Acked-by: Christian Boltz
Regards,
Christian Boltz
--
Ic
Hello,
Am Mittwoch, 2. Januar 2013 schrieb Steve Beattie:
> However, was there a specific reason
> not to include the testscript for aa-decode as well?
I simply missed it because it's a separate commit ;-)
> I'd like to nominate that for inclusion into 2.8.1.
Acked-
Hello,
Am Mittwoch, 2. Januar 2013 schrieb Steve Beattie:
> On Wed, Jan 02, 2013 at 04:27:33PM -0800, Steve Beattie wrote:
> > On Tue, Dec 18, 2012 at 11:21:20PM +0100, Christian Boltz wrote:
> Sorry about that, I was both on holiday and ill for most of that week
> of December.
dded file
Looks like your patch would add several empty *.err files (I only quoted
some of them above). Is this intentional?
Regards,
Christian Boltz
--
"Microsoft spel chekar worgs grate!"
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
...
> /etc/udev/udev.conf r,
I guess/hope chromium doesn't read this file directly - something for an
abstraction?
What I'm missing in your profile is something like
owner /home/*/downloads/ r,
owner /home/*/downloads/** rw,
This could mean two things:
a) you didn't
Hello,
Am Mittwoch, 9. Januar 2013 schrieb Aaron Lewis:
> I made few tweaks (xfce4, /proc /sys etc.) and the profile / patch is
> attached here.
Looks like you forgot the attachment - can you please try again? ;-)
Regards,
Christian Boltz
--
> sdfgsdfg
sind denn die Schreibmaschine
log to the wiki page - that
should be a good start ;-)
Regards,
Christian Boltz
--
Ich suche da noch nen schönen Schreibtisch für meine Tastatur.
Mit dieser wird ausschließlich mein Linux-Rechner bedient. Die
Windows-Tasten habe ich überklebt.
[Markus Nohn in suse-linux zur Frage "was ist O
ql2013-01-11 21:50:19 +
@@ -1,6 +1,7 @@
# --
#
#Copyright (C) 2002-2006 Novell/SUSE
+#Copyright (C) 2013 Christian Boltz
#
#This program is free software; you can redistribute it and/or
#modify it under th
'libraries/libapparmor/src/Makefile.am'
> AA_LIB_CURRENT = 1
> -AA_LIB_REVISION = 2
> +AA_LIB_REVISION = 3
> AA_LIB_AGE = 0
This brings us to the funny situation that trunk has a lower library
revision than 2.8.1 ;-)
Should the version in trunk also be bumped to ensure it is at le
that's my guess - if we want to be really sure, I can create a
profile for it)
(and, BTW, it's even possilble to give xosview a cool transparent look
by applying the desktop background image to the xosview*pixmapName ;-)
Regards,
Christian Boltz
--
[Evolution - Message-ID] Oh ja
@{pid}/mounts r,
@{PROC}/filesystems r,
+ @{PROC}/sys/vm/overcommit_memory r,
# Site-specific additions and overrides. See local/README for details.
#include
Regards,
Christian Boltz
--
> Ich hab letztens nen Film gesehen, in dem sich zwei Irre unterhalten
> haben. Da hat
401 - 500 of 1664 matches
Mail list logo
