[systemd-devel] Apparmor profile switching support, v2
This patch implement a option AppArmorProfile to load a specific profile for a service, following the previous SELinux patch for SELinuxProfile configuration. It also follow the same convention of being non-fatal if prefixed by -. I tested it on Opensuse only for now, and the profile still need to be loaded another way. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Apparmor profile switching support
On Fri, Jan 03, 2014 at 05:58:46PM +0100, Michael Scherer wrote: Le vendredi 03 janvier 2014 à 17:22 +0100, m...@zarb.org a écrit : As discussed on the SELinux thread, this patch attempt to offer the same level of configuration for Apparmor distributions by permitting to the sysadmin to set the profile used by a unit. I didn't tested it but would like to get early feedback on it from openSUSE and Ubuntu users, as they are the 2 main set of users of AppArmor. Main inspiration come from the upstart support, on https://code.launchpad.net/~mdeslaur/upstart/apparmor-support However, we are currently lacking the capacity of using directly a on disk profile, and I am not sure on the best way to support that. I have also been told on irc that Michael Stapelberg wrote the same kind of patch ( if not the same, given there isn't much possible variation ), cf https://lists.debian.org/debian-security/2014/01/msg8.html Your patch looks fine. I sent a comment on the patch 1/2 in the other mail. Even though it's very simple it would be great if you could test it after proposed changes. If nobody objects, I'd merge this in a few days. Zbyszek ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] Apparmor profile switching support
As discussed on the SELinux thread, this patch attempt to offer the same level of configuration for Apparmor distributions by permitting to the sysadmin to set the profile used by a unit. I didn't tested it but would like to get early feedback on it from openSUSE and Ubuntu users, as they are the 2 main set of users of AppArmor. Main inspiration come from the upstart support, on https://code.launchpad.net/~mdeslaur/upstart/apparmor-support However, we are currently lacking the capacity of using directly a on disk profile, and I am not sure on the best way to support that. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Apparmor profile switching support
Le vendredi 03 janvier 2014 à 17:22 +0100, m...@zarb.org a écrit : As discussed on the SELinux thread, this patch attempt to offer the same level of configuration for Apparmor distributions by permitting to the sysadmin to set the profile used by a unit. I didn't tested it but would like to get early feedback on it from openSUSE and Ubuntu users, as they are the 2 main set of users of AppArmor. Main inspiration come from the upstart support, on https://code.launchpad.net/~mdeslaur/upstart/apparmor-support However, we are currently lacking the capacity of using directly a on disk profile, and I am not sure on the best way to support that. I have also been told on irc that Michael Stapelberg wrote the same kind of patch ( if not the same, given there isn't much possible variation ), cf https://lists.debian.org/debian-security/2014/01/msg8.html -- Michael Scherer ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
