(cherry picked from commit 15d8e21945ccc7ef7ca258a18e0ba5f7a3ffcb01)
3ee47af4 Fix typo in apparmor_parser manpage
ff45506...
by
John Johansen <email address hidden>
Merge fix subprofile name in profile serialization
Given the following profile:
profile foo {
profile bar {
profile baz {
}
}
}
The parser would correctly serialize the "foo" profile and the
"foo//bar" profile, but it would incorrectly name "bar//baz" when it
should be "foo//bar//baz". This would cause issues loading the profile
in certain kernels causing a "parent does not exist" error.
(cherry picked from commit 9bba464d931af09e6d8e6c29b206af4c877123fc)
96b1aa54 Allow reading /run/systemd/sessions/
dc614a0...
by
John Johansen <email address hidden>
Merge tests: fix regression tests to run on kernels that only have network_v8
upstream kernels only have network_v8 unfortunately the tcp tests were
only being run against kernels that had network (which is v7). Kernels
that support both (Ubuntu) would be tested against v8, so v8 has been
tested but pure upstream kernels were failing to be tested correctly.
This patch will only make sure one of the supported verserions are
tested. This is determined by the parser which prefers v8. In the
future the tests need to be extended to run the tests against all
kernel supported versions.
Signed-off-by: John Johansen <email address hidden>
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1120
Approved-by: Christian Boltz <email address hidden>
Merged-by: John Johansen <email address hidden>
(cherry picked from commit dcc719c69c0473a4060c3314679b0ec8fc4c716d)
Signed-off-by: John Johansen <email address hidden>
c509d9e...
by
John Johansen <email address hidden>
Merge Allow reading /etc/authselect/nsswitch.conf
On systems with authselect installed, /etc/nsswitch.conf is a symlink to
/etc/authselect/nsswitch.conf.
Out of the box the KDE plasma-browser-integration package does not work
after a user installed the corresponding Firefox extension: The browser
can't start the native host binary. The same is probably true for
Chromium.
Merge [3.0] Fix aa-cleanprof to work with named profiles
This needed replacement of "program" with "profile" at various places in
tools.py (of course this description is over-simplified).
The changes in get_next_to_profile() (which is used by several aa-*
minitools) are restricted to cleanprof to avoid side effects in the
other aa-* minitools.
However, the other aa-* minitools possibly also suffer from problems
with named profiles, but checking and fixing that is left for another
commit ;-)
The fix needs an additional function in ProfileList (`profile_from_attachment()`) to get the profile name for a given attachment.
Since this is not very different from filename_from_attachment(), move
most of the code into a thing_from_attachment() function, and make
{profile,filename}_from_attachment wrappers for it.
Also adjust the tests to the changed internal data structure, and add
tests for profile_from_attachment().
This needed replacement of "program" with "profile" at various places in
tools.py (of course this description is over-simplified).
The changes in get_next_to_profile() (which is used by several aa-*
minitools) are restricted to cleanprof to avoid side effects in the
other aa-* minitools.
However, the other aa-* minitools possibly also suffer from problems
with named profiles, but checking and fixing that is left for another
commit ;-)
