ed directory location.
>
> Signed-off-by: Steve Beattie
Acked-by: Christian Boltz
Regards,
Christian Boltz
--
Aber bei Sendmail weiss man ja nie, ist ja ne Mischung aus Programmier-
sprache und halben Betriebssystem, die bei geeigneter Konfiguration wie
ein MTA aussehen kann...
;
> Signed-off-by: Steve Beattie
Acked-by: Christian Boltz
Regards,
Christian Boltz
--
Der nächste DAU kommt bestimmt. Sie werden in den Kellern
von AOL gezüchtet. [Dieter Bruegmann in dag°]
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsu
ething like "... and return the full path" would be better.
> +path = os.path.join(directory, file)
> with open(path, 'w+') as f:
> f.write(contents)
> +return path
With an improved comment for write_file,
Acked-by: Christian Boltz
Regards,
est[1], and a "BuildRequires: python3" is acceptable
when it makes things easier on the programming side.
Therefore:
Acked-by: Christian Boltz
Regards,
Christian Boltz
[1] Things would be different if you'd test _python code_ only with py3,
even if it's written to run wi
sind nicht
zulässig\n"
+msgstr "%s: Ungültige öffnende {, verschachtelte Gruppierungen sind nicht
zulässig\n"
#: ../parser_regex.c:303
#, c-format
@@ -454,7 +454,7 @@
#: ../parser_policy.c:298 ../parser_policy.c:304
#, c-format
msgid "ERROR expanding variables for profile %s
Hello,
(summing up an IRC discussion from some hours ago for those who missed
it)
Am Dienstag, 17. September 2013 schrieb Christian Boltz:
> during the last days, we (as in: the usual people in #apparmor)
> discovered that the r1225 translation update introduced _lots_ of
> mistransl
and hosts files for dnsmasq
/var/lib/libvirt/dnsmasq/r,
+ /var/lib/libvirt/dnsmasq/*r,
/var/lib/libvirt/dnsmasq/*.leases rw,
- /var/lib/libvirt/dnsmasq/*.hostsfile r,
# libvirt pid files for dnsmasq
/{,var/}run/libvirt/network/ r,
Regards,
Christian Bol
/ntp/drift/ntp.drift rw,
/var/lib/ntp/drift/ntp.drift.TEMP rw,
/var/lib/ntp/etc/* r,
Regards,
Christian Boltz
--
> Subscribers don't receive messages from authors,
> they receive messages from listservs.
I've never seen a list server write a message :-)
[Felix Miata a
"lowercase.dat" and my ARCHIVES.gz
archive shows that openSUSE 11.4 already used "lowcase.dat", so removing
"lowercase" shouldn't cause any problems.
Nevertheless, I'll not remove "lowercase" in the 2.8 branch to be on the
safe sid
Hello,
Am Dienstag, 19. November 2013 schrieb Seth Arnold:
> On Tue, Nov 19, 2013 at 10:28:28PM +0100, Christian Boltz wrote:
> > === modified file 'profiles/apparmor.d/usr.sbin.nmbd'
> > --- profiles/apparmor.d/usr.sbin.nmbd 2011-08-27 18:50:42 +
> > +++ pr
ng for trouble? ;-) [1]
It would be a good idea to have _one_ file with the definitions of
AA_MAY_WRITE etc., which is then used by everything that needs those
macros.
Regards,
Christian Boltz
[1] code duplication is _always_ calling for trouble, and I doubt this
macro definition i
rtificates/ r,
/usr/local/share/ca-certificates/** r,
+ /var/lib/ca-certificates/ r,
+ /var/lib/ca-certificates/** r,
Regards,
Christian Boltz
--
Wenn das Teil unter Windows CE oder Pocket PC 2000 läuft, ist Synce Dein
Fall. Zu finden auf Sourceforge, wenn ich mich nicht irre, und ich irr
ook.
> > @@ -419,6 +423,10 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd)
> >
> > if (!S_ISDIR(inode->i_mode))
> > goto out_putf;
> >
> > + error = security_path_chdir(&f.file->f_path);
> > + if (error)
> > + goto
Hello,
Am Donnerstag, 28. November 2013 schrieb John Johansen:
> On 11/28/2013 10:32 AM, Christian Boltz wrote:
> > Am Donnerstag, 28. November 2013 schrieb Seth Arnold:
> >> On Tue, Nov 05, 2013 at 05:34:58AM -0800, John Johansen wrote:
> > I reported some time ago tha
(res)
> > + goto out_path_release;
> > +
> >
> > res = inode_permission(inode, mode | MAY_ACCESS);
> > /* SuS v2 requires we report a read only fs too */
> > if (res || !(mode & S_IWOTH) || special_file(inode->i_mode))
Please insert th
g minimize equality valgrind tests: error_output
> caching minimize equality parser_sanity
>
> GEN_TRANS_DIRS=simple_tests/generated_x/
> simple_tests/generated_perms_leading/
> simple_tests/generated_perms_safe/ simple_tests/generated_dbus
Acked-By: Christian Boltz
Regar
PTION regex with empty character class (brace)
> +#=EXRESULT FAIL
> +#
> +/usr/bin/foo {
> + /alpha/[]beta rw,
> +}
> +
Good idea!
Acked-By: Christian Boltz
BTW: Do we already have a similar test for empty alternations, like
/foo{}/bar rw,
?
Regards,
Christian Boltz
--
&g
sts/file/ok_alternations_2.sd |
> 7 +++ parser/tst/simple_tests/file/owner/ok_alternations_1.sd |
>7 +++ parser/tst/simple_tests/file/owner/ok_alternations_2.sd
> |7 +++ 6 files changed, 42 insertions(+)
Acked-By: Christian Boltz
Regards,
Christian Boltz
--
A
create character or block devices.
=head1 ERRORS
If someone needs food for the TODO list: My patch only fixes the user
visible "can ?not", but doesn't fix about 40 "can not" hidden in
comments ;-)
Regards,
Christian Boltz
--
linux:~ # nmap localhost
bash: nmap
on capability
rules"));
+ yyerror(_("owner prefix not allowed on capability
rules"));
if ($2.deny)
$1->caps.deny |= $3;
Regards,
Christian Boltz
--
> Am Besten wäre natürlich, den Owner von /dev/usbkabel ;-) zu
&
Hello,
as I already mentioned in the last IRC meeting, I won't be online on
tuesday for the monthly meeting. I'll let it up to you if we move it [1]
or if you do the meeting without me ;-)
Regards,
Christian Boltz
[1] I'm also away on wednesday and saturday
--
> >
Hello,
Am Donnerstag, 5. Dezember 2013 schrieb Seth Arnold:
> On Thu, Dec 05, 2013 at 10:50:56PM +0100, Christian Boltz wrote:
> > as discussed on #apparmor yesterday, here's the most important patch
> > we've ever seen ;-)
> >
> > References: https://bugzi
e profiles to be added to
profiles/apparmor.d/ when they are finished, and also release them as
update for at least openSUSE 13.1.)
Note: some profiles don't have the #include - that's on my
TODO list. Also the "paperwork" (copyright headers) is still missing.
Regards,
Ch
run/avahi-daemon/socket w,
Do you think some of them need to be changed from w to rw? If yes, which ones?
Regards,
Christian Boltz
--
Gegen nachhaltige Zweifel, ob die SSL-Verschlüsselung in Windows
wirklich noch den erwarteten Schutz vor unerwünschten Lauschern bieten
kann, hilft damit letztli
a/*.tdb rw,
Regards,
Christian Boltz
--
Du kannst dir einen Kernel so geschwaetzig eingestellt kompilieren, dass
die HDD kaum noch mit dem loggen hinterherkommt (was wiederum Bugs im
HDD-Treiber ausloesen koennte ;)) [David Haller in suse-linux]
--
AppArmor mailing list
AppArmor@lists.ubuntu.
Hello,
Am Sonntag, 22. Dezember 2013 schrieb Christian Boltz:
> samba (nmbd and smbd) need to create /var/run/samba at startup
> (at least on systems where /var/run is on a tmpfs)
It also needs to create /var/cache/samba/
> References: https://bugzilla.novell.com/show_bug.cgi?id=8566
y_binary_equality "dbus minimization with all perms" \
> + "/t { dbus, }" \
> + "/t { dbus bus=session, dbus, }" \
> + "/t { dbus (send, receive, bind, eavesdrop), dbus, }"
[...]
Acked-By: Christian Boltz
Regards,
Christian Boltz
xdg-open rmUx,
I'd recommend rmPUx instead of rmUx - if someone has a profile for one
of them, it should be used.
You also have several /usr/lib/... paths - at least on openSUSE, some
parts of libreoffice are in /usr/lib64/... Therefore it would be better
to use /usr/lib*/... eve
Hello,
Am Mittwoch, 25. Dezember 2013 schrieb Jonathan Davies:
> On 25/12/2013 16:23, Christian Boltz wrote:
> > Am Mittwoch, 25. Dezember 2013 schrieb Jonathan Davies:
> >> I have created an AppArmor profile for LibreOffice and I would like
> >> to see it pla
re/ssl/openssl.cnf r,
+ @{PROC}/sys/crypto/fips_enabled r,
Regards,
Christian Boltz
--
I wonder how we ended up with baseurl and extra_url, now we are missing
one with a "-" like "data-dir" to violate consistency and the principle
of least surprise in all possible ways
| 10 ++
> 1 file changed, 10 insertions(+)
Acked-By: Christian Boltz
Regards,
Christian Boltz
--
[Automatismen] Suse macht es umgekehrt. Erstmal wird die selbstmelkende
Kuh installiert, wenn der Stall dann überschwemmt ist, gibt es bestimmt
irgendwo ein RC_AUTOMILK=false - aber ob
quot;, then the /path/to/script
profile is not used - in this case, AppArmor only looks for a profile
for "python".
Another option is to run
aa-exec -p /path/to/script python /path/to/script
(note: I never tested aa-exec ;-)
For additiional complexity, load the libapparmor bindings
about having the root check
enabled by default, and add an option --no-profile-reload that also
skips the root check.)
That said - feel free to test the rewritten tools available at
https://code.launchpad.net/apparmor-profile-tools
Regards,
Christian Boltz
--
Weißt Du, man soll ja eigentlich k
FALSE;
>
> if (ent->next)
> buffer.append(",");
> }
>
> return TRUE;
> -
> -fail:
> - return FALSE;
> }
Looks like one of the rare cases where I add
Acked-by: Christian Boltz
to a C patch ;-)
Re
Hello,,
Am Donnerstag, 16. Januar 2014 schrieb Steve Beattie:
> The parser was lacking language tests for rlimits. This test adds
> several, one for each rlimit type.
>
> Signed-off-by: Steve Beattie
Acked-by: Christian Boltz
Regards,
Christian Boltz
--
Erstes Gesetz WWW:
t if apparmor.vim displays all tests from 12/18
correctly?)
Regards,
Christian Boltz
--
[SuSE 9.1] Und utf-8 saugt tote Hamster durch Strohhalme, selbst wenn
es funktioniert. [...] Und das alles nur, damit ich Klingonisch native
verarbeiten kann in meinem Rechner.
[http://blog.koehntopp.de/arc
overage from the language tests is still incomplete.
>
> Signed-off-by: Steve Beattie
Acked-by: Christian Boltz
with some comments and questions inline.
> Index: b/parser/tst/simple_tests/file/ok_slashquote_1.sd
> ===
Hello,
Am Donnerstag, 16. Januar 2014 schrieb Steve Beattie:
> Found by running pyflakes on these scripts.
>
> Signed-off-by: Steve Beattie
Acked-by: Christian Boltz
(assuming pyflakes was right - and even if not, we'll notice the
failures quickly ;-)
Regards,
Christian B
e (whitespace_?_,
> comma, whitespace_?_ comment.*) 'TRANSITION':
> r'(\s+-\>\s+\S+)?',
Sorry for the terrible quoting, anyway:
Does it really make sense to have two spaces in front of # ?
> +#syn match sdEntryM /@@DENYFILE@@(r|mk|x)+@@EOL@@/
> contains=sdGlob,s
ertaining values ;-)
> Signed-off-by: Steve Beattie
Acked-by: Christian Boltz
Regards,
Christian Boltz
--
Christine O'Donnell: 'If evolution is real why are there still monkeys?'
Well Christine, education is real and there are still morons.
[http://twitter.com/kel
run/nm-dns-dnsmasq.conf r,
/{,var/}run/sendsigs.omit.d/*dnsmasq.pid w,
+ /{,var/}run/NetworkManager/dnsmasq.conf r,
# Site-specific additions and overrides. See local/README for
details.
#include
Regards,
Christian Boltz
--
mrdocs, this is California. Define "normal&q
Hello,
Am Donnerstag, 16. Januar 2014 schrieb Steve Beattie:
> On Fri, Jan 17, 2014 at 12:45:27AM +0100, Christian Boltz wrote:
> > (and BTW, did you test if apparmor.vim displays all tests from 12/18
> > correctly?)
>
> Apparently I missed all the incorrect highlight
Hello,
Am Donnerstag, 16. Januar 2014 schrieb Steve Beattie:
> On Fri, Jan 17, 2014 at 01:29:31AM +0100, Christian Boltz wrote:
> > Sorry for the terrible quoting, anyway:
> > Does it really make sense to have two spaces in front of # ?
>
> It's pep8's error
id Ux. What
about creating a profile (or child profile) for lsb_release?
(seems to be different in the profiles for newer releases - I'm not sure
if it's still worth fixing for 10.04)
Regards,
Christian Boltz
--
> /etc/sysconfig/powersave/cpufreq contains the line:
;
> Signed-off-by: Steve Beattie
[...]
> 66 files changed, 66 insertions(+)
Acked-by: Christian Boltz
Regards,
Christian Boltz
--
Confixx hat der Teufel erfunden, und weils so schmerzhaft ist,
gleich danach Plesk. [Jim Knuth in postfixbuch-users]
--
AppArmor mailing list
AppArmo
/ rw,
+ /{var/,}run/samba/winbindd/pipe w,
# Site-specific additions and overrides. See local/README for
details.
#include
Regards,
Christian Boltz
--
> auf meinem Rechen Suse 8.2 KDE 3.1.1, [...]
Hey, man kann SuSE inzwischen sogar auf einem Rechen installieren?
Wow, da muss i
ables/dovecot'
--- profiles/apparmor.d/tunables/dovecot1970-01-01 00:00:00 +
+++ profiles/apparmor.d/tunables/dovecot2014-01-19 16:08:06 +
@@ -0,0 +1,20 @@
+# --
+#
+#Copyright (C) 2013 Christian Boltz
+#
9 16:08:30 +
@@ -0,0 +1,25 @@
+# --
+#
+#Copyright (C) 2013 Christian Boltz
+#
+#This program is free software; you can redistribute it and/or
+#modify it under the terms of version 2 of the GNU General Public
+#
t (C) 2009-2013 Canonical Ltd.
+#Copyright (C) 2011-2013 Christian Boltz
+#
+#This program is free software; you can redistribute it and/or
+#modify it under the terms of version 2 of the GNU General Public
+#License published by the Free Software
\s*" "$$profile" >/dev/null || {
echo "$$profile doesn't contain #include " ; exit 1; } ; \
done; \
.PHONY: install
Regards,
Christian Boltz
--
116: Programm
Sobald eine Datei von einem Virus infiziert werden kann, ist
now good enough.
(If someone else wants to comment, that's of course also welcome ;-)
@Tomáš: {,you'll} have a lot of fun while fixing what I found ;-)
Regards,
Christian Boltz
PS: non-random sig ;-)
--
Yes, I know how much devs hate writing documentation... I was a dev.
[C
Hello,
Am Donnerstag, 23. Januar 2014 schrieb John Johansen:
> On 01/19/2014 08:58 AM, Christian Boltz wrote:
> > this patch introduces tunables/dovecot (with @{DOVECOT_MAILSTORE})
> > and replaces the mail storage location in various dovecot-related
> > profiles with this
11 mails all changing the same file ;-)
BTW: will the updated mod_apparmor also need 2.8 r2111? ("libapparmor:
fix aa_change_hat token format string")
That all said - how many lines are _not_ touched by your patch series?
;-)
Regards,
Christian Boltz
[1] no need to write "
isn't a real option.)
Regards,
Christian Boltz
--
So... Hm... ich bin etwas aufgeschmissen.
How to troubleshoot without trouble?
[Ratti in fontlinge-devel]
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
Hello,
Am Donnerstag, 23. Januar 2014 schrieb John Johansen:
> On 01/23/2014 06:37 AM, Christian Boltz wrote:
> > Am Donnerstag, 23. Januar 2014 schrieb John Johansen:
> >> On 01/19/2014 08:58 AM, Christian Boltz wrote:
> >>> this patch introduces tunables/dov
bility block_suspend,
@@ -24,7 +25,6 @@
@{DOVECOT_MAILSTORE}/ rw,
@{DOVECOT_MAILSTORE}/** rwkl,
- /etc/resolv.conf r,
/proc/*/mounts r,
/tmp/dovecot.lmtp.* rw,
/usr/lib/dovecot/lmtp mr,
/etc/my.cnf.d/ r,
+ /etc/my.cnf.d/*.cnf r,
+
/etc/dovecot/dovecot-database.conf.ext r,
/etc/dovecot/dovecot-sql.conf.ext r,
/usr/lib/dovecot/auth mr,
Regards,
Christian Boltz
--
chliEßlichle sendi emeiSt Enleut ehier mehralsdreIpo Stingsa Mtag sOd
Asesdoch et. Waserm üdentwärdenkahnim
50,6 +54,8 @@
/usr/sbin/dovecot mrix,
/var/lib/dovecot/ w,
/var/lib/dovecot/* rwkl,
+ /var/spool/postfix/private/auth w,
+ /var/spool/postfix/private/dovecot-lmtp w,
/{,var/}run/dovecot/ rw,
/{,var/}run/dovecot/** rw,
link /{,var/}run/dovecot/** -> /var/lib/dovecot/**,
Regard
your chance to write an evil review about a patch from
me - don't waste it ;-) (In the unlikely case that you like my patch,
you can of course commit it ;-)
Regards,
Christian Boltz
--
Werbung lügt, Corporate Design sagt die Wahrheit. Naja,
alle _guten_ Komponenten der Wahrheit. :-)
ind = icn
/usr/bin/killall = icn
/usr/bin/nice = icn
Regards,
Christian Boltz
--
"Oh my god, nobody has improved the shape of the wheel since 100 years.
Let's abandon all wheels immediately, they cannot possibly work
anymore!!!" [Stefan Seyfried in opensuse-factory]
-
Hello,
the attached patch makes sure the new logprof offers all x options that
make sense, not only ix.
Regards,
Christian Boltz
--
> > That's the part where we create a flame war and then try to
> > collect some useful ideas afterwards. ;-)
> Let's collec
'chroot_attach',
'chroot_no_attach',
Regards,
Christian Boltz
--
> Du testest hflacs ;-) Mit existieren Dateien testen (erwartetes
> Ergebnis: "geht") ist langweilig.
Ich teste goldrichtig. Dazu hat der liebe Gott nämlich die User
ersc
, reloading or removing profiles via
systemd?
@all:
Can someone have a look at those patches, please? (Even if it's clear
that there will be a v2 ;-)
Regards,
Christian Boltz
--
> Manfred, Du solltest so spaet keine Emails mehr schreiben :-)
Danke für die Berichtigung, werd mir den Tipp hi
e too surprising ;-)
Regards,
Christian Boltz
--
Well, I guess, Stephan knows very well, what the fuzz is about: it's
about hundreds of patches, which will have to be regenerated, done as
an employment-creation measure for this lazy gang of packagers.
[Hans-Peter Jansen in opensuse
Hello,
Am Sonntag, 2. Februar 2014 schrieb Michael Scherer:
> Le samedi 01 février 2014 à 18:18 +0100, Christian Boltz a écrit :
> > BTW: It looks like your patch requires the profiles to be loaded
> > already. Do you have any plans for loading, reloading or removing
> >
Hello,
Am Sonntag, 2. Februar 2014 schrieb John Johansen:
> On 01/26/2014 03:07 PM, Christian Boltz wrote:
> > after testing the dovecot profiles on a new server, I noticed
> > /usr/lib/dovecot/dict and /usrlib/dovecot/lmtp need more
> > nameservice-
> > related permis
gt;name, 0, mode, 0,
dfaflags))
> - return FALSE;
> - }
> - }
> return TRUE;
> }
This part doesn't look related to short options ;-)
Regards,
Christian Boltz
--
> Henne, did you actually test this before closing the bug as
e:
-initial_comment = ' '.join(line) + '\n'
+ initial_comment = initial_comment + line + '\n'
else:
raise AppArmorException(_('Syntax Error: Unknown line found in
file: %s line: %s') % (file,
h an invalid parameter (that's
what a missing "=..." is), there should _at least_ be a warning.
I'd even vote to abort with an error message - that's better than
running with unexpected / not-overwritten env variables)
And as Steve already noticed, the print looks superf
Hello,
Tomáš, I noticed you updated the documentation, but nevertheless I found
several things that still need to be fixed - and also some new texts
that come with new errors ;-)
The attached file contains an updated version of my comments as diff
against r12028.
Regards,
Christian Boltz
;-)
Can you move it to a more visible place, please? (like the end of the
main profile, above the child profiles)
> +profile chromium_browser_sandbox {
[...]
> +# *Sigh*
> +capability sys_ptrace,
Nice comment, but not too useful for the average user...
Regards,
Christian Boltz
You are welcome ;-)
BTW: Did I mention that the work I do for the SLE manual is licensed
under the wineware licence? [1]
If we ever meet at a conference [2], I'll bill you ;-))
Regards,
Christian Boltz
[1] similar to the beerware license, but s/beer/wine/ because I don't
like
r/{lib,run}/samba/winbindd_privileged/pipe rw,
/etc/samba/smb.conf r,
+ /etc/samba/dhcp.confr,
/usr/lib*/samba/valid.dat r,
/usr/lib*/samba/upcase.dat r,
/usr/lib*/samba/lowcase.dat r,
+ /usr/share/samba/codepages/{lowcase,upcase,valid}.dat r,
Regards,
Chris
; adjustments # to the various XDG directories
> #include
>
> 3. Add profiles/apparmor.d/tunables/xdg-user-dirs.d/site.local with
> commented out examples on how to use the directory.
Acked-By: Christian Boltz
Regards,
Christian Boltz
--
>Weil es sehr weit verbreitet ist, ei
Hello,
Am Freitag, 14. Februar 2014 schrieb Jamie Strandboge:
> Update abstractions to use new XDG_*_DIR values.
in abstractions/user-download, why don't you use @{XDG_DOWNLOAD_DIR} ?
(maybe additional to the existing entries to avoid regressions)
With that added,
Acked-By: Christi
Hello,
the attached files contain my review notes for the merging branch
lp:~sbeattie/apparmor/apparmor-new-pyutils-branch/
but they only contain some comments.
I didn't find something terribly wrong, so I'd say:
For merging this branch (r2392 to be exact):
Acked-by: Christian Boltz
r
details.
#include
Regards,
Christian Boltz
--
|#|Die drei wichtigsten Tugenden eines Programmierers:
|#| Faulheit, Ungeduld und Selbstüberschätzung
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailma
and wait for someone to send an ACK before you commit it).
Speaking about commit access - it would be a good idea to give you
commit access to the apparmor repo ;-)
@Steve or John: can you do that, please?
Regards,
Christian Boltz
[1] some of Steve's changes were quite big, like several white
Hello,
Am Freitag, 14. Februar 2014 schrieb Steve Beattie:
> On Sat, Feb 15, 2014 at 12:36:03AM +0100, Christian Boltz wrote:
> > I also noticed my patches
> > - new profile tools: preserve full initial comment
> > - new profile tools - handling of "(F)inish"
&g
Hello,
Am Freitag, 21. Februar 2014 schrieb Steve Beattie:
> My apologies for the delay in reviewing this.
no problem - we'll see if you are faster with the follow-up patch ;-)
> On Wed, Feb 05, 2014 at 11:58:24PM +0100, Christian Boltz wrote:
...
> Acked-by: Steve Beattie , thou
Hello,
[patch v2, see below]
Am Montag, 27. Januar 2014 schrieb Christian Boltz:
> currently, selecting (F)inish in the new profile tools basically means
> aborting without saving anything. However, we already have Abo(r)t
> for that ;-)
>
> (F)inish should ask the user if he wa
and tell use about it
import tempfile
templog = tempfile.NamedTemporaryFile('w', prefix='apparmor',
suffix='.log', delete=False)
Regards,
Christian Boltz
--
*pieps* Die Verkehrshinweise: Im Netzwerkkabel von Marc 100 MB Stau
wegen e
umentation exists is in src/aalogparse.h. Please file bugs
using http://bugzilla.novell.com under the AppArmor product.
+What little documentation exists is in src/aalogparse.h.
+
+Please file bugs using https://bugs.launchpad.net/apparmor/+filebug
Regards,
Christian Boltz
--
By the way, it
) -
>#cmd_info = apparmor.cmd(['cat', filename, '|',
> apparmor.parser, '-I%s'%apparmor.profile_dir, '-R 2>&1',
> '1>/dev/null']) + cmd_info = cmd([apparmor.parser,
> '-I%s' % apparmor.profile_dir,
create_symlink('force-complain', filename)
+# a force-complain symlink is more packaging-friendly, but breaks caching
+# create_symlink('force-complain', filename)
change_profile_flags(filename, program, 'complain', True)
def set_enforce(filena
This patch was commited to 2.8 branch and trunk, and later changed to
use grep instead of ~~~.
AppArmor 2.8.3 contains the fix.
** Changed in: apparmor
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of AppArmor
Developers, which is a
Hello,
Am Montag, 24. Februar 2014 schrieb Steve Beattie:
> On Tue, Feb 25, 2014 at 12:20:33AM +0100, Christian Boltz wrote:
> > Change aa-complain / set_complain() to (only) add the complain flag.
> > We don't need to additionally create a force-complain symlink.
>
&g
is accessed that is exernal to the chroot but within the namespace).
Regards,
Christian Boltz
--
> Anyway, what does our mission statement say?
"Have a lot of fun..."
[> Per Jessen and Kreg KH in opensuse-factory]
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
Hello,
I just found out nobody pointed me to art_apparmor_quick.xml in the SLE
doc. I just accidently ;-) found it - and as always when I first touch
something, it breaks into its parts ;-)
For details, see the attached review patch (for SVN r12170)
Regards,
Christian Boltz
--
Eine Sig ist
= True
+filelist[file]['profiles'][pname] = True
write_profile_ui_feedback(pname)
def get_profile_flags(filename, program):
Regards,
Christian Boltz
--
Es ist halt nur nicht eine einzige zentrale Filterdatei. Vorteil ist,
dass die Anwender ihre eigenen Scripte verw
th) + '- %s' % src)
+
def cmd(command):
'''Try to execute the given command.'''
debug(command)
Regards,
Christian Boltz
[1] it helped me a lot to hunt down the aa-autodep issue :-)
--
> > > Ein Update auf eine EIN JAHR alte Version?
> >
Hello,
Am Donnerstag, 27. Februar 2014 schrieb Jamie Strandboge:
> On 02/26/2014 06:48 PM, Christian Boltz wrote:
> > this patch adds recursive_print() to common.py.
> >
> > It prints a data structure in an easily readable output and is quite
> > useful[1] for
p://www.chiark.greenend.org.uk/ucgi/~cjwatson/blosxom/2009-07-02-python-sigpipe.html
# This is needed so that the subprocesses that produce endless output
Regards,
Christian Boltz
--
Meeting, n.:
An assembly of people coming together to decide what person or
department not represented in
couple of values. The following patch fixes them.
Thanks!
Acked-by: Christian Boltz
> However, I still get errors from test-aa-decode.py and
> test-aa-easyprof.py.
Well, one thing after the other ;-)
The fix for test-aa-decode.py is trivial, I'll send a patch in a minute.
Regards,
Hello,
Am Donnerstag, 27. Februar 2014 schrieb Jamie Strandboge:
> This patch adds /var/www/html to abstractions/web-data, which is the
> path used for document root on Debian and its derivatives[1].
> Nominated for 2.8.
Acked-by: Christian Boltz
for trunk and 2.8
That said - woul
Hello,
Am Donnerstag, 27. Februar 2014 schrieb Christian Boltz:
> this patch fixes test-aa-decode.py - it failed all tests because the
> path to aa-decode was wrong.
>
>
> === modified file 'utils/test/test-aa-decode.py'
> --- utils/test/test-aa-decode.py
Hello,
Am Donnerstag, 27. Februar 2014 schrieb Jamie Strandboge:
> On 02/27/2014 02:04 PM, Christian Boltz wrote:
> > Am Donnerstag, 27. Februar 2014 schrieb Jamie Strandboge:
> >> On 02/26/2014 06:48 PM, Christian Boltz wrote:
> >>> this patch adds recursive_print()
Hello,
Am Donnerstag, 27. Februar 2014 schrieb Kshitij Gupta:
> On Feb 27, 2014 6:18 AM, "Christian Boltz" wrote:
> > this patch adds recursive_print() to common.py.
> >
> > It prints a data structure in an easily readable output and is quite
>
> Works wit
filename = apparmor.get_profile_filename(program)
> +print('profile %s: filename is %s' % (program, filename))
NAK for the "print" line ;-) - it looks like forgotten debugging code.
Otherwise the patch looks good.
With the "print" removed,
(relative DIR)
--
Traceback (most recent call last):
File "test-aa-easyprof.py", line 363, in test_templates_dir_relative
self.assertTrue(easyp.dirs['templates'] == rel, "Not using specified
--template-di
601 - 700 of 1664 matches
Mail list logo