[apparmor] [Merge] lp:~talkless/apparmor/fix_user_download_nonlatin into lp:apparmor
The proposal to merge lp:~talkless/apparmor/fix_user_download_nonlatin into lp:apparmor has been updated. Status: Needs review => Merged For more details, see: https://code.launchpad.net/~talkless/apparmor/fix_user_download_nonlatin/+merge/326259 -- Your team AppArmor Developers is requested to review the proposed merge of lp:~talkless/apparmor/fix_user_download_nonlatin into lp:apparmor. -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] [Merge] lp:~talkless/apparmor/fix_user_download_nonlatin into lp:apparmor
Review: Approve Looks good to me, thanks! I would merge this. -- https://code.launchpad.net/~talkless/apparmor/fix_user_download_nonlatin/+merge/326259 Your team AppArmor Developers is requested to review the proposed merge of lp:~talkless/apparmor/fix_user_download_nonlatin into lp:apparmor. -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
[apparmor] [Merge] lp:~talkless/apparmor/fix_user_download_nonlatin into lp:apparmor
The proposal to merge lp:~talkless/apparmor/fix_user_download_nonlatin into
lp:apparmor has been updated.
Description changed to:
abstractions/user-download and abstractions/user-write profiles allows to
download into home directory, while protecting dot files:
owner @{HOME}/[a-zA-Z0-9]* rwl,
Though it fails for files with non-latin symbols, tested with /usr/bin/tee
copied to /usr/local/bin/testtee with minimal profile using user-download
abstraction:
echo "foo" | testtee ~/ąčęėįšųūž
testtee: /home/vincas/ąčęėįšųūž: Permission denied
When file rule is changed into:
owner @{HOME}/[^.]* rwl,
It works as expected:
$ echo "foo" | testtee ~/ąčęėįšųūž
foo
$ echo "foo" | testtee ~/.bashrc
testtee: /home/vincas/.bashrc: Permission denied
For more details, see:
https://code.launchpad.net/~talkless/apparmor/fix_user_download_nonlatin/+merge/326259
--
Your team AppArmor Developers is requested to review the proposed merge of
lp:~talkless/apparmor/fix_user_download_nonlatin into lp:apparmor.
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] [Merge] lp:~talkless/apparmor/fix_user_download_nonlatin into lp:apparmor
Vincas Dargis: > Yes in fact I just recently noticed same problem in user-write. :) > Do I have to uncommit and force push these two changes (for user-download and > user-write) in single commit? Or can I just add one more commit? No, just add another commit :) -- https://code.launchpad.net/~talkless/apparmor/fix_user_download_nonlatin/+merge/326259 Your team AppArmor Developers is requested to review the proposed merge of lp:~talkless/apparmor/fix_user_download_nonlatin into lp:apparmor. -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] [Merge] lp:~talkless/apparmor/fix_user_download_nonlatin into lp:apparmor
Yes in fact I just recently noticed same problem in user-write. Do I have to uncommit and force push these two changes (for user-download and user-write) in single commit? Or can I just add one more commit? -- https://code.launchpad.net/~talkless/apparmor/fix_user_download_nonlatin/+merge/326259 Your team AppArmor Developers is requested to review the proposed merge of lp:~talkless/apparmor/fix_user_download_nonlatin into lp:apparmor. -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] [Merge] lp:~talkless/apparmor/fix_user_download_nonlatin into lp:apparmor
Review: Approve Looks good to me! We've done similar changes elsewhere already so the proposed solution seems field-tested to me. What do others think? By the way, it looks like abstractions/user-write has the same problem, so perhaps you could fix it as well in your branch, for the sake of consistency? Now, if I had commit rights I would merge your branch as-is anyway, as it seems to be an obvious incremental changes not worth blocking on further possible improvements. -- https://code.launchpad.net/~talkless/apparmor/fix_user_download_nonlatin/+merge/326259 Your team AppArmor Developers is requested to review the proposed merge of lp:~talkless/apparmor/fix_user_download_nonlatin into lp:apparmor. -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
[apparmor] [Merge] lp:~talkless/apparmor/fix_user_download_nonlatin into lp:apparmor
Vincas Dargis has proposed merging
lp:~talkless/apparmor/fix_user_download_nonlatin into lp:apparmor.
Requested reviews:
AppArmor Developers (apparmor-dev)
For more details, see:
https://code.launchpad.net/~talkless/apparmor/fix_user_download_nonlatin/+merge/326259
I have noticed that abstractions/user-download profile allows to download into
home directory, while protecting dot files:
owner @{HOME}/[a-zA-Z0-9]* rwl,
Though it fails for files with non-latin symbols, tested with /usr/bin/tee
copied to /usr/local/bin/testtee with minimal profile using user-download
abstraction:
echo "foo" | testtee ~/ąčęėįšųūž
testtee: /home/vincas/ąčęėįšųūž: Permission denied
When file rule is changed into:
owner @{HOME}/[^.]* rwl,
It works as expected:
$ echo "foo" | testtee ~/ąčęėįšųūž
foo
$ echo "foo" | testtee ~/.bashrc
testtee: /home/vincas/.bashrc: Permission denied
--
Your team AppArmor Developers is requested to review the proposed merge of
lp:~talkless/apparmor/fix_user_download_nonlatin into lp:apparmor.
=== modified file 'profiles/apparmor.d/abstractions/user-download'
--- profiles/apparmor.d/abstractions/user-download 2014-02-14 22:28:16 +
+++ profiles/apparmor.d/abstractions/user-download 2017-06-24 15:15:40 +
@@ -15,7 +15,7 @@
owner @{HOME}/tmp/** rwl,
owner @{HOME}/[dD]ownload{,s}/ r,
owner @{HOME}/[dD]ownload{,s}/** rwl,
- owner @{HOME}/[a-zA-Z0-9]* rwl,
+ owner @{HOME}/[^.]* rwl,
owner @{HOME}/@{XDG_DESKTOP_DIR}/ r,
owner @{HOME}/@{XDG_DESKTOP_DIR}/* rwl,
owner @{HOME}/@{XDG_DOWNLOAD_DIR}/ r,
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
